Elastic Defend feature privilegesedit

You can create user roles and define privileges to manage feature access in Kibana. This allows you to use the principle of least privilege while managing access to Elastic Defend’s features.

Roles and privileges are configured in Stack ManagementRoles in Kibana. For more details on using this UI, refer to Kibana privileges.

Elastic Defend’s feature privileges must be assigned to All Spaces. You can’t assign them to an individual Kibana space.

To grant access, set the privileges for the following sub-features under the Security feature in the Kibana privileges configuration UI:

Configuring privileges in Kibana

Response Actions History

Allow users to access the response actions history for endpoints.

  • All: Users can view the response actions history and perform any available actions.
  • Read: Users can view the response actions history.

Host Isolation

Allow users to isolate and release hosts.

Process Operations

Allow users to perform response actions related to host processes, including processes, kill-process, and suspend-process.