github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Security Solution] Give entity store permissions to built-in and cloud roles (#197383)

Browse source 
## Summary

Give entity store permissions to built-in and cloud roles.
The entity store should be available where the RiskEngine is.

ES controller PR
https://github.com/elastic/elasticsearch-controller/pull/753
This commit is contained in:
Pablo Machado 2024-10-24 13:25:29 +02:00 committed by GitHub
parent 0a825ef784
commit a194211fff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 44 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

12
packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
View file

@ -35,6 +35,7 @@ viewer:
- '.fleet-actions*'
- 'risk-score.risk-score-*'
- '.asset-criticality.asset-criticality-*'
- '.entities.v1.latest.security_*'
- '.ml-anomalies-*'
privileges:
- read
@ -99,6 +100,7 @@ editor:
- 'maintenance'
- names:
- '.asset-criticality.asset-criticality-*'
- '.entities.v1.latest.security_*'
privileges:
- 'read'
- 'write'
@ -162,6 +164,7 @@ t1_analyst:
- '.fleet-actions*'
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -211,6 +214,7 @@ t2_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -274,6 +278,7 @@ t3_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -346,6 +351,7 @@ threat_intelligence_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -406,6 +412,7 @@ rule_author:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -472,6 +479,7 @@ soc_manager:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -543,6 +551,7 @@ detections_admin:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -590,6 +599,7 @@ platform_engineer:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -648,6 +658,7 @@ endpoint_operations_analyst:
- .lists*
- .items*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
@ -717,6 +728,7 @@ endpoint_policy_manager:
- winlogbeat-*
- logstash-*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
privileges:
- read
- names:

7
packages/kbn-es/src/serverless_resources/security_roles.json
View file

@ -120,7 +120,12 @@
"privileges": ["read", "write"]
},
{
"names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"],
"names": [
"metrics-endpoint.metadata_current_*",
".fleet-agents*", ".fleet-actions*",
"risk-score.risk-score-*",
".entities.v1.latest.security_*"
],
"privileges": ["read"]
}
],

13
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
View file

@ -53,6 +53,7 @@ viewer:
- ".fleet-actions*"
- "risk-score.risk-score-*"
- ".asset-criticality.asset-criticality-*"
- ".entities.v1.latest.security_*"
- ".ml-anomalies-*"
privileges:
- read
@ -117,6 +118,7 @@ editor:
- "maintenance"
- names:
- ".asset-criticality.asset-criticality-*"
- .entities.v1.latest.security_*
privileges:
- "read"
- "write"
@ -181,6 +183,7 @@ t1_analyst:
- ".fleet-actions*"
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -231,6 +234,7 @@ t2_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -295,6 +299,7 @@ t3_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -363,6 +368,7 @@ threat_intelligence_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -424,6 +430,7 @@ rule_author:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -468,6 +475,7 @@ soc_manager:
- packetbeat-*
- winlogbeat-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -491,6 +499,7 @@ soc_manager:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- ".ml-anomalies-*"
privileges:
- read
@ -563,6 +572,7 @@ detections_admin:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -611,6 +621,7 @@ platform_engineer:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -670,6 +681,7 @@ endpoint_operations_analyst:
- .lists*
- .items*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -740,6 +752,7 @@ endpoint_policy_manager:
- packetbeat-*
- winlogbeat-*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read

13
x-pack/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
View file

@ -34,6 +34,7 @@ viewer:
- ".fleet-actions*"
- "risk-score.risk-score-*"
- ".asset-criticality.asset-criticality-*"
- ".entities.v1.latest.security_*"
- ".ml-anomalies-*"
privileges:
- read
@ -98,6 +99,7 @@ editor:
- "maintenance"
- names:
- ".asset-criticality.asset-criticality-*"
- ".entities.v1.latest.security_*"
privileges:
- "read"
- "write"
@ -162,6 +164,7 @@ t1_analyst:
- ".fleet-actions*"
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -212,6 +215,7 @@ t2_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -276,6 +280,7 @@ t3_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -344,6 +349,7 @@ threat_intelligence_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -405,6 +411,7 @@ rule_author:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -449,6 +456,7 @@ soc_manager:
- packetbeat-*
- winlogbeat-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -472,6 +480,7 @@ soc_manager:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- ".ml-anomalies-*"
privileges:
- read
@ -544,6 +553,7 @@ detections_admin:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -592,6 +602,7 @@ platform_engineer:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
@ -651,6 +662,7 @@ endpoint_operations_analyst:
- .lists*
- .items*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
@ -721,6 +733,7 @@ endpoint_policy_manager:
- packetbeat-*
- winlogbeat-*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read