diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index 6177329089bd..89733761f3dc 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -420,7 +420,19 @@ static RoleDescriptor kibanaSystem(String name) { // For source indices of the Cloud Detection & Response (CDR) packages that ships a // transform RoleDescriptor.IndicesPrivileges.builder() - .indices("logs-wiz.vulnerability-*", "logs-wiz.cloud_configuration_finding-*", "logs-aws.securityhub_findings-*") + .indices( + "logs-wiz.vulnerability-*", + "logs-wiz.cloud_configuration_finding-*", + "logs-google_scc.finding-*", + "logs-aws.securityhub_findings-*", + "logs-aws.inspector-*", + "logs-amazon_security_lake.findings-*", + "logs-qualys_vmdr.asset_host_detection-*", + "logs-tenable_sc.vulnerability-*", + "logs-tenable_io.vulnerability-*", + "logs-rapid7_insightvm.vulnerability-*", + "logs-carbon_black_cloud.asset_vulnerability_summary-*" + ) .privileges("read", "view_index_metadata") .build(), // For alias indices of the Cloud Detection & Response (CDR) packages that ships a diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 54a5678579ce..a476bbfb229f 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1612,7 +1612,15 @@ public void testKibanaSystemRole() { Arrays.asList( "logs-wiz.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)), "logs-wiz.cloud_configuration_finding-" + randomAlphaOfLength(randomIntBetween(0, 13)), - "logs-aws.securityhub_findings-" + randomAlphaOfLength(randomIntBetween(0, 13)) + "logs-google_scc.finding-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-aws.securityhub_findings-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-aws.inspector-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-amazon_security_lake.findings-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-qualys_vmdr.asset_host_detection-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-tenable_sc.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-tenable_io.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-rapid7_insightvm.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "logs-carbon_black_cloud.asset_vulnerability_summary-" + randomAlphaOfLength(randomIntBetween(0, 13)) ).forEach(indexName -> { final IndexAbstraction indexAbstraction = mockIndexAbstraction(indexName); assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(indexAbstraction), is(false));