Have an env with ingested CSPM data, eg. AWS CSPM integration installed.
Make sure the data is present in the logs-cloud_security_posture.findings-* and in the logs-cloud_security_posture.findings_latest-* indexes
Create a new role with all privileges for all spaces in Kibana and with read privileges for logs-cloud_security_posture.findings-*, logs-cloud_security_posture.findings_latest-* and logs-cloud_security_posture.scores-* indexes/data streams
Navigate to Dashboard -> Cloud Security Posture or to Findings -> Misconfigurations
On the dashboard you will see Internal Server Error 500: An error occurred while trying to fetch csp settings: Unable to get cloud-security-posture-settings, 403 erorr
Expected behavior:
no error, dashboard and findings page should display the data
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context:
This most likely is due to the changes introduced in 8.13 around benchmark rules with a new Saved Objected implemented to store the rules settings
More context from @kfirpeled
here you can see that encryptedSavedObjects is based on user’s credentials
and here it is being used to read the settings. The fault here that I would fix is that cspContext should not determine client or internal user usage. Either provide a proper name for each client with a suffix or allow it to be picked each usage, like esClient
Kibana version: 8.13.2
Elasticsearch version: 8.13.2
Server OS version:
Browser version:
Browser OS version:
Original install method (e.g. download page, yum, from source, etc.): ESS
Describe the bug: A user with access to Kibana Security and read privileges for ES indexes described in https://www.elastic.co/guide/en/security/8.12/cspm-get-started.html don't have access to the Misconfiguration Findings and to CSP dashboard
Steps to reproduce:
logs-cloud_security_posture.findings-*and in thelogs-cloud_security_posture.findings_latest-*indexesallprivileges for all spaces in Kibana and withreadprivileges forlogs-cloud_security_posture.findings-*,logs-cloud_security_posture.findings_latest-*andlogs-cloud_security_posture.scores-*indexes/data streamsOn the dashboard you will see
Internal Server Error 500: An error occurred while trying to fetch csp settings: Unable to get cloud-security-posture-settings, 403erorrExpected behavior: no error, dashboard and findings page should display the data
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context: This most likely is due to the changes introduced in 8.13 around benchmark rules with a new Saved Objected implemented to store the rules settings More context from @kfirpeled
@elastic/kibana-cloud-security-posture