[Security] [Serverless: Sep 16] Updates required privileges for Osquery Manager (#2890)

natasha-moore-elastic · web-flow · commit cab4287fea90 · 2025-09-17T07:09:33.000Z
Resolves #2874. Adds the appropriate 'applies to' tags to indicate that `Read` privileges for the `logs-osquery_manager.result*` index are no longer required from 9.2. Preview: [Osquery > Required privileges](https://docs-v3-preview.elastic.dev/elastic/docs-content/pull/2890/solutions/security/investigate/osquery#required_osquery-privileges)
diff --git a/solutions/security/investigate/osquery.md b/solutions/security/investigate/osquery.md
@@ -36,7 +36,7 @@ To use Osquery, you must add the [Osquery manager integration](manage-integratio
 
 To use **Osquery Manager**, you must be assigned to a role with the following privileges:
 
-* `Read` privileges for the `logs-osquery_manager.result*` index.
+* {applies_to}`stack: removed 9.2` {applies_to}`serverless: removed` `Read` privileges for the `logs-osquery_manager.result*` index.
 * {{kib}} privileges for **Osquery Manager**. The `All` privilege enables you to run, schedule, and save queries. `Read` enables you to view live and scheduled query results, but you cannot run live queries or edit.
 
 
