Defining X-Pack users
Using the X-Pack Security plugin and its RBAC features, we can define user roles to determine who can use the app or see specific index patterns. Below you’ll find a summary table of what we need to configure for the app to work properly. The following sections describe briefly what each role can do.
User |
Roles |
|---|---|
Kibana system user |
wazuh-admin, kibana_system |
Wazuh administrator user |
wazuh-basic, wazuh-api-admin |
Wazuh standard user #1, Wazuh standard user #2… |
wazuh-basic |
Kibana system user
This user is based on the pre-built role named kibana_system, but it must be able to fetch and write data to Wazuh indices too.
To do so, we’ll define another role called wazuh-admin to handle data related to Wazuh.
Defining the
wazuh-adminrole:At cluster level, it will need the following privileges:
Cluster privileges
Check
manage
Yes
manage_index_templates
Yes
At index level, it will need the following privileges:
Indices
Privileges
.old-wazuh
all
.wazuh
all
.wazuh-version
all
wazuh-*
all
Wazuh administrator user
This user will be able to login into Kibana UI, navigate through the Wazuh app and also add/delete Wazuh API entries.
Note
This user will use two roles: wazuh-basic and wazuh-api-admin. The wazuh-basic role will be used to handle data related to Wazuh and the wazuh-api-admin role will be used to add/delete Wazuh API entries.
Defining the
wazuh-basicrole:At cluster level, it won’t need any privileges. At index level, it will need the following privileges:
Indices
Privileges
.kibana
read
.wazuh
read
.wazuh-version
read
wazuh-alerts-3.x-*
read
wazuh-monitoring-3.x-*
read
Defining the
wazuh-api-adminrole:At cluster level, it won’t need any privileges. At index level, it will need the following privileges:
Indices
Privileges
.wazuh
all