From 7b45175d90a81f653151ebafc3808fc06b8dd54d Mon Sep 17 00:00:00 2001
From: muskan-crest <muskan.agarwal@crestdata.ai>
Date: Mon, 22 Sep 2025 14:36:21 +0530
Subject: [PATCH 1/4] Added ilm policy and changelog entry

---
 docs/changelog/134894.yml                           |  6 ++++++
 .../store/KibanaOwnedReservedRoleDescriptors.java   | 13 ++++++++++---
 .../authz/store/ReservedRolesStoreTests.java        |  7 +++++--
 3 files changed, 21 insertions(+), 5 deletions(-)
 create mode 100644 docs/changelog/134894.yml

diff --git a/docs/changelog/134894.yml b/docs/changelog/134894.yml
new file mode 100644
index 0000000000000..94cde7e18026c
--- /dev/null
+++ b/docs/changelog/134894.yml
@@ -0,0 +1,6 @@
+pr: 134894
+summary: "[Cyera] Add `manage`, `create_index`, `read`, `index`, `write`, `delete`, permission for third party agent indices `kibana_system`"
+area: Authorization
+type: enhancement
+issues:
+  - 134183
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
index 5bf438ce540f4..d64f0ec7af435 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -549,11 +549,18 @@ static RoleDescriptor kibanaSystem(String name) {
                         TransportDeleteIndexAction.TYPE.name()
                     )
                     .build(),
-                // For ExtraHop, QualysGAV, and SentinelOne Application Dataset specific actions. Kibana reads, writes and manages this
-                // index
+                // For ExtraHop, QualysGAV, SentinelOne Application Dataset and Cyera specific actions.
+                // Kibana reads, writes and manages this index
                 // for configured ILM policies.
                 RoleDescriptor.IndicesPrivileges.builder()
-                    .indices("logs-extrahop.investigation-*", "logs-qualys_gav.asset-*", "logs-sentinel_one.application-*")
+                    .indices(
+                        "logs-extrahop.investigation-*",
+                        "logs-qualys_gav.asset-*",
+                        "logs-sentinel_one.application-*",
+                        "logs-cyera.classification-*",
+                        "logs-cyera.issue-*",
+                        "logs-cyera.datastore-*"                       
+                    )
                     .privileges(
                         "manage",
                         "create_index",
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
index 06bb32df2ae6d..db15def035a3c 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -1976,12 +1976,15 @@ public void testKibanaSystemRole() {
             assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(true));
         });
 
-        // Tests for third-party agent indices (ExtraHop, QualysGAV, SentinelOne) that `kibana_system` has full management access to
+        // Tests for third-party agent indices (ExtraHop, QualysGAV, SentinelOne, Cyera) that `kibana_system` has full management access to
         // This includes read, write, create, delete, and all ILM-related management actions.
         Arrays.asList(
             "logs-extrahop.investigation-" + randomAlphaOfLength(randomIntBetween(1, 10)),
             "logs-qualys_gav.asset-" + randomAlphaOfLength(randomIntBetween(1, 10)),
-            "logs-sentinel_one.application-" + randomAlphaOfLength(randomIntBetween(1, 10))
+            "logs-sentinel_one.application-" + randomAlphaOfLength(randomIntBetween(1, 10)),
+            "logs-cyera.classification-" + randomAlphaOfLength(randomIntBetween(1, 10)),
+            "logs-cyera.issue-" + randomAlphaOfLength(randomIntBetween(1, 10)),
+            "logs-cyera.datastore-" + randomAlphaOfLength(randomIntBetween(1, 10))
         ).forEach((index_qualys_extra_hop) -> {
             final IndexAbstraction indexAbstraction = mockIndexAbstraction(index_qualys_extra_hop);
 

From aee52a59862389a0ce42a38fc9ef8551c7461295 Mon Sep 17 00:00:00 2001
From: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Date: Tue, 23 Sep 2025 04:21:06 +0000
Subject: [PATCH 2/4] [CI] Update transport version definitions

