diff --git a/solutions/security/cloud/cloud-native-vulnerability-management.md b/solutions/security/cloud/cloud-native-vulnerability-management.md index 9bb24ce03b..6fd1783222 100644 --- a/solutions/security/cloud/cloud-native-vulnerability-management.md +++ b/solutions/security/cloud/cloud-native-vulnerability-management.md @@ -20,15 +20,11 @@ CNVM currently only supports AWS EC2 Linux workloads. ::::{admonition} Requirements -* CNVM is available to all {{ecloud}} users. On-premise deployments require an [Enterprise subscription](https://www.elastic.co/pricing). -* Requires {{stack}} and {{agent}} version 8.8 or higher. +* {{stack}} users: {{stack}} version 8.8 or higher and an [Enterprise subscription](https://www.elastic.co/pricing). * CNVM only works in the `Default` {{kib}} space. Installing the CNVM integration on a different {{kib}} space will not work. -* To view vulnerability scan findings, you need at least `read` privileges for the following indices: - - * `logs-cloud_security_posture.vulnerabilities-*` - * `logs-cloud_security_posture.vulnerabilities_latest-*` - - +* CNVM can only be deployed on ARM-based VMs. +* You need an AWS user account with permissions to perform the following actions: run CloudFormation templates, create IAM Roles and InstanceProfiles, and create EC2 SecurityGroups and Instances. +* Depending on whether you want to `read`, `write`, or `manage` CNVM data, you need [specific privileges](/solutions/security/cloud/cnvm-privilege-requirements.md). :::: diff --git a/solutions/security/cloud/cnvm-privilege-requirements.md b/solutions/security/cloud/cnvm-privilege-requirements.md new file mode 100644 index 0000000000..f918bc6a07 --- /dev/null +++ b/solutions/security/cloud/cnvm-privilege-requirements.md @@ -0,0 +1,59 @@ +--- +applies_to: + stack: all + serverless: + security: all +--- + +# CNVM privilege requirements [cnvm-required-permissions] + +This page lists required privileges for {{elastic-sec}}'s CNVM features. There are three access levels: `read`, `write`, and `manage`. Each access level and its requirements are described below. + +## Read + +Users with these minimum permissions can view data on the **Findings** page. + +### {{es}} index privileges + +`Read` privileges for the following {{es}} indices: + +* `logs-cloud_security_posture.vulnerabilities_latest-default` +* `logs-cloud_security_posture.scores-default` + +### {{kib}} privileges + +* `Security: Read` + +## Write + +Users with these minimum permissions can view data on the **Findings** page and create detection rules from the findings details flyout. + +### {{es}} index privileges +`Read` privileges for the following {{es}} indices: + +* `logs-cloud_security_posture.vulnerabilities_latest-default` +* `logs-cloud_security_posture.scores-default` + +### {{kib}} privileges + +* `Security: All` + + +## Manage + +Users with these minimum permissions can view data on the **Findings** page, create detection rules from the findings details flyout, and install, update, or uninstall integrations and assets. + +### {{es}} index privileges + +`Read` privileges for the following {{es}} indices: + +* `logs-cloud_security_posture.vulnerabilities_latest-default` +* `logs-cloud_security_posture.scores-default` + +### {{kib}} privileges + +* `Security: All` +* `Spaces: All` +* `Fleet: All` +* `Integrations: All` + diff --git a/solutions/security/cloud/get-started-with-cnvm.md b/solutions/security/cloud/get-started-with-cnvm.md index c10bb61ca8..1896ab1853 100644 --- a/solutions/security/cloud/get-started-with-cnvm.md +++ b/solutions/security/cloud/get-started-with-cnvm.md @@ -14,17 +14,11 @@ applies_to: This page explains how to set up Cloud Native Vulnerability Management (CNVM). ::::{admonition} Requirements -* CNVM is available to all {{ecloud}} users. On-premise deployments require an [Enterprise subscription](https://www.elastic.co/pricing). -* Requires {{stack}} and {{agent}} version 8.8 or higher. -* Only works in the `Default` {{kib}} space. Installing the CNVM integration on a different {{kib}} space will not work. +* {{stack}} users: {{stack}} version 8.8 or higher and an [Enterprise subscription](https://www.elastic.co/pricing). +* CNVM only works in the `Default` {{kib}} space. Installing the CNVM integration on a different {{kib}} space will not work. * CNVM can only be deployed on ARM-based VMs. -* To view vulnerability scan findings, you need at least `read` privileges for the following indices: - - * `logs-cloud_security_posture.vulnerabilities-*` - * `logs-cloud_security_posture.vulnerabilities_latest-*` - * You need an AWS user account with permissions to perform the following actions: run CloudFormation templates, create IAM Roles and InstanceProfiles, and create EC2 SecurityGroups and Instances. - +* Depending on whether you want to `read`, `write`, or `manage` CNVM data, you need [specific privileges](/solutions/security/cloud/cnvm-privilege-requirements.md). :::: diff --git a/solutions/toc.yml b/solutions/toc.yml index ed9f6052f3..b4a657e29f 100644 --- a/solutions/toc.yml +++ b/solutions/toc.yml @@ -573,6 +573,7 @@ toc: - file: security/cloud/cloud-native-vulnerability-management.md children: - file: security/cloud/get-started-with-cnvm.md + - file: security/cloud/cnvm-privilege-requirements.md - file: security/cloud/findings-page-3.md - file: security/dashboards/cloud-native-vulnerability-management-dashboard.md - file: security/cloud/cnvm-frequently-asked-questions-faq.md