Skip to content

Commit

Permalink
[Security Solution] Give entity store permissions to built-in and clo…
Browse files Browse the repository at this point in the history 
…ud roles (#197383)

## Summary

Give entity store permissions to built-in and cloud roles.
The entity store should be available where the RiskEngine is.

ES controller PR
elastic/elasticsearch-controller#753
  • Loading branch information
@machadoum
machadoum authored Oct 24, 2024
1 parent 0a825ef commit a194211
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 1 deletion.
12 changes: 12 additions & 0 deletions packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ viewer:
- '.fleet-actions*'
- 'risk-score.risk-score-*'
- '.asset-criticality.asset-criticality-*'
- '.entities.v1.latest.security_*'
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -99,6 +100,7 @@ editor:
- 'maintenance'
- names:
- '.asset-criticality.asset-criticality-*'
- '.entities.v1.latest.security_*'
privileges:
- 'read'
- 'write'
Expand Down Expand Up @@ -162,6 +164,7 @@ t1_analyst:
- '.fleet-actions*'
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -211,6 +214,7 @@ t2_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -274,6 +278,7 @@ t3_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -346,6 +351,7 @@ threat_intelligence_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -406,6 +412,7 @@ rule_author:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -472,6 +479,7 @@ soc_manager:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -543,6 +551,7 @@ detections_admin:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand Down Expand Up @@ -590,6 +599,7 @@ platform_engineer:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand Down Expand Up @@ -648,6 +658,7 @@ endpoint_operations_analyst:
- .lists*
- .items*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- '.ml-anomalies-*'
privileges:
- read
Expand Down Expand Up @@ -717,6 +728,7 @@ endpoint_policy_manager:
- winlogbeat-*
- logstash-*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
privileges:
- read
- names:
Expand Down
7 changes: 6 additions & 1 deletion packages/kbn-es/src/serverless_resources/security_roles.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,12 @@
"privileges": ["read", "write"]
},
{
"names": ["metrics-endpoint.metadata_current_*", ".fleet-agents*", ".fleet-actions*", "risk-score.risk-score-*"],
"names": [
"metrics-endpoint.metadata_current_*",
".fleet-agents*", ".fleet-actions*",
"risk-score.risk-score-*",
".entities.v1.latest.security_*"
],
"privileges": ["read"]
}
],
Expand Down
13 changes: 13 additions & 0 deletions ...solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ viewer:
- ".fleet-actions*"
- "risk-score.risk-score-*"
- ".asset-criticality.asset-criticality-*"
- ".entities.v1.latest.security_*"
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -117,6 +118,7 @@ editor:
- "maintenance"
- names:
- ".asset-criticality.asset-criticality-*"
- .entities.v1.latest.security_*
privileges:
- "read"
- "write"
Expand Down Expand Up @@ -181,6 +183,7 @@ t1_analyst:
- ".fleet-actions*"
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -231,6 +234,7 @@ t2_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -295,6 +299,7 @@ t3_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -363,6 +368,7 @@ threat_intelligence_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -424,6 +430,7 @@ rule_author:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -468,6 +475,7 @@ soc_manager:
- packetbeat-*
- winlogbeat-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand All @@ -491,6 +499,7 @@ soc_manager:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -563,6 +572,7 @@ detections_admin:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand Down Expand Up @@ -611,6 +621,7 @@ platform_engineer:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand Down Expand Up @@ -670,6 +681,7 @@ endpoint_operations_analyst:
- .lists*
- .items*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -740,6 +752,7 @@ endpoint_policy_manager:
- packetbeat-*
- winlogbeat-*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down
13 changes: 13 additions & 0 deletions ...ck/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ viewer:
- ".fleet-actions*"
- "risk-score.risk-score-*"
- ".asset-criticality.asset-criticality-*"
- ".entities.v1.latest.security_*"
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -98,6 +99,7 @@ editor:
- "maintenance"
- names:
- ".asset-criticality.asset-criticality-*"
- ".entities.v1.latest.security_*"
privileges:
- "read"
- "write"
Expand Down Expand Up @@ -162,6 +164,7 @@ t1_analyst:
- ".fleet-actions*"
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -212,6 +215,7 @@ t2_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -276,6 +280,7 @@ t3_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -344,6 +349,7 @@ threat_intelligence_analyst:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -405,6 +411,7 @@ rule_author:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -449,6 +456,7 @@ soc_manager:
- packetbeat-*
- winlogbeat-*
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand All @@ -472,6 +480,7 @@ soc_manager:
- .fleet-agents*
- .fleet-actions*
- risk-score.risk-score-*
- .asset-criticality.asset-criticality-*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -544,6 +553,7 @@ detections_admin:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand Down Expand Up @@ -592,6 +602,7 @@ platform_engineer:
- all
- names:
- .asset-criticality.asset-criticality-*
- .entities.v1.latest.security_*
privileges:
- read
- write
Expand Down Expand Up @@ -651,6 +662,7 @@ endpoint_operations_analyst:
- .lists*
- .items*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down Expand Up @@ -721,6 +733,7 @@ endpoint_policy_manager:
- packetbeat-*
- winlogbeat-*
- risk-score.risk-score-*
- .entities.v1.latest.security_*
- ".ml-anomalies-*"
privileges:
- read
Expand Down

0 comments on commit a194211

Please sign in to comment.