Skip to content

[Security][9.1] Security roles siemV3 migration for Global Artifact Management #219566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
gergoabraham merged 63 commits into from
Jun 23, 2025
Merged

[Security][9.1] Security roles siemV3 migration for Global Artifact Management #219566

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
63 commits
Select commit Hold shift + click to select a range
df14a42
switch from `siemV2` to `siemV3`
gergoabraham Apr 29, 2025
d3c523a
unify and migrate endpoint exceptions RBAC
gergoabraham Apr 29, 2025
c35e932
type fix + unit test
gergoabraham Apr 30, 2025
119b0b9
i18n fix
gergoabraham Apr 30, 2025
1135b7d
update configs
gergoabraham May 5, 2025
1d787b2
update roles coming from elasticsearch-controller
gergoabraham May 5, 2025
4a19f63
update tests to work with `siemV3`
gergoabraham May 5, 2025
b1f4b15
parameterize `siemV3` in most places to ease next role migration
gergoabraham May 8, 2025
d09be38
fix jest mock restrictions
gergoabraham May 8, 2025
a4758dd
fix cypress tests
gergoabraham May 9, 2025
b94861f
fix ftrs
gergoabraham May 9, 2025
fbd44e8
fix tests
gergoabraham May 9, 2025
426c418
small test fix
gergoabraham May 9, 2025
47693fd
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 2, 2025
6b7ae16
add role migration for Global Artifact Management privilege
gergoabraham Jun 3, 2025
b053fd6
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 4, 2025
6f1fcad
add lists and SO privileges to Endpoint Exceptions
gergoabraham Jun 4, 2025
f8635b7
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 5, 2025
573322b
fix: do not migrate to notes and timeline from siemV2
gergoabraham Jun 5, 2025
3fe4dca
indicate that `isServerless` is temporary
gergoabraham Jun 5, 2025
22a2cb7
indicate that `isServerless` is temporary VOL2
gergoabraham Jun 5, 2025
39593b4
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 5, 2025
f61fe51
update serverless api auth test
gergoabraham Jun 6, 2025
ad2b84c
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 6, 2025
a55a213
add Global Artifact Management privilege to predefined roles
gergoabraham Jun 6, 2025
8d0f9d1
update roles in endpoint scripts
gergoabraham Jun 6, 2025
a0b5813
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 11, 2025
c8ff196
unhide GlobalArtifactManagement privilege from feature flag
gergoabraham Jun 11, 2025
6b6c75a
migrate to GlobalArtifactManagement privilege from security:ALL
gergoabraham Jun 11, 2025
8c994ff
add Global Artifact Management migration to siemV1 as well
gergoabraham Jun 13, 2025
0cb4625
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 13, 2025
3ac7be8
revert all Endpoint Exception privilege related modifications
gergoabraham Jun 13, 2025
fbbcf8b
update auth tests: remove endpoint exceptions (and SO), add global ar…
gergoabraham Jun 16, 2025
efe83e8
fix defend cy tests
gergoabraham Jun 16, 2025
b85da1e
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 16, 2025
0f5b9a3
revert accidental formatting
gergoabraham Jun 16, 2025
970674a
parameterize siemV3
gergoabraham Jun 16, 2025
e40d923
add explanatory comments for role migration
gergoabraham Jun 17, 2025
4d5dec8
update search ai lake config: comment, earlier accidental change
gergoabraham Jun 17, 2025
1b37885
parameterize siemV3 in rbac cy tests
gergoabraham Jun 17, 2025
88d0605
add snapshot test for deprecated `siem` and `siemV2` features
gergoabraham Jun 17, 2025
4b4f49e
test deprecated `siem` versions in some cy tests
gergoabraham Jun 18, 2025
ea21521
fix: serverless siem:MINIMAL_ALL does not mean Endpoint Exceptions AL…
gergoabraham Jun 19, 2025
b8d90d0
new role migration FTR added for global artifact management
gergoabraham Jun 19, 2025
e06d67b
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 19, 2025
a26a1ca
type fix
gergoabraham Jun 19, 2025
44d141d
no caps in coming soon
gergoabraham Jun 19, 2025
a4dd40a
type fix: clean up test wrapper
gergoabraham Jun 19, 2025
860d72c
update snapshot test with changes from a409627765dfaf3d588c35a0d510b8…
gergoabraham Jun 19, 2025
90e4245
update snapshot test with fix, siem:MINIMAL_ALL does not migrate to g…
gergoabraham Jun 19, 2025
d57b5f2
update coming soon text in cy test
gergoabraham Jun 19, 2025
2ec6329
Revert "fix: serverless siem:MINIMAL_ALL does not mean Endpoint Excep…
gergoabraham Jun 19, 2025
bff5fc3
Revert "type fix"
gergoabraham Jun 19, 2025
de05a3b
implement `baseFeatureConfigModifier()` for ProductFeatures
gergoabraham Jun 19, 2025
1c31f56
make endpointArtifactManagement product feature offer specific with o…
gergoabraham Jun 19, 2025
309abb3
add role migration tests without Endpoint product line
gergoabraham Jun 20, 2025
93d8721
increase Defend Workflow cypress parallelism
gergoabraham Jun 20, 2025
a7f0bd8
Revert "increase Defend Workflow cypress parallelism"
gergoabraham Jun 20, 2025
1dadbf6
rbac cy test to smaller tests #1: move original test file to support …
gergoabraham Jun 20, 2025
b88c777
rbac cy test to smaller tests #1: create an own test file for each ar…
gergoabraham Jun 20, 2025
5132bc3
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 20, 2025
da18aac
Merge branch 'main' into security-roles-siem-v3-migration
gergoabraham Jun 23, 2025
cee449a
split up endpoint list RBAC cy test to smaller chunks
gergoabraham Jun 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .buildkite/ftr_security_stateful_configs.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ enabled:
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/policy/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/resolver/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/response_actions/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/search_ai_lake_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/role_migrations/trial_license_complete_tier/configs/serverless.config.ts
- x-pack/test/security_solution_api_integration/test_suites/edr_workflows/spaces/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_api_integration/test_suites/siem_migrations/rules/trial_license_complete_tier/configs/ess.config.ts
- x-pack/test/security_solution_endpoint/configs/endpoint.config.ts
Expand Down
18 changes: 17 additions & 1 deletion config/serverless.security.search_ai_lake.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,17 +23,33 @@ xpack.features.overrides:
securitySolutionNotes.hidden: true
siem.description: null
siemV2.description: null
siemV3.description: null
Comment on lines 24 to +26
Copy link
Copy Markdown
Contributor

