Skip to content

[Security Solution] Add additional privileges to Kibana System role for .endpoint-scripts-file* indexes #139245

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
paul-tavares merged 12 commits into from
Dec 16, 2025
Merged

[Security Solution] Add additional privileges to Kibana System role for .endpoint-scripts-file* indexes #139245

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
9012ac4
Add additional privileges for `.endpoint-scripts-file*` indexes
paul-tavares Dec 9, 2025
c4765fb
Update docs/changelog/139245.yaml
paul-tavares Dec 9, 2025
4f95afa
[CI] Auto commit changes from spotless
Dec 9, 2025
b60787a
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 9, 2025
674f51e
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 9, 2025
cd59172
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 11, 2025
f5141dd
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 11, 2025
23d330d
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 11, 2025
f90880f
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 11, 2025
02c8f61
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 11, 2025
0afb653
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 15, 2025
409639a
Merge branch 'main' into task/olm-14941-add-manage-to-scripts-indexes
paul-tavares Dec 15, 2025
File filter

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions docs/changelog/139245.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
pr: 139245
summary: "[Security Solution] Add additional privileges to Kibana System role for\
\ `.endpoint-scripts-file*` indexes"
area: Authorization
type: enhancement
issues: []
12 changes: 9 additions & 3 deletions ...org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,16 +339,22 @@ static RoleDescriptor kibanaSystem(String name) {
)
.build(),

// Kibana Security Solution EDR workflows team
// - `.endpoint-script-file*`:
// indexes are used internally within Kibana in support of Elastic Defend scripts library.
RoleDescriptor.IndicesPrivileges.builder()
.indices(".endpoint-script-file-meta-*", ".endpoint-script-file-data-*")
.privileges("auto_configure", "read", "write", "delete", "create_index", "manage")
.build(),

// Kibana Security Solution EDR workflows team
// 1.`.logs-endpoint.action.responses-*`:
// Endpoint specific action responses. Kibana reads and writes (for third party agents)
// to the index to display action responses to the user. `create_index`: is necessary
// in order to ensure that the DOT datastream index is created by Kibana in order to
// avoid errors on the Elastic Defend side when streaming documents to it.
// 2. `.endpoint-script-file*`:
// indexes are used internally within Kibana in support of Elastic Defend scripts library.
RoleDescriptor.IndicesPrivileges.builder()
.indices(".logs-endpoint.action.responses-*", ".endpoint-script-file-meta-*", ".endpoint-script-file-data-*")
.indices(".logs-endpoint.action.responses-*")
.privileges("auto_configure", "read", "write", "create_index")
.build(),
// Endpoint specific actions. Kibana reads and writes to this index to track new
Expand Down
7 changes: 3 additions & 4 deletions .../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -991,10 +991,8 @@ public void testKibanaSystemRole() {
final IndexAbstraction indexAbstraction = mockIndexAbstraction(index);
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(indexAbstraction), is(false));
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(indexAbstraction), is(false));
assertThat(
kibanaRole.indices().allowedIndicesMatcher(TransportDeleteIndexAction.TYPE.name()).test(indexAbstraction),
is(false)
);
assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportDeleteIndexAction.TYPE.name()).test(indexAbstraction), is(true));

assertThat(kibanaRole.indices().allowedIndicesMatcher(GetIndexAction.NAME).test(indexAbstraction), is(true));
assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportCreateIndexAction.TYPE.name()).test(indexAbstraction), is(true));
assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportIndexAction.NAME).test(indexAbstraction), is(true));
Expand All @@ -1003,6 +1001,7 @@ public void testKibanaSystemRole() {
assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportMultiSearchAction.TYPE.name()).test(indexAbstraction), is(true));
assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportGetAction.TYPE.name()).test(indexAbstraction), is(true));
assertThat(kibanaRole.indices().allowedIndicesMatcher(READ_CROSS_CLUSTER_NAME).test(indexAbstraction), is(false));
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:admin/refresh*").test(indexAbstraction), is(true));
});

// Kibana Security Solution EDR workflows team
Expand Down