This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.

« Get started with CSPM for Azure Findings page »

› › ›

CSPM privilege requirements

edit

CSPM privilege requirements

edit

This page lists required privileges for Elastic Security’s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below.

Read

edit

Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard.

Elasticsearch index privileges

edit

Read privileges for the following Elasticsearch indices:

logs-cloud_security_posture.findings_latest-*
logs-cloud_security_posture.scores-*

Kibana privileges

edit

Security: Read

Write

edit

Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules.

Elasticsearch index privileges

edit

Read privileges for the following Elasticsearch indices:

logs-cloud_security_posture.findings_latest-*
logs-cloud_security_posture.scores-*

Kibana privileges

edit

Security: All

Manage

edit

Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets.

Elasticsearch index privileges

edit

Read privileges for the following Elasticsearch indices:

logs-cloud_security_posture.findings_latest-*
logs-cloud_security_posture.scores-*

Kibana privileges

edit

Security: All
Spaces: All
Fleet: All
Integrations: All

« Get started with CSPM for Azure Findings page »