Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Cloud Security] Add privileges required for AWS SecurityHub related to CDR misconfiguration features (#112574)

Update `kibana_system` privileges to include the ones required for the Security Solution CDR Misconfiguration latest transform to work on AWS SecurityHub integration:
  - to read from source AWS SecurityHub Findings data stream as one of the data streams providing data for Cloud Detection & Response (CDR) features in Kibana.

The destination and alias index privileges already added in #112456.
Krishna Chaitanya Reddy Burri 1 year ago
parent
8f07d60c2c
commit
d6daef0d7d
3 changed files with 8 additions and 2 deletions
Split View Show Diff Stats
  1. 5 0
      docs/changelog/112574.yaml
  2. 1 1
      x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
  3. 2 1
      x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

+ 5 - 0
docs/changelog/112574.yaml
View File 

@@ -0,0 +1,5 @@
 
+pr: 112574
 
+summary: Add privileges required for CDR misconfiguration features to work on AWS SecurityHub integration
 
+area: Authorization
 
+type: enhancement
 
+issues: []

+ 1 - 1
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
View File 

@@ -420,7 +420,7 @@ class KibanaOwnedReservedRoleDescriptors {
 
                 // For source indices of the Cloud Detection & Response (CDR) packages that ships a
 
                 // transform
 
                 RoleDescriptor.IndicesPrivileges.builder()
 
-                    .indices("logs-wiz.vulnerability-*", "logs-wiz.cloud_configuration_finding-*")
 
+                    .indices("logs-wiz.vulnerability-*", "logs-wiz.cloud_configuration_finding-*", "logs-aws.securityhub_findings-*")
 
                     .privileges("read", "view_index_metadata")
 
                     .build(),
 
                 // For alias indices of the Cloud Detection & Response (CDR) packages that ships a

+ 2 - 1
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
View File 

@@ -1611,7 +1611,8 @@ public class ReservedRolesStoreTests extends ESTestCase {
 
 
         Arrays.asList(
 
             "logs-wiz.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)),
 
-            "logs-wiz.cloud_configuration_finding-" + randomAlphaOfLength(randomIntBetween(0, 13))
 
+            "logs-wiz.cloud_configuration_finding-" + randomAlphaOfLength(randomIntBetween(0, 13)),
 
+            "logs-aws.securityhub_findings-" + randomAlphaOfLength(randomIntBetween(0, 13))
 
         ).forEach(indexName -> {
 
             final IndexAbstraction indexAbstraction = mockIndexAbstraction(indexName);
 
             assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(indexAbstraction), is(false));