Siren Platform User Guide

Elasticsearch security

Since Elasticsearch 6.5, action names need to follow a naming convention in order to facilitate the definition of action groups in security plugins such as X-Pack Security or Search Guard. As a consequence, customized roles need to be updated to use new action names. A description of the new actions is available in Section Federate - Setup Security .

To coincide with that required change, default roles have been renamed for clarity. This is also detailed in the referenced section above.

Access control list (ACL) roles are based on backend roles defined by a security system like X-Pack Security or Search Guard. With the naming change detailed above, ACL roles may have to be updated accordingly. This can be done by logging as a user with admin privileges and editing the ACL roles. See Search Guard Integration and Siren Investigate access control] for more information.