[Cloud Security] add privileges required for CDR misconfiguration features to work#112456
Conversation
|
/ci |
|
Pinging @elastic/es-security (Team:Security) |
azasypkin
left a comment
There was a problem hiding this comment.
LGTM from the Kibana Security perspective. Can we make sure this pattern is also covered by the docs mentioned here: #112192 (comment)?
Thanks for the detailed justification in the issue description! This definitely makes the review easier and faster.
| RoleDescriptor.IndicesPrivileges.builder() | ||
| // manage privilege required by the index alias | ||
| .indices("security_solution-*.vulnerability_latest") | ||
| .indices("security_solution-*.vulnerability_latest", "security_solution-*.misconfiguration_latest") |
There was a problem hiding this comment.
so far our naming convention was plural
vulnerabilities, findings. Also alerts and logs.
Maybe worth to keep it this way as a convention
There was a problem hiding this comment.
The convention I see in other packages to have data sources named as singular, same for ti latest IoC transforms. So I'd leave the more common convention and maybe change our naming when we get to getting rid of logs-* prefix
…to CDR misconfiguration features (#112574) Update `kibana_system` privileges to include the ones required for the Security Solution CDR Misconfiguration latest transform to work on AWS SecurityHub integration: - to read from source AWS SecurityHub Findings data stream as one of the data streams providing data for Cloud Detection & Response (CDR) features in Kibana. The destination and alias index privileges already added in #112456.
Summary
This PR updates
kibana_systemprivileges to include the ones required for the Security Solution CDR Misconfigurtion latest transform to work:Related integration PR with the transform implementation