Skip to content

[Security] Privmon – AD integration groups update #4528

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
natasha-moore-elastic merged 4 commits into from
Jan 8, 2026
Merged

[Security] Privmon – AD integration groups update #4528

natasha-moore-elastic merged 4 commits into from
Jan 8, 2026

Conversation

@natasha-moore-elastic
Copy link
Contributor

@natasha-moore-elastic natasha-moore-elastic commented Jan 6, 2026
edited
Loading

Summary

Resolves #4503:

  • Updates the information on supported Active Directory privileged groups for privileged user monitoring
  • Explains that 9.3+ uses SID-based group matching
  • Adds a note for existing users on how to migrate to SID-based matching
  • Addresses https://github.com/elastic/sdh-security-team/issues/1516 by adding a note clarifying that 9.2 matches on literal English group name strings, which may not work with localized Active Directory configurations

Preview

Set up and manage privileged user monitoring > Add a supported integration

Generative AI disclosure

  1. Did you use a generative AI (GenAI) tool to assist in creating this contribution?
  • Yes
  • No

Tool(s) and model(s) used:
Cursor, claude-4.5-sonnet

@natasha-moore-elastic natasha-moore-elastic self-assigned this Jan 6, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Jan 6, 2026
edited
Loading

Vale Linting Results

Summary: 2 suggestions found

💡 Suggestions (2)
File Line Rule Message
solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md 83 Elastic.FutureTense 'won't be' might be in future tense. Write in the present tense to describe the state of the product as it is now.
solutions/security/advanced-entity-analytics/privileged-user-monitoring-setup.md 92 Elastic.FutureTense 'will be' might be in future tense. Write in the present tense to describe the state of the product as it is now.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 6, 2026
edited
Loading

🔍 Preview links for changed docs

@natasha-moore-elastic natasha-moore-elastic marked this pull request as ready for review January 6, 2026 18:19
@natasha-moore-elastic natasha-moore-elastic requested a review from a team as a code owner January 6, 2026 18:19
benironside
benironside reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

@benironside benironside left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work, copy looks perfect to me. The only things I would suggest is moving the content from line 50 to line 46, so it's not in the switcher, I think that would give a little more context about this big list. I'd also consider using a stepper for the two steps on line 44 and 86. I know it's only two steps, but after the list I found myself a bit disoriented about where in the process I was.

@natasha-moore-elastic
Copy link
Contributor Author

natasha-moore-elastic commented Jan 7, 2026

moving the content from line 50 to line 46, so it's not in the switcher

That content actually applies only to 9.3/serverless, so I don't think moving it out of the switcher would work in this case.

I'd also consider using a stepper for the two steps on line 44 and 86. I

Good idea! 💡 I've added a stepper now, and it definitely adds more visual clarity. 👍

CAWilson94
CAWilson94 approved these changes Jan 7, 2026
View reviewed changes
Copy link

@CAWilson94 CAWilson94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this! Looking good 🚀

@natasha-moore-elastic natasha-moore-elastic enabled auto-merge (squash) January 8, 2026 09:48
@natasha-moore-elastic natasha-moore-elastic merged commit 6824f84 into main Jan 8, 2026
7 of 8 checks passed
@natasha-moore-elastic natasha-moore-elastic deleted the issue-4503-ad-groups branch January 8, 2026 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benironside benironside benironside left review comments

@bmorelli25 bmorelli25 bmorelli25 approved these changes

@CAWilson94 CAWilson94 CAWilson94 approved these changes

@jaredburgettelastic jaredburgettelastic Awaiting requested review from jaredburgettelastic

Assignees

@natasha-moore-elastic natasha-moore-elastic

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Internal]: Privileged User Monitoring - Active Directory Integrations Groups Update

5 participants

@natasha-moore-elastic @bmorelli25 @CAWilson94 @benironside