Skip to content

[Cloud Security] Add privileges required for AWS SecurityHub related to CDR misconfiguration features#112574

Merged
kcreddy merged 2 commits intoelastic:mainfrom
kcreddy:csp-aws-securityhub-transform
Sep 10, 2024
Merged

[Cloud Security] Add privileges required for AWS SecurityHub related to CDR misconfiguration features#112574
kcreddy merged 2 commits intoelastic:mainfrom
kcreddy:csp-aws-securityhub-transform

Conversation

@kcreddy
Copy link
Copy Markdown
Contributor

@kcreddy kcreddy commented Sep 6, 2024
edited
Loading

Summary

This PR updates kibana_system privileges to include the ones required for the Security Solution CDR Misconfigurtion latest transform to work on AWS SecurityHub integration:

  • to read from source AWS SecurityHub Findings data stream as one of the data streams providing data for Cloud Detection & Response (CDR) features in Kibana.

The destination and alias index privileges already added in #112456.

@elasticsearchmachine elasticsearchmachine added v8.16.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Sep 6, 2024
@kcreddy kcreddy added :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team Team:Cloud Security Meta label for Cloud Security team >non-issue labels Sep 6, 2024
@kcreddy kcreddy self-assigned this Sep 6, 2024
@kcreddy kcreddy marked this pull request as ready for review September 6, 2024 10:05
@kcreddy kcreddy requested a review from a team as a code owner September 6, 2024 10:05
@kcreddy kcreddy requested review from maxcold and removed request for a team September 6, 2024 10:05
@elasticsearchmachine
Copy link
Copy Markdown
Collaborator

elasticsearchmachine commented Sep 6, 2024

Pinging @elastic/es-security (Team:Security)

@kcreddy kcreddy requested a review from a team September 6, 2024 10:05
jeramysoucy
jeramysoucy approved these changes Sep 9, 2024
View reviewed changes
Copy link
Copy Markdown

@jeramysoucy jeramysoucy left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the context and need, allowing read/view access is reasonable. Can we make sure these system-accessible indices get documented appropriately (see #112192 (comment))?

@kcreddy
Copy link
Copy Markdown
Contributor Author

kcreddy commented Sep 10, 2024

Can we make sure these system-accessible indices get documented appropriately (see #112192 (comment))?

Sure. I will work with Cloud Security team to get that sorted as they are already working on documentation changes as per the comment.

@kcreddy kcreddy merged commit d6daef0 into elastic:main Sep 10, 2024
@kcreddy kcreddy mentioned this pull request Sep 9, 2024
Closed
5 tasks
@kcreddy kcreddy mentioned this pull request Oct 29, 2024
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maxcold maxcold maxcold approved these changes

@jeramysoucy jeramysoucy jeramysoucy approved these changes

Assignees

@kcreddy kcreddy

Labels

external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Cloud Security Meta label for Cloud Security team Team:Security Meta label for security team v8.16.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kcreddy @elasticsearchmachine @maxcold @jeramysoucy