Role to provide access to SIEM?

Is there any role to provide read only access to SIEM? Its working for superusers however i cannot find a specific role just for that.

To make sure I understand, you want to give some Kibana users only Read only access to the SIEM data?

The data itself lives in Beats indexes (filebeat-*, auditbeat-*, packetbeat-*, winlogbeat-* and you can add more index patterns from the Kibana advanced settings). We don't have a role that gives only read-only access to these indices, but you should be able to create one.

Thank you, i got the idea :slight_smile: .. works now

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.