Using Elasticsearch for Full Text Checklist Searching

3 min readFeb 8, 2025

We have added ELK Stack into the mix for not just logging. We are now using it to full text all checklist information for quick search and access. On our way to full text indexing your whole accreditation package. Do this using our internal ELK stack or your own Elastic Stack or Elastic Cloud.

Using Elastic to full text index and search your accreditation information.

Full text index all checklist metadata

First you can search all the metadata of checklists such as hostname, type, IP, FQDN, classification, comments, etc. quickly. And find commonalities.

As questions and find answers within seconds (or less!) like:

what checklists on machines do I have with “100.20.40.*”
what checklists/hosts do I have with invalid IP schemes
what checklists are classified
how many windows machines do I have

This may not seem like a big deal with 40 or less checklists. When you have 100’s or 1,000’s of hosts, it is a MASSIVE deal and MASSIVE time saver!

Quickly search all your checklist metadata within seconds

Full text index of vulnerability data

More powerfully, you can search on any other data within checklists. Not just the Vulnerability ID or hostname. This indexes the discussion, fix text, comments, details, status, severity override, tags, rule, check content, CCI and more.

You can find things out such as these, within seconds (or less!) and link right to them in your system package:

what checklists and vulnerabilities mention windows firewall exception
what checklists have the “DataCollection” windows registry mentioned
what specific vulnerability and settings deal with REL 8 ssh protocol and lockdown
use the key phrases and status to find all that are Open or Not Reviewed

There is so much power when you have everything around checklists full text indexed.

You can in essence “google” your checklist data and get those same fast results. That is innovation. That is OpenRMF Professional.

Quickly search all your checklist vulnerability data within seconds

How does it work?

When you enable the data source, you can click the “Sync” button to index all checklist data with your Elasticsearch for your system package(s).

From there it tracks updates, edits, deletes, upgrades, and additions of new checklists automatically. And keeps your full text searching up-to-date within a couple seconds of changes. As near real time as possible.

Can I bring my own Elastic Stack?

Yes!

Use the internal Elastic Stack already included with the local/VM/server installation of your OpenRMF Professional. Or point it at your own Elastic Stack servers or even Elastic Cloud! It all works the same.

Where do we go from here?

From here, we work this full text searching checklist data to the bulk edit vulnerability details, the checklist dashboard, as well as bulk lock and upgrade information. We also work it into “hey what changed when we upgraded our checklist from the last version?” answers.

Then we move on to patch information, software, hardware, PPSM, compliance statements and more! All data should be instantly searchable for you accreditation package. And then across ALL your accreditation packages. That is the near future we are bringing to you and your team.

It is 2025. It is time to come into this DECADE and get past the file-based checklist and PDF accreditations. And set us up to ask questions of our data and make it answer us back quickly.

See this in action

Check out our demo site.

Get a live interactive demo with our technical team.

Or download and evaluate for yourself with our software, documentation, and online video training site.

See for yourself how we can help you automate your cyber compliance!