Add .edr-workflow-insights perms for kibana_system
#116485
Conversation
elasticsearchmachine
added
v9.0.0
external-contributor
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
5 times, most recently
from
327cf7e to
ca0a1b4
Compare
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
from
ca0a1b4 to
424f09c
Compare
joeypoon
changed the title
.security-configuration-insights perms for kibana_system.security-workflow-insights perms for kibana_system
elasticsearchmachine
added
the
needs:triage
elasticsearchmachine
added
Team:Security
|
Pinging @elastic/es-security (Team:Security) |
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
from
424f09c to
28f304b
Compare
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
from
28f304b to
7d46541
Compare
| // Security Solution workflows insights. Kibana creates, manages, and uses these | ||
| // to provide users with insights on potential configuration improvements | ||
| RoleDescriptor.IndicesPrivileges.builder() | ||
| .indices(".security-workflow-insights-*") |
There was a problem hiding this comment.
| .indices(".security-workflow-insights-*") | |
| .indices(".kibana-security-workflow-insights-*") |
Elasticsearch has already defined many .security-* indices (e.g. .security-7, .security-profile, .security-token). Introducing .security-workflow-insights-* as part of the .security-* namespace might lead to unexpected behaviour, cause a confusion or even lead to an accidental exposure. We would like to keep .security-* prefix only for Elasticsearch internally managed indices.
Since this new system index is meant to be managed by Kibana only, how about naming it .kibana-security-workflow-insights-* instead?
There was a problem hiding this comment.
Good catch! However, .kibana* is reserved for Kibana’s own data store/Saved Objects indices (cc @rudolf). I believe we`d need to use a use-case/area/solution-specific prefix here instead.
There was a problem hiding this comment.
Thanks for the context, that makes sense to me. Updated to missed the comment, will think of different prefix..kibana-security-workflow-insights-* 👍.
There was a problem hiding this comment.
Yeah there are already special privileges for .kibana* and .kibana_* indices are included in the feature state.
Usually a system index should belong to some feature state so that these can be restored in a rollback. E.g. kibana's system indices .kibana_* are all included in the kibana feature state defined in the KibanaPlugin
Has there been any discussions around introducing a new system index with the Elasticsearch team?
There was a problem hiding this comment.
Has there been any discussions around introducing a new system index with the Elasticsearch team?
No, I think this is closer to an internal index rather than a system index. Similar to the other . prefixed indices installed by the Elastic Defend package.
There was a problem hiding this comment.
updated to .edr-workflow-insights
There was a problem hiding this comment.
As mentioned in https://github.com/elastic/elasticsearch/pull/116485/files#r1847945726, we would like to avoid introducing externally managed system indices that are under the .security-* namespace.
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
2 times, most recently
from
fd30ae8 to
edb7328
Compare
joeypoon
changed the title
.security-workflow-insights perms for kibana_system.edr-workflow-insights perms for kibana_system
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
from
edb7328 to
95f4e77
Compare
Adds auto_configure, read, write, and create_index permissions for the new .edr-workflow-insights-* index. This index is created and used internally by Kibana.
joeypoon
force-pushed
the
chore/security-config-insights-perms
branch
from
95f4e77 to
2ccc69b
Compare
|
@elasticmachine update branch |
…6485) Adds auto_configure, read, write, and create_index permissions for the new .security-workflows-insights-* index. This index is created and used internally by Kibana.
## Summary Adds an SecurityWorkflowInsightsService that is setup during security solution plugin initialization. The service setup installs the component templates, index template, and datastream used by the service. Depends on: - elastic/elasticsearch#116485 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co>
…9606) ## Summary Adds an SecurityWorkflowInsightsService that is setup during security solution plugin initialization. The service setup installs the component templates, index template, and datastream used by the service. Depends on: - elastic/elasticsearch#116485 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co> (cherry picked from commit 2e004f8)
…9606) ## Summary Adds an SecurityWorkflowInsightsService that is setup during security solution plugin initialization. The service setup installs the component templates, index template, and datastream used by the service. Depends on: - elastic/elasticsearch#116485 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co>
…6485) Adds auto_configure, read, write, and create_index permissions for the new .security-workflows-insights-* index. This index is created and used internally by Kibana.
…9606) ## Summary Adds an SecurityWorkflowInsightsService that is setup during security solution plugin initialization. The service setup installs the component templates, index template, and datastream used by the service. Depends on: - elastic/elasticsearch#116485 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) Co-authored-by: Konrad Szwarc <konrad.szwarc@elastic.co>
Adds necessary permissions for the new
.edr-workflow-insights-*index. This index is created, managed, and used internally by only Kibana for the upcoming Security Workflow Insights feature (provides users with security workflow configuration suggestions).