From bd79b8162527428d9ea4455ad1d45038f74d8fbb Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 3 Dec 2024 15:00:53 -0800 Subject: [PATCH 1/4] Creates CSPM privileges standalone page --- .../cloud-native-security-index.asciidoc | 1 + .../cspm-get-started-aws.asciidoc | 9 +-- .../cspm-get-started-azure.asciidoc | 9 +-- .../cspm-get-started-gcp.asciidoc | 9 +-- .../cspm-permissions.asciidoc | 61 +++++++++++++++++++ 5 files changed, 65 insertions(+), 24 deletions(-) create mode 100644 docs/cloud-native-security/cspm-permissions.asciidoc diff --git a/docs/cloud-native-security/cloud-native-security-index.asciidoc b/docs/cloud-native-security/cloud-native-security-index.asciidoc index 742149aa26..935c121a8b 100644 --- a/docs/cloud-native-security/cloud-native-security-index.asciidoc +++ b/docs/cloud-native-security/cloud-native-security-index.asciidoc @@ -41,6 +41,7 @@ include::cspm.asciidoc[leveloffset=+1] include::cspm-get-started-aws.asciidoc[leveloffset=+2] include::cspm-get-started-gcp.asciidoc[leveloffset=+2] include::cspm-get-started-azure.asciidoc[leveloffset=+2] +include::cspm-permissions.asciidoc[leveloffset=+2] include::cspm-findings.asciidoc[leveloffset=+2] include::cspm-benchmark-rules.asciidoc[leveloffset=+2] include::cspm-cloud-posture-dashboard.asciidoc[leveloffset=+2] diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 9ac8268747..4bc8f107a7 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [sidebar] -- +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support]. -* `Read` privileges for the following {es} indices: -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -* The following {kib} privileges: -** Security: `Read` -** Integrations: `Read` -** Saved Objects Management: `Read` -** Fleet: `All` * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`. -- diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc index 865ebf02b0..4e78781323 100644 --- a/docs/cloud-native-security/cspm-get-started-azure.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-azure.asciidoc @@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [sidebar] -- +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support]. -* `Read` privileges for the following {es} indices: -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -* The following {kib} privileges: -** Security: `Read` -** Integrations: `Read` -** Saved Objects Management: `Read` -** Fleet: `All` * The user who gives the CSPM integration permissions in Azure must be an Azure subscription `admin`. -- diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc index 30d34c74c0..dc5bfca23b 100644 --- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc @@ -10,17 +10,10 @@ This page explains how to get started monitoring the security posture of your GC .Requirements [sidebar] -- +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * The CSPM integration is available to all {ecloud} users. On-premise deployments require an https://www.elastic.co/pricing[Enterprise subscription]. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported. https://github.com/elastic/kibana/issues/new/choose[Click here to request support]. -* `Read` privileges for the following {es} indices: -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -* The following {kib} privileges: -** Security: `Read` -** Integrations: `Read` -** Saved Objects Management: `Read` -** Fleet: `All` * The user who gives the CSPM integration GCP permissions must be a GCP project `admin`. -- diff --git a/docs/cloud-native-security/cspm-permissions.asciidoc b/docs/cloud-native-security/cspm-permissions.asciidoc new file mode 100644 index 0000000000..390a6581ba --- /dev/null +++ b/docs/cloud-native-security/cspm-permissions.asciidoc @@ -0,0 +1,61 @@ +[[cspm-required-permissions]] += CSPM privilege requirements + +This page lists required privilges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below. + +[discrete] +== Read + +Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: Read` + + +[discrete] +== Write + +Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: All` + + +[discrete] +== Manage + +Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: All` +* `Spaces: All` +* `Fleet: All` +* `Integrations: All` + From 64ebd7f46ea795a313ff57a738c90eba08159db2 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 5 Dec 2024 12:24:49 -0800 Subject: [PATCH 2/4] ports updates to serverless --- .../cspm-get-started-azure.asciidoc | 6 +- .../cspm-get-started-gcp.asciidoc | 6 +- .../cspm-get-started.asciidoc | 6 +- .../cspm-permissions.asciidoc | 61 +++++++++++++++++++ docs/serverless/index.asciidoc | 1 + 5 files changed, 65 insertions(+), 15 deletions(-) create mode 100644 docs/serverless/cloud-native-security/cspm-permissions.asciidoc diff --git a/docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc index b04d071412..af4ef43ea4 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc +++ b/docs/serverless/cloud-native-security/cspm-get-started-azure.asciidoc @@ -14,13 +14,9 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [NOTE] ==== +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported (https://github.com/elastic/kibana/issues/new/choose[request support]). -* To view posture data, you need `read` privileges for the following {es} indices: -+ -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -** `logs-cloud_security_posture.findings` * The user who gives the CSPM integration permissions in Azure must be an Azure subscription `admin`. ==== diff --git a/docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc index 2f72852609..766a5ccff0 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc +++ b/docs/serverless/cloud-native-security/cspm-get-started-gcp.asciidoc @@ -14,13 +14,9 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [NOTE] ==== +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported (https://github.com/elastic/kibana/issues/new/choose[request support]). -* To view posture data, you need the appropriate user role to read the following {es} indices: -+ -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -** `Logs-cloud_security_posture.findings` * The user who gives the CSPM integration GCP permissions must be a GCP project `admin`. ==== diff --git a/docs/serverless/cloud-native-security/cspm-get-started.asciidoc b/docs/serverless/cloud-native-security/cspm-get-started.asciidoc index aad18b1033..c586b1964f 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started.asciidoc +++ b/docs/serverless/cloud-native-security/cspm-get-started.asciidoc @@ -14,13 +14,9 @@ This page explains how to get started monitoring the security posture of your cl .Requirements [NOTE] ==== +* Minimum privileges vary depending on whether you need to read, write, or manage CSPM data and integrations. Refer to <>. * CSPM only works in the `Default` {kib} space. Installing the CSPM integration on a different {kib} space will not work. * CSPM is supported only on AWS, GCP, and Azure commercial cloud platforms, and AWS GovCloud. Other government cloud platforms are not supported (https://github.com/elastic/kibana/issues/new/choose[request support]). -* To view posture data, you need the appropriate user role to read the following {es} indices: -+ -** `logs-cloud_security_posture.findings_latest-*` -** `logs-cloud_security_posture.scores-*` -** `Logs-cloud_security_posture.findings` * The user who gives the CSPM integration AWS permissions must be an AWS account `admin`. ==== diff --git a/docs/serverless/cloud-native-security/cspm-permissions.asciidoc b/docs/serverless/cloud-native-security/cspm-permissions.asciidoc new file mode 100644 index 0000000000..390a6581ba --- /dev/null +++ b/docs/serverless/cloud-native-security/cspm-permissions.asciidoc @@ -0,0 +1,61 @@ +[[cspm-required-permissions]] += CSPM privilege requirements + +This page lists required privilges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below. + +[discrete] +== Read + +Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: Read` + + +[discrete] +== Write + +Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: All` + + +[discrete] +== Manage + +Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. + +[discrete] +=== {es} index privileges +`Read` privileges for the following {es} indices: + +* `logs-cloud_security_posture.findings_latest-*` +* `logs-cloud_security_posture.scores-*` + +[discrete] +=== {kib} privileges + +* `Security: All` +* `Spaces: All` +* `Fleet: All` +* `Integrations: All` + diff --git a/docs/serverless/index.asciidoc b/docs/serverless/index.asciidoc index c6b58e67b0..056e164581 100644 --- a/docs/serverless/index.asciidoc +++ b/docs/serverless/index.asciidoc @@ -88,6 +88,7 @@ include::./cloud-native-security/cspm.asciidoc[leveloffset=+3] include::./cloud-native-security/cspm-get-started.asciidoc[leveloffset=+4] include::./cloud-native-security/cspm-get-started-gcp.asciidoc[leveloffset=+4] include::./cloud-native-security/cspm-get-started-azure.asciidoc[leveloffset=+4] +include::./cloud-native-security/cspm-permissions.asciidoc[leveloffset=+4] include::./cloud-native-security/cspm-findings-page.asciidoc[leveloffset=+4] include::./cloud-native-security/benchmark-rules.asciidoc[leveloffset=+4] include::./cloud-native-security/cspm-cloud-posture-dashboard-dash.asciidoc[leveloffset=+4] From cd0cccf02ddd474f8990c68cd4a29f976175d6bb Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Fri, 6 Dec 2024 09:08:11 -0800 Subject: [PATCH 3/4] Apply suggestions from code review Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com> --- docs/cloud-native-security/cspm-permissions.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/cloud-native-security/cspm-permissions.asciidoc b/docs/cloud-native-security/cspm-permissions.asciidoc index 390a6581ba..ab70d527e5 100644 --- a/docs/cloud-native-security/cspm-permissions.asciidoc +++ b/docs/cloud-native-security/cspm-permissions.asciidoc @@ -1,12 +1,12 @@ [[cspm-required-permissions]] = CSPM privilege requirements -This page lists required privilges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below. +This page lists required privileges for {elastic-sec}'s CSPM features. There are three access levels: read, write, and manage. Each access level and its requirements are described below. [discrete] == Read -Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard. +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard. [discrete] === {es} index privileges From 23d9a754f8e468a1734e3405710380fd27e5187e Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:20:09 -0800 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> --- docs/cloud-native-security/cspm-permissions.asciidoc | 4 ++-- .../cloud-native-security/cspm-permissions.asciidoc | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/cloud-native-security/cspm-permissions.asciidoc b/docs/cloud-native-security/cspm-permissions.asciidoc index ab70d527e5..c79a6fd36c 100644 --- a/docs/cloud-native-security/cspm-permissions.asciidoc +++ b/docs/cloud-native-security/cspm-permissions.asciidoc @@ -24,7 +24,7 @@ Users with these minimum permissions can view data on the **Findings** page and [discrete] == Write -Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. [discrete] === {es} index privileges @@ -42,7 +42,7 @@ Users with these minimum permissions can view data on the Findings page and the [discrete] == Manage -Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. [discrete] === {es} index privileges diff --git a/docs/serverless/cloud-native-security/cspm-permissions.asciidoc b/docs/serverless/cloud-native-security/cspm-permissions.asciidoc index 390a6581ba..56459ec6b3 100644 --- a/docs/serverless/cloud-native-security/cspm-permissions.asciidoc +++ b/docs/serverless/cloud-native-security/cspm-permissions.asciidoc @@ -6,7 +6,7 @@ This page lists required privilges for {elastic-sec}'s CSPM features. There are [discrete] == Read -Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard. +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard. [discrete] === {es} index privileges @@ -24,7 +24,7 @@ Users with these minimum permissions can view data on the Findings page and the [discrete] == Write -Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, and enable or disable benchmark rules. [discrete] === {es} index privileges @@ -42,7 +42,7 @@ Users with these minimum permissions can view data on the Findings page and the [discrete] == Manage -Users with these minimum permissions can view data on the Findings page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. +Users with these minimum permissions can view data on the **Findings** page and the Cloud Posture dashboard, create detection rules from the findings details flyout, enable or disable benchmark rules, and install, update, or uninstall CSPM integrations and assets. [discrete] === {es} index privileges