NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.

« Configure Auditbeat to use X-Pack security Configure authentication credentials »
Elastic Docs Auditbeat Reference [6.8] Securing Auditbeat Configure Auditbeat to use X-Pack security

Auditbeat features that require authorization

edit

Auditbeat features that require authorization

edit

After securing Auditbeat, make sure your users have the roles (or associated privileges) required to use these Auditbeat features. Note that some of the roles shown here are built-in, and some are user-defined.

Feature Role

Send data to a secured cluster

auditbeat_writer [4]

Load index templates

auditbeat_writer [4] and kibana_user

Load Auditbeat dashboards into Kibana

auditbeat_writer [4] and kibana_user

Load machine learning jobs

machine_learning_admin

Read indices created by Auditbeat

auditbeat_reader [4]

View Auditbeat dashboards in Kibana

kibana_user

Load index lifecycle policies and use index lifecycle management

auditbeat_ilm [4]

To create the user-defined roles shown here, see Configure authentication credentials and Grant users access to Auditbeat indices. You may want to define additional roles to provide more restrictive access.

[4] These roles are user-defined.
« Configure Auditbeat to use X-Pack security Configure authentication credentials »