Skip to content

[Request] [EDR] Update index privileges for Osquery docs #2874

New issue
New issue
Closed
#2890
Closed
[Request] [EDR] Update index privileges for Osquery docs#2874
#2890
Assignees
natasha-moore-elastic
Labels
Team:ExperienceIssues owned by the Experience Docs Team
@dasansol92

Description

@dasansol92
dasansol92
opened on Sep 9, 2025

Description

With Osquery privileges changes, roles won't need the broad logs-osquery_manager.result* read index permissions.
These docs section should be updated according to it: https://www.elastic.co/docs/solutions/security/investigate/osquery#required_osquery-privileges

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

Feature will be included in v9.2.0

Serverless release

Week of September 15 2025

Feature differences

Feature is identical in both ESS and Serverless

Metadata

Metadata

Assignees

Labels

Team:ExperienceIssues owned by the Experience Docs Team

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions