IT Hygiene

[pdnb]

Hi i just upgrade wazuh 4.13.0 and i use RBAC to control users. how to setup permission for IT Hygiene module ?

i try setup 

wazuh-states-inventory-*  for role on index side , but without success

[Luis Enrique Chico Capistrano]

Hi pdnb,
Please allow me some time; I will try to reproduce the issue and get back to you with an update as soon as possible.

[pdnb]

that perms :

give me access to Dashboard in IT Higiene - rest are inaccessible with :

[Luis Enrique Chico Capistrano]

Hi, thanks for the feedback.
I've asked the team for some help here, as I was trying to reproduce and solve the issue. I'll get back to you as soon as I have news.

[Luis Enrique Chico Capistrano]

Hi,

I followed the guide "Creating and setting a Wazuh read-only user" to configure the user, which allowed me to view the IT Hygiene module and the rest of the interface.

I'm not sure if you are looking for any kind of restriction, but if that is the case, could you provide more details?

 

[pdnb]

Thanks for the quick reply. Unfortunately, I can't do exactly the same thing because I have different indexes and different team members with different levels of access to the indexes, so * is out of the question. I have the configuration below and currently do not have access to IT Hygiene>System>Hardware and Software>Windows KBs.
Below my config :
{
  "wazuh_operator": {
    "reserved": false,
    "hidden": false,
    "cluster_permissions": [
      "cluster_composite_ops_ro"
    ],
    "index_permissions": [
      {
        "index_patterns": [
          "wazuh-states-*",
          "wazuh-alerts-*",
          "wazuh-statistics*",
          ".*"
        ],
        "dls": "",
        "fls": [],
        "masked_fields": [],
        "allowed_actions": [
          "read"
        ]
      }
    ],
    "tenant_permissions": [
      {
        "tenant_patterns": [
          "global_tenant"
        ],
        "allowed_actions": [
          "kibana_all_read"
        ]
      }
    ],
    "static": false

[Luis Enrique Chico Capistrano]

Hi, 

I was able to reproduce the issue. I've notified the team for help and will share an update as soon as I have news.

[Luis Enrique Chico Capistrano]

Hi pndb,

Finally, I was able to make it work! To do that, I added the following permission: indices:data/write/index

[Luis Enrique Chico Capistrano]

You could also add permissions to wazuh-monitoring*. For more information, please refer to the following document.

[Paweł Wiśniewski]

Still nothing :

i dont get it - how it cannot show what index has an issue - i know that is OpenSearch issue ;) 

--
You received this message because you are subscribed to a topic in the Google Groups "Wazuh | Mailing List" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/q92630WP-pA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wazuh/e2ae94fb-dd23-44bb-95a7-649e67d06166n%40googlegroups.com.

--

------

Pozdrawiam

Paweł

[pdnb]

i add  wazuh-monitoring*  perms and still nothing changed

[pdnb]

ok , some kind of progress , with that perms :


i see : 

but not : 

[Luis Enrique Chico Capistrano]

Hi pdnb,
I was able to reproduce your issue and solved it by adding the wazuh-inventory-* pattern to Index permissions.

[pdnb]

Thx Luis to be patience :) when i was adding wazuh-inventory-* now i have perm as below .  I even restarted indexer - without success , anything was changed  :

[pdnb]

Luis , now issue was cookies - cleaning related to wazuh solve problem . 

Thank for your help !

[pdnb]

issue come back with  wazuh-states-inventory-browser-extensions-* in 4.14.0 , as you can see below i add whole pattern for new index but without any luck :D ( i have previously added wazu-states-* that should be covering new index  ) 

PS. cookies cleaned , dash restarted ;)