Hmm ok, you seem to be running into issues with the creation and access of the signals index. I know you've likely already run through these things a number of times, but just to confirm:
-
HTTPS is configured
-
In
elasticsearch.yml, the following is set to true,xpack.security.enabled -
In
kibana.ymlthexpack.encryptedSavedObjects.encryptionKeyis set to any alphanumeric value of 32+ charachters -
Your Kibana space has
Allprivileges -
Try adding
create,create_doc,write,index,all,create_indexprivileges for.siem-signals-*