OpenSearch domains should encrypt data sent between nodes

Docs > Datadog Security > OOTB Rules > OpenSearch domains should encrypt data sent between nodes

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This check determines if node-to-node encryption is activated for OpenSearch domains. Using HTTPS (TLS) can help prevent potential attackers from intercepting or altering network traffic through man-in-the-middle or similar attacks. Only secure connections via HTTPS (TLS) should be permitted. Activating node-to-node encryption for OpenSearch domains ensures that intra-cluster communications are securely encrypted while in transit.

Enabling this feature may come with a performance impact. It’s critical to understand and evaluate the performance implications before enabling this option.

Remediation

To activate node-to-node encryption for an OpenSearch domain, refer to Enabling node-to-node encryption in the Amazon OpenSearch Service Developer Guide.