@azasypkin azasypkin Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I believe description is only used in the role management UI to describe a feature. The UI shows only the latest feature version, so you could clean up this config a bit by removing entries for deprecated features and leaving only v3.

securitySolutionSiemMigrations.hidden: true

## Fine-tune the security solution essentials feature privileges. These feature privilege overrides are set individually for each project type. Also, refer to `serverless.yml` for the project-agnostic overrides.
siemV3:
privileges:
all.composedOf:
## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
## We do not need to compose siemV3 from maps and visualizations because these functionalities are disabled in this tier
Copy link
Copy Markdown
Contributor

@azasypkin azasypkin Jun 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: Looking at this config, I don't see maps or visualizations being disabled. Is this statement still accurate (inaccessibleApps seems to only hide client-side apps)? If the maps or visualization functionality are still used implicitly somehow, you'd need SIEM V3 to grant access to these features as well.

Copy link
Copy Markdown
Contributor Author

@gergoabraham gergoabraham Jun 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tomsonpl, @ashokaditya, could you jump in please?

Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl Jun 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@azasypkin your assumption is correct, we reverted the disable maps, visualizations etc in config's change.
Now the UI is hidden through inaccessibleApps

Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl Jun 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, additional part: the RBAC is also hidden, so the current logic seems fine @gergoabraham

Copy link
Copy Markdown
Contributor

@azasypkin azasypkin Jun 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Roger that, just to make sure I understand - we switched to inaccessibleApps just because disabling maps and viz plugins wasn't feasible technically or because some functionality in Search AI Lake still depends on maps and viz saved objects/API (even though the main apps should be inaccessible)? If the former then the current logic is correct, otherwise we'd need to return maps and viz privileges back to composedOf (it won't show maps/viz RBAC UI).

Copy link
Copy Markdown
Contributor

@tomsonpl tomsonpl Jun 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the end the team notices that we need to use some Lens services (embeddable) in AI SOC, which has dependency on visualizations. However, I don't think we depend on maps or vis saved objects/API.

- feature: "discover_v2"
privileges: [ "all" ]
## We need limited access to fleet (v1) in order to use integrations
- feature: "fleet"
privileges: [ "all" ]
read.composedOf:
- feature: "discover_v2"
privileges: [ "read" ]
- feature: "fleet"
privileges: [ "read" ]
siemV2:
privileges:
all.composedOf:
## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten
## We do not need to compose siemV2 from maps and visualizations because these functionalities are disabled in this tier
- feature: "discover_v2"
privileges: [ "all" ]
## We need limited read access to fleet (v1) in order to use integrations
## We need limited access to fleet (v1) in order to use integrations
- feature: "fleet"
privileges: [ "all" ]
read.composedOf:
Expand Down
27 changes: 27 additions & 0 deletions config/serverless.security.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,33 @@ xpack.features.overrides:
category: "security"
order: 1101
### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
siemV3:
privileges:
### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
### Visualize features.
all.composedOf:
- feature: "discover_v2"
privileges: [ "all" ]
- feature: "dashboard_v2"
privileges: [ "all" ]
- feature: "visualize_v2"
privileges: [ "all" ]
- feature: "maps_v2"
privileges: [ "all" ]
# Security's `Read` feature privilege should implicitly grant `Read` access to Discover, Dashboard, Maps, and
# Visualize features. Additionally, it should implicitly grant privilege to create short URLs in Discover,
### Dashboard, and Visualize apps.
read.composedOf:
- feature: "discover_v2"
privileges: [ "read" ]
- feature: "dashboard_v2"
privileges: [ "read" ]
- feature: "visualize_v2"
privileges: [ "read" ]
- feature: "maps_v2"
privileges: [ "read" ]

### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps.
siemV2:
privileges:
### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and
Expand Down
221 changes: 115 additions & 106 deletions ...platform/packages/shared/kbn-es/src/serverless_resources/project_roles/security/roles.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@ viewer:
- application: 'kibana-.kibana'
Comment thread
gergoabraham marked this conversation as resolved.
privileges:
- feature_ml.read
- feature_siemV2.read
- feature_siemV2.read_alerts
- feature_siemV2.endpoint_list_read
- feature_siemV3.read
- feature_siemV3.read_alerts
- feature_siemV3.endpoint_list_read
- feature_securitySolutionCasesV2.read
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -121,19 +121,20 @@ editor:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_all
- feature_siemV2.blocklist_all
- feature_siemV2.policy_management_read # Elastic Defend Policy Management
- feature_siemV2.host_isolation_all
- feature_siemV2.process_operations_all
- feature_siemV2.actions_log_management_all # Response actions history
- feature_siemV2.file_operations_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_all
- feature_siemV3.blocklist_all
- feature_siemV3.policy_management_read # Elastic Defend Policy Management
- feature_siemV3.host_isolation_all
- feature_siemV3.process_operations_all
- feature_siemV3.actions_log_management_all # Response actions history
- feature_siemV3.file_operations_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -187,9 +188,9 @@ t1_analyst:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.read
- feature_siemV2.read_alerts
- feature_siemV2.endpoint_list_read
- feature_siemV3.read
- feature_siemV3.read_alerts
- feature_siemV3.endpoint_list_read
- feature_securitySolutionCasesV2.read
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -246,9 +247,9 @@ t2_analyst:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.read
- feature_siemV2.read_alerts
- feature_siemV2.endpoint_list_read
- feature_siemV3.read
- feature_siemV3.read_alerts
- feature_siemV3.endpoint_list_read
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -310,21 +311,22 @@ t3_analyst:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_all
- feature_siemV2.blocklist_all
- feature_siemV2.policy_management_read # Elastic Defend Policy Management
- feature_siemV2.host_isolation_all
- feature_siemV2.process_operations_all
- feature_siemV2.actions_log_management_all # Response actions history
- feature_siemV2.file_operations_all
- feature_siemV2.scan_operations_all
- feature_siemV2.workflow_insights_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_all
- feature_siemV3.blocklist_all
- feature_siemV3.policy_management_read # Elastic Defend Policy Management
- feature_siemV3.host_isolation_all
- feature_siemV3.process_operations_all
- feature_siemV3.actions_log_management_all # Response actions history
- feature_siemV3.file_operations_all
- feature_siemV3.scan_operations_all
- feature_siemV3.workflow_insights_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -389,9 +391,10 @@ threat_intelligence_analyst:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.all
- feature_siemV2.endpoint_list_read
- feature_siemV2.blocklist_all
- feature_siemV3.all
- feature_siemV3.endpoint_list_read
- feature_siemV3.global_artifact_management_all
- feature_siemV3.blocklist_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -456,17 +459,18 @@ rule_author:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV2.policy_management_all
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_read
- feature_siemV2.blocklist_all # Elastic Defend Policy Management
- feature_siemV2.actions_log_management_read
- feature_siemV2.workflow_insights_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.policy_management_all
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_read
- feature_siemV3.blocklist_all # Elastic Defend Policy Management
- feature_siemV3.actions_log_management_read
- feature_siemV3.workflow_insights_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -531,22 +535,23 @@ soc_manager:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV2.policy_management_all
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_all
- feature_siemV2.blocklist_all
- feature_siemV2.host_isolation_all
- feature_siemV2.process_operations_all
- feature_siemV2.actions_log_management_all
- feature_siemV2.file_operations_all
- feature_siemV2.execute_operations_all
- feature_siemV2.scan_operations_all
- feature_siemV2.workflow_insights_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.policy_management_all
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_all
- feature_siemV3.blocklist_all
- feature_siemV3.host_isolation_all
- feature_siemV3.process_operations_all
- feature_siemV3.actions_log_management_all
- feature_siemV3.file_operations_all
- feature_siemV3.execute_operations_all
- feature_siemV3.scan_operations_all
- feature_siemV3.workflow_insights_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -611,9 +616,10 @@ detections_admin:
- application: 'kibana-.kibana'
privileges:
- feature_ml.all
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.global_artifact_management_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -669,17 +675,18 @@ platform_engineer:
- application: 'kibana-.kibana'
privileges:
- feature_ml.all
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV2.policy_management_all
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_all
- feature_siemV2.blocklist_all # Elastic Defend Policy Management
- feature_siemV2.actions_log_management_read
- feature_siemV2.workflow_insights_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.policy_management_all
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_all
- feature_siemV3.blocklist_all # Elastic Defend Policy Management
- feature_siemV3.actions_log_management_read
- feature_siemV3.workflow_insights_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -745,21 +752,22 @@ endpoint_operations_analyst:
- application: 'kibana-.kibana'
privileges:
- feature_ml.read
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.policy_management_all
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_all
- feature_siemV2.blocklist_all
- feature_siemV2.host_isolation_all
- feature_siemV2.process_operations_all
- feature_siemV2.actions_log_management_all
- feature_siemV2.file_operations_all
- feature_siemV2.execute_operations_all
- feature_siemV2.scan_operations_all
- feature_siemV2.workflow_insights_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.policy_management_all
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_all
- feature_siemV3.blocklist_all
- feature_siemV3.host_isolation_all
- feature_siemV3.process_operations_all
- feature_siemV3.actions_log_management_all
- feature_siemV3.file_operations_all
- feature_siemV3.execute_operations_all
- feature_siemV3.scan_operations_all
- feature_siemV3.workflow_insights_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down Expand Up @@ -833,16 +841,17 @@ endpoint_policy_manager:
- application: 'kibana-.kibana'
privileges:
- feature_ml.all
- feature_siemV2.all
- feature_siemV2.read_alerts
- feature_siemV2.crud_alerts
- feature_siemV2.policy_management_all
- feature_siemV2.endpoint_list_all
- feature_siemV2.trusted_applications_all
- feature_siemV2.event_filters_all
- feature_siemV2.host_isolation_exceptions_all
- feature_siemV2.blocklist_all # Elastic Defend Policy Management
- feature_siemV2.workflow_insights_all
- feature_siemV3.all
- feature_siemV3.read_alerts
- feature_siemV3.crud_alerts
- feature_siemV3.policy_management_all
- feature_siemV3.endpoint_list_all
- feature_siemV3.global_artifact_management_all
- feature_siemV3.trusted_applications_all
- feature_siemV3.event_filters_all
- feature_siemV3.host_isolation_exceptions_all
- feature_siemV3.blocklist_all # Elastic Defend Policy Management
- feature_siemV3.workflow_insights_all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
Expand Down
Loading
Loading