Skip to content

Add microsoft_defender_cloud.assessment indices to kibana_system role permissions #133623

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 29, 2025
Merged

Add microsoft_defender_cloud.assessment indices to kibana_system role permissions #133623

merged 2 commits into from
Aug 29, 2025

Conversation

kcreddy
Copy link
Contributor

@kcreddy kcreddy commented Aug 27, 2025

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to #132445

@kcreddy kcreddy requested a review from a team as a code owner August 27, 2025 08:02
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v9.2.0 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Aug 27, 2025
@kcreddy kcreddy added >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team auto-backport Automatically create backport pull requests when merged Team:Cloud Security Meta label for Cloud Security team labels Aug 27, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine elasticsearchmachine removed the needs:triage Requires assignment of a team area label label Aug 27, 2025
@kcreddy kcreddy self-assigned this Aug 27, 2025
SiddharthMantri
SiddharthMantri approved these changes Aug 29, 2025
View reviewed changes
Copy link
Contributor

@SiddharthMantri SiddharthMantri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Index pattern matches known patterns. LGTM.

@kcreddy kcreddy merged commit eb005b0 into elastic:main Aug 29, 2025
33 checks passed
@kcreddy kcreddy mentioned this pull request Aug 29, 2025
Merged
kcreddy added a commit to kcreddy/elasticsearch that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
e311bc2 
… for transform (elastic#133623)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445

(cherry picked from commit eb005b0)
@kcreddy kcreddy mentioned this pull request Aug 29, 2025
Merged
kcreddy added a commit to kcreddy/elasticsearch that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
2cb1428 
… for transform (elastic#133623)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445

(cherry picked from commit eb005b0)
@kcreddy kcreddy mentioned this pull request Aug 29, 2025
Merged
kcreddy added a commit to kcreddy/elasticsearch that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
deb2182 
… for transform (elastic#133623)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445

(cherry picked from commit eb005b0)
@kcreddy
Copy link
Contributor Author

kcreddy commented Aug 29, 2025

💚 All backports created successfully

Status Branch Result
9.1
9.0
8.19
8.18

Questions ?

Please refer to the Backport tool documentation

@kcreddy kcreddy mentioned this pull request Aug 29, 2025
Merged
kcreddy added a commit to kcreddy/elasticsearch that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
f4662d9 
… for transform (elastic#133623)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445

(cherry picked from commit eb005b0)
elasticsearchmachine pushed a commit that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
37862ab 
… for transform (#133623) (#133800)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to #132445

(cherry picked from commit eb005b0)
elasticsearchmachine pushed a commit that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
5d80ce3 
… for transform (#133623) (#133799)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to #132445

(cherry picked from commit eb005b0)
elasticsearchmachine pushed a commit that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
edeafb6 
… for transform (#133623) (#133798)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to #132445

(cherry picked from commit eb005b0)
elasticsearchmachine pushed a commit that referenced this pull request Aug 29, 2025
@kcreddy
Add Defender for Cloud to 3rd party integrations permissions required…
94e5d6c 
… for transform (#133623) (#133797)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to #132445

(cherry picked from commit eb005b0)
JeremyDahlgren pushed a commit to JeremyDahlgren/elasticsearch that referenced this pull request Aug 29, 2025
@kcreddy @JeremyDahlgren
Add Defender for Cloud to 3rd party integrations permissions required…
de458f4 
… for transform (elastic#133623)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445
@kcreddy kcreddy mentioned this pull request Sep 3, 2025
Merged
sarog pushed a commit to portsbuild/elasticsearch that referenced this pull request Sep 11, 2025
@kcreddy @sarog
Add Defender for Cloud to 3rd party integrations permissions required…
4d0320f 
… for transform (elastic#133623) (elastic#133799)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445

(cherry picked from commit eb005b0)
sarog pushed a commit to portsbuild/elasticsearch that referenced this pull request Sep 19, 2025
@kcreddy @sarog
Add Defender for Cloud to 3rd party integrations permissions required…
dd83440 
… for transform (elastic#133623) (elastic#133799)

Add logs-microsoft_defender_cloud.assessment data stream indices to the kibana_system's read privileges. This is required for the latest transform for 3rd party integrations CDR workflows (vulnerability and misconfigurations findings) to work.

Also adds delete_index on logs-microsoft_defender_cloud.assessment-* to facilitate index removal through ILM policies.
Related: For elastic/integrations#14785

Similar to elastic#132445

(cherry picked from commit eb005b0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SiddharthMantri SiddharthMantri SiddharthMantri approved these changes

Assignees

@kcreddy kcreddy

Labels

auto-backport Automatically create backport pull requests when merged external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Cloud Security Meta label for Cloud Security team Team:Security Meta label for security team v8.18.7 v8.19.4 v9.0.7 v9.1.4 v9.2.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kcreddy @elasticsearchmachine @SiddharthMantri