---
 server/src/main/resources/transport/upper_bounds/8.18.csv | 2 +-
 server/src/main/resources/transport/upper_bounds/8.19.csv | 2 +-
 server/src/main/resources/transport/upper_bounds/9.0.csv  | 2 +-
 server/src/main/resources/transport/upper_bounds/9.1.csv  | 2 +-
 server/src/main/resources/transport/upper_bounds/9.2.csv  | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/src/main/resources/transport/upper_bounds/8.18.csv b/server/src/main/resources/transport/upper_bounds/8.18.csv
index 4eb5140004ea6..ffc592e1809ee 100644
--- a/server/src/main/resources/transport/upper_bounds/8.18.csv
+++ b/server/src/main/resources/transport/upper_bounds/8.18.csv
@@ -1 +1 @@
-initial_elasticsearch_8_18_6,8840008
+initial_elasticsearch_8_18_8,8840010
diff --git a/server/src/main/resources/transport/upper_bounds/8.19.csv b/server/src/main/resources/transport/upper_bounds/8.19.csv
index 476468b203875..3cc6f439c5ea5 100644
--- a/server/src/main/resources/transport/upper_bounds/8.19.csv
+++ b/server/src/main/resources/transport/upper_bounds/8.19.csv
@@ -1 +1 @@
-initial_elasticsearch_8_19_3,8841067
+initial_elasticsearch_8_19_5,8841069
diff --git a/server/src/main/resources/transport/upper_bounds/9.0.csv b/server/src/main/resources/transport/upper_bounds/9.0.csv
index f8f50cc6d7839..8ad2ed1a4cacf 100644
--- a/server/src/main/resources/transport/upper_bounds/9.0.csv
+++ b/server/src/main/resources/transport/upper_bounds/9.0.csv
@@ -1 +1 @@
-initial_elasticsearch_9_0_6,9000015
+initial_elasticsearch_9_0_8,9000017
diff --git a/server/src/main/resources/transport/upper_bounds/9.1.csv b/server/src/main/resources/transport/upper_bounds/9.1.csv
index 5a65f2e578156..1cea5dc4d929b 100644
--- a/server/src/main/resources/transport/upper_bounds/9.1.csv
+++ b/server/src/main/resources/transport/upper_bounds/9.1.csv
@@ -1 +1 @@
-initial_elasticsearch_9_1_4,9112007
+initial_elasticsearch_9_1_5,9112008
diff --git a/server/src/main/resources/transport/upper_bounds/9.2.csv b/server/src/main/resources/transport/upper_bounds/9.2.csv
index e24f914a1d1ca..6e7d51d3d3020 100644
--- a/server/src/main/resources/transport/upper_bounds/9.2.csv
+++ b/server/src/main/resources/transport/upper_bounds/9.2.csv
@@ -1 +1 @@
-ml_inference_endpoint_cache,9157000
+security_stats_endpoint,9168000

From a134bb3e7891f60c9010c40a075d8ffeff593e55 Mon Sep 17 00:00:00 2001
From: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Date: Tue, 23 Sep 2025 04:21:20 +0000
Subject: [PATCH 3/4] [CI] Auto commit changes from spotless

---
 .../authz/store/KibanaOwnedReservedRoleDescriptors.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
index d64f0ec7af435..af8dbdb9f9a83 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -559,7 +559,7 @@ static RoleDescriptor kibanaSystem(String name) {
                         "logs-sentinel_one.application-*",
                         "logs-cyera.classification-*",
                         "logs-cyera.issue-*",
-                        "logs-cyera.datastore-*"                       
+                        "logs-cyera.datastore-*"
                     )
                     .privileges(
                         "manage",

From a7a1aee8a9b1222d0acf49d50bf43650fd1cdaf9 Mon Sep 17 00:00:00 2001
From: muskan-crest <muskan.agarwal@crestdata.ai>
Date: Wed, 24 Sep 2025 14:37:24 +0530
Subject: [PATCH 4/4] Resmoved trailing white spaces

---
 .../authz/store/KibanaOwnedReservedRoleDescriptors.java         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
index b7a2430c34c5a..2573ac91d53c7 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
@@ -556,7 +556,7 @@ static RoleDescriptor kibanaSystem(String name) {
                     .indices(
                         "logs-extrahop.investigation-*",
                         "logs-qualys_gav.asset-*",
-                        "logs-sentinel_one.application-*",                       
+                        "logs-sentinel_one.application-*",
                         "logs-island_browser.user-*",
                         "logs-island_browser.device-*",
                         "logs-cyera.classification-*",