Skip to content

[Security Solution] Add read index privileges to kibana_system role for Microsoft Defender integration indexes #126803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 15, 2025
Merged

[Security Solution] Add read index privileges to kibana_system role for Microsoft Defender integration indexes #126803

merged 5 commits into from
Apr 15, 2025

Conversation

paul-tavares
Copy link
Contributor

Description

  • Adds read privilege to the kibana_system role for indexes associated with the Microsoft Defender Integrations
    • Changes are necessary in order to support Security Solution bi-directional response actions

@paul-tavares paul-tavares self-assigned this Apr 14, 2025
@paul-tavares paul-tavares requested a review from a team as a code owner April 14, 2025 21:17
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label external-contributor Pull request authored by a developer outside the Elasticsearch team labels Apr 14, 2025
@paul-tavares paul-tavares added the Team:Security Meta label for security team label Apr 14, 2025
@elasticsearchmachine elasticsearchmachine removed the Team:Security Meta label for security team label Apr 14, 2025
@kc13greiner kc13greiner self-requested a review April 15, 2025 02:21
kc13greiner
kc13greiner approved these changes Apr 15, 2025
View reviewed changes
Copy link
Contributor

@kc13greiner kc13greiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New data index read privileges LGTM!

Reasoning: Usually data indices are not allowed to be read by kibana_system, but logs-* are known, documented collision pattern and an exception is made for these patterns

@paul-tavares paul-tavares added >enhancement :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC labels Apr 15, 2025
@elasticsearchmachine elasticsearchmachine added Team:Security Meta label for security team and removed needs:triage Requires assignment of a team area label labels Apr 15, 2025
@elasticsearchmachine
Copy link
Collaborator

Hi @paul-tavares, I've created a changelog YAML for you.

@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

ashokaditya
ashokaditya approved these changes Apr 15, 2025
View reviewed changes
Copy link
Member

@ashokaditya ashokaditya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@paul-tavares paul-tavares merged commit ad0c215 into elastic:main Apr 15, 2025
22 checks passed
@paul-tavares paul-tavares deleted the task/olm-12369-add-ms-defender-index-privileges branch April 15, 2025 19:42
afoucret pushed a commit to afoucret/elasticsearch that referenced this pull request Apr 16, 2025
@paul-tavares @afoucret
[Security Solution] Add read index privileges to kibana_system ro…
f89b110 
…le for Microsoft Defender integration indexes (elastic#126803)

adds read privilege to the kibana_system role for indexes associated with the Microsoft Defender Integrations.
Changes are necessary in order to support Security Solution bi-directional response actions
@paul-tavares paul-tavares mentioned this pull request Apr 17, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashokaditya ashokaditya ashokaditya approved these changes

@kc13greiner kc13greiner kc13greiner approved these changes

Assignees

@paul-tavares paul-tavares

Labels
>enhancement external-contributor Pull request authored by a developer outside the Elasticsearch team :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@paul-tavares @elasticsearchmachine @ashokaditya @kc13greiner