[BUG] Missing indices / datastreams in Threat Intellignce - Configure logs scan #1353
Comments
|
@opensearch-project/admin could we transfer this to security analytics plugin? |
|
@Psych0meter Indices starting with These indices are not searchable by regular users and there are additional protections in place for these indices that prevents any regular users from performing administrative operations (like delete) or writing to these indices. |
|
@cwperks so how can I use Datastreams in Threat Intelligence ? Indices created by datastreams are all named .ds-DATASTREAM_NAME-xxx, and datastreams themselves are not displayed in the dropdown list. All my logs are stored in OpenSearch through dedicated datastreams |
|
Same issue in 2.18 |
What is the bug?
I only have access to security-auditlog-* indices in Select Index/Aliases in Configure logs scan (Threat Intelligence)
How can one reproduce the bug?
Steps to reproduce the behavior:
Go to 'Security Analytics --> Threat Intelligence --> Configure scan'
Click on 'Select Indexes/Aliases'
Datastreams and indices starting with '.' are not displayed
What is the expected behavior?
A clear and concise description of what you expected to happen.
What is your host/environment?
OS: Debian 12
Version 2.16 and 2.17
Plugins
Do you have any additional context?
It seems that there is an issue with Datastreams and Indices starting with
.(so it's impossible to add indices created by datastreams)It's recommended to use Aliases and Datastreams, but none of them are displayed in the dropdown list...
Aliases and data streams are recommended for optimal threat intel scans.
The text was updated successfully, but these errors were encountered: