Loading

Security Solution settings in Kibana

Configure the following Security Solution settings in the kibana.yml file:

Cloud Security Posture settings

xpack.cloudSecurityPosture.enabled

Supported on:

Set to false to disable the Kibana UI for Elastic's Cloud Security Posture solution, which provides compliance checks on Cloud and Kubernetes environments.

Datatype: bool

Default: true

Value lists settings

xpack.lists.maxImportPayloadBytes

Supported on:

Sets the maximum number of bytes allowed for uploading Security Solution value lists. For every 10 MB, it is recommended to have an additional 1 GB of RAM reserved for Kibana.

Datatype: int

Default: 9000000

xpack.lists.importBufferSize

Supported on:

Sets the buffer size used for uploading Security Solution value lists. Increase the value to improve upload throughput at the expense of higher Kibana memory usage; decrease it to reduce memory usage at the cost of throughput.

Datatype: int

Default: 1000

Elastic Defend settings

xpack.securitySolution.maxUploadResponseActionFileBytes

Supported on:

Allow to configure the max file upload size for use with the Upload File Response action available with the Defend Integration. To learn more, check Endpoint Response actions.

Datatype: int

xpack.securitySolution.disableEndpointRuleAutoInstall

Supported on:

Set to true to disable the automatic installation of Elastic Defend SIEM rules when a new Endpoint integration policy is created.

Datatype: bool

Default: false

xpack.securitySolution.maxEndpointScriptFileSize

Supported on:

The maximum file size in bytes for scripts uploaded to the Elastic Defend script library. Default is 26214400 (25MB).

Datatype: int

Default: 26214400

Experimental features

xpack.securitySolution.enableExperimental

Supported on:

A list of experimental feature flags to enable.

Datatype: array of strings

Note

Experimental features should not be enabled in production environments. