Privileged user monitoring requirements
Stack
This page covers the requirements for using the privileged user monitoring feature, as well as its known limitations.
Privileged user monitoring feature requires the appropriate subscription.
To enable this feature, turn on the
securitySolution:enablePrivilegedUserMonitoringadvanced setting.To use these features , your role must have certain privileges.
| Action | Index Privileges | Kibana Privileges |
|---|---|---|
| Enable the privileged user monitoring feature | N/A | All for the Security feature |
| View the Privileged user monitoring dashboard | Read for the following indices:- .entity_analytics.monitoring.users-<space-id>- risk-score.risk-score-*- .alerts-security.alerts-<space-id>- .ml-anomalies-shared- Security data view indices |
Read for the Security feature |
Currently, none of the privileged user monitoring visualizations support cross-cluster search as part of the data that they query from.
You can define up to 10,000 privileged users per data source.