Skip to content

Space awareness for Elastic Defend #1943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 26 commits into from
Jul 18, 2025
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
4e7c531
Space awareness for Elastic Defend
benironside Jun 26, 2025
c75fdb6
Update elastic-defend-feature-privileges.md
benironside Jun 26, 2025
e5b240a
fixes links
benironside Jun 26, 2025
caa272f
Apply suggestions from code review
benironside Jun 27, 2025
7d63e08
Merge branch 'main' into 1760-space-awareness-security
benironside Jul 1, 2025
2e57898
adds new draft page FAQ
benironside Jul 9, 2025
f8235ab
Merge branch 'main' into 1760-space-awareness-security
benironside Jul 9, 2025
a4b0d4a
fixes anchor link
benironside Jul 9, 2025
003302b
Update spaces-security-faq.md
benironside Jul 9, 2025
048a19b
adds link to new FAQ
benironside Jul 9, 2025
bd51ee6
Apply suggestions from code review
benironside Jul 14, 2025
efd9429
Incorporates Paul's initial review
benironside Jul 14, 2025
c449811
fixes broken link
benironside Jul 14, 2025
ff49c2a
incorporates more of Paul's comments
benironside Jul 15, 2025
d77ed70
minor format update
benironside Jul 15, 2025
59c30e0
edits
benironside Jul 15, 2025
472ddb2
Apply suggestions from code review
benironside Jul 17, 2025
776d3b3
Update spaces-defend-faq.md
benironside Jul 17, 2025
c4ec8df
incorporates more of Paul's edits
benironside Jul 17, 2025
3e9bc5a
Merge branch 'main' into 1760-space-awareness-security
benironside Jul 17, 2025
b922d79
fixes broken link
benironside Jul 17, 2025
71b0211
Merge branch '1760-space-awareness-security' of https://github.com/el…
benironside Jul 17, 2025
eb84df6
Update spaces-defend-faq.md
benironside Jul 17, 2025
bd9a7ef
Update solutions/security/get-started/spaces-defend-faq.md
benironside Jul 17, 2025
b71e54a
final proof edit
benironside Jul 17, 2025
2d19b2f
Merge branch 'main' into 1760-space-awareness-security
benironside Jul 17, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,9 @@ You can create user roles and define privileges to manage feature access in {{el
To configure roles and privileges, find **Roles** in the navigation menu or by using the [global search field](/explore-analyze/find-and-organize/find-apps-and-objects.md). For more details on using this UI, refer to [](/deploy-manage/users-roles/cluster-or-deployment-auth/kibana-role-management.md) for {{stack}}, or to [Custom roles](/deploy-manage/users-roles/cloud-organization/user-roles.md) for {{serverless-short}}.

::::{note}
{{elastic-defend}}'s feature privileges must be assigned to **All Spaces**. You can’t assign them to an individual space.
Starting with version 9.1, {{elastic-defend}}'s feature privileges can be assigned on a per-space basis. For information about how to apply permissions to particular spaces, refer to [Fleet roles and privileges](/reference/fleet/fleet-roles-privileges.md).
::::


To grant access, select **All** for the **Security** feature in the **Assign role to space** configuration UI, then turn on the **Customize sub-feature privileges** switch.

::::{important}
Expand Down
6 changes: 5 additions & 1 deletion solutions/security/get-started/spaces-elastic-security.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,11 @@ products:

# Spaces and {{elastic-sec}} [security-spaces]

{{elastic-sec}} supports the organization of your security operations into logical instances with the [spaces](../../../deploy-manage/manage-spaces.md) feature. Each space in {{kib}} represents a separate logical instance of {{elastic-sec}} in which detection rules, rule exceptions, value lists, alerts, Timelines, cases, and {{kib}} advanced settings are private to the space and accessible only by users that have role privileges to access the space. For details about privileges for {{elastic-sec}} and specific features, refer to [{{elastic-sec}} requirements](elastic-security-requirements.md).
{{elastic-sec}} supports the organization of your security operations into logical instances with the [spaces](../../../deploy-manage/manage-spaces.md) feature. Each space in {{kib}} represents a separate logical instance of {{elastic-sec}} in which detection rules, rule exceptions, value lists, alerts, Timelines, cases, and {{kib}} advanced settings are private to the space and accessible only by users that have role privileges to access the space.

::::{note}
Beginning with {{stack}} version 9.1, you can control user access to features in and managed by {{fleet}} (including {{elastic-defend}}) on a per-space basis. This granularity helps you fine-tune which components each user can access and which actions they can perform. To learn more, refer to [Fleet roles and privileges](/reference/fleet/fleet-roles-privileges.md), and [{{elastic-sec}} requirements](elastic-security-requirements.md).
::::

For example, if you create a `SOC_prod` space in which you load and activate all the {{elastic-sec}} prebuilt detection rules, these rules and any detection alerts they generate will be accessible only when visiting the {{security-app}} in the `SOC_prod` space. If you then create a new `SOC_dev` space, you’ll notice that no detection rules or alerts are present. Any rules subsequently loaded or created here will be private to the `SOC_dev` space, and they will run independently of those in the `SOC_prod` space.

Expand Down
Loading