Skip to content

[8.18] Add {m365_defender,microsoft_defender_endpoint}.vulnerability indices to kibana_system role permissions (#132445) #132630

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 11, 2025
Merged

[8.18] Add {m365_defender,microsoft_defender_endpoint}.vulnerability indices to kibana_system role permissions (#132445) #132630

merged 4 commits into from
Aug 11, 2025

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Aug 11, 2025

Backport

This will backport the following commits from main to 8.18:

Questions ?

Please refer to the Backport tool documentation

@kcreddy
Add {m365_defender,microsoft_defender_endpoint}.vulnerability indices…
9e5b51b 
… to kibana_system role permissions (elastic#132445)

Add logs-m365_defender.vulnerability-* and logs-microsoft_defender_endpoint.vulnerability-* data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability findings) to work.

Also add delete_index on logs-m365_defender.vulnerability-* and logs-microsoft_defender_endpoint.vulnerability-* to facilitate index removal through ILM policies.

(cherry picked from commit 716bff8)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@kcreddy kcreddy mentioned this pull request Aug 11, 2025
Merged
@elasticsearchmachine elasticsearchmachine added v8.18.6 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Aug 11, 2025
@kcreddy kcreddy added >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) Team:Cloud Security Meta label for Cloud Security team labels Aug 11, 2025
@kcreddy
Copy link
Contributor Author

kcreddy commented Aug 11, 2025

@elasticsearchmachine test this please

@elasticsearchmachine elasticsearchmachine merged commit 58cc8a9 into elastic:8.18 Aug 11, 2025
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Cloud Security Meta label for Cloud Security team Team:Security Meta label for security team v8.18.6
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kcreddy @elasticsearchmachine