« Get started with CSPM for Azure Findings page »
Elastic Docs Serverless Elastic Security Serverless Cloud Security Cloud security posture management

CSPM privilege requirements

edit

CSPM privilege requirements

edit

This page lists required privilges for Elastic Security’s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below.

Read
edit

Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard.

Elasticsearch index privilegesedit

Read privileges for the following Elasticsearch indices:

  • logs-cloud_security_posture.findings_latest-*
  • logs-cloud_security_posture.scores-*
Kibana privilegesedit
  • Security: Read
Write
edit

Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules.

Elasticsearch index privilegesedit

Read privileges for the following Elasticsearch indices:

  • logs-cloud_security_posture.findings_latest-*
  • logs-cloud_security_posture.scores-*
Kibana privilegesedit
  • Security: All
Manage
edit

Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets.

Elasticsearch index privilegesedit

Read privileges for the following Elasticsearch indices:

  • logs-cloud_security_posture.findings_latest-*
  • logs-cloud_security_posture.scores-*
Kibana privilegesedit
  • Security: All
  • Spaces: All
  • Fleet: All
  • Integrations: All
« Get started with CSPM for Azure Findings page »