opensearch-project / security-analytics

Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
Apache License 2.0
72 stars 74 forks source link

[BUG] Missing indices / datastreams in Configure logs scan #1329

Open Psych0meter opened 1 month ago

Psych0meter commented 1 month ago

What is the bug? I only have access to security-auditlog-* indices in Select Index/Aliases in Configure logs scan

How can one reproduce the bug? Steps to reproduce the behavior:

  1. Go to 'Security Analytics --> Threat Intelligence --> Configure scan'
  2. Click on 'Select Indexes/Aliases'
  3. Datastreams and indices starting with '.' are not displayed

What is the expected behavior? A clear and concise description of what you expected to happen.

What is your host/environment?

Do you have any additional context? It seems that there is an issue with Datastreams and Indices starting with . (so it's impossible to add indices created by datastreams) It's recommended to use Aliases and Datastreams, but none of them are displayed in the dropdown list... [Aliases](https://opensearch.org/docs/latest/im-plugin/index-alias) and [data streams](https://opensearch.org/docs/latest/im-plugin/data-streams/) are recommended for optimal threat intel scans.

dblock commented 3 weeks ago

[Catch All Triage - 1, 2, 3, 4]