Skip to content

[9.1] [Sentinel One] - Fix Cannot execute ILM policy delete step (#133793) #134111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 4, 2025
Merged

[9.1] [Sentinel One] - Fix Cannot execute ILM policy delete step (#133793) #134111

merged 1 commit into from
Sep 4, 2025

Conversation

mohitjha-elastic
Copy link
Contributor

Backport

This will backport the following commits from main to 9.1:

Questions ?

Please refer to the Backport tool documentation

@mohitjha-elastic
[Sentinel One] - Fix Cannot execute ILM policy delete step (elastic#1…
46f362c 
…33793)

This PR focuses on the short term solution which add the logs-sentinel_one.application-* and logs-sentinel_one.application_risk-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

Current behavior:
It shows permission issue while deleting the index.

(cherry picked from commit bfde47a)
@mohitjha-elastic mohitjha-elastic requested a review from a team as a code owner September 4, 2025 08:40
@elasticsearchmachine elasticsearchmachine added needs:triage Requires assignment of a team area label v9.1.4 external-contributor Pull request authored by a developer outside the Elasticsearch team labels Sep 4, 2025
@mohitjha-elastic mohitjha-elastic mentioned this pull request Sep 4, 2025
Merged
@kcreddy kcreddy self-assigned this Sep 4, 2025
@kcreddy kcreddy added >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Security Meta label for security team auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) Team:Cloud Security Meta label for Cloud Security team labels Sep 4, 2025
@elasticsearchmachine elasticsearchmachine removed the needs:triage Requires assignment of a team area label label Sep 4, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-security (Team:Security)

@elasticsearchmachine elasticsearchmachine merged commit 6be41ce into elastic:9.1 Sep 4, 2025
36 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kcreddy kcreddy

Labels

auto-merge-without-approval Automatically merge pull request when CI checks pass (NB doesn't wait for reviews!) backport external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue :Security/Authorization Roles, Privileges, DLS/FLS, RBAC/ABAC Team:Cloud Security Meta label for Cloud Security team Team:Security Meta label for security team v9.1.4

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mohitjha-elastic @elasticsearchmachine @kcreddy