Role Based Access Control to Wazuh Indexer resources

[AlexRuiz7]

Description

On Wazuh 5, we are relying heavily on Indexer as the main data storage. That data needs to be properly secured, so only specific users are granted the permissions to read and/or write to the indices.

For example, while regular users may be allowed to read agents' inventory data, only the Wazuh Server should be allowed to write to the wazuh-states-inventory-* indices.

In order to implement this Role Based Accessed Control over Wazuh resources on the Indexer, we need to first identify these users and roles, create them in second place, and finally perform E2E tests where every actor is granted the required permissions for proper operation within Wazuh, while using the most restrictive permissions possible.

Functional requirements

• Wazuh Indexer provides a set of users and roles by default for other Wazuh components accessing the Indexer, granting the most restrictive permissions as possible without hindering their proper operation.

Implementation restrictions

• On this issue, we are referring to users and roles from Indexer (OpenSearch security plugin).

Plan

• Identify users and the required permissions for them.
• Creation of users and roles.
• Provide users for the Wazuh components accessing Indexer's resources (Wazuh Server, Engine, ...)
• Testing.