Role to provide access to SIEM?

kmohd · July 3, 2019, 7:15am

Is there any role to provide read only access to SIEM? Its working for superusers however i cannot find a specific role just for that.

tudor · July 3, 2019, 10:24am

To make sure I understand, you want to give some Kibana users only Read only access to the SIEM data?

The data itself lives in Beats indexes (filebeat-*, auditbeat-*, packetbeat-*, winlogbeat-* and you can add more index patterns from the Kibana advanced settings). We don't have a role that gives only read-only access to these indices, but you should be able to create one.

kmohd · July 4, 2019, 4:11am

Thank you, i got the idea .. works now

system · August 1, 2019, 4:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana read-only role (7.9.0) Kibana	3	577	September 25, 2020
Read Only to Everything in Elastic/Kibana Kibana	6	175	February 14, 2024
Config roles in Kibana Kibana elastic-stack-security	5	297	July 1, 2021
Kibana role for read logs Kibana	4	932	October 9, 2017
What permissions/roles should I assign to create a read-only Kibana user? Kibana	2	4018	September 12, 2017

Role to provide access to SIEM?

Related topics