My current setup has 1 search head (SH) and 1 indexer. I want to be notified if there is an additional SH connecting to my indexer along with user/IP details if possible.
I am sure there will be some events generated when a SH successfully connects to the indexer.
This way, if someone has admin access on the new SH, it will be able to access all the data — No??
If yes, which I think is the case, all the user based access is of no use.
Yes, you need credentials of indexers to be able to connect, but let's assume the user has the credentials and then are able to connect to the indexer.
... View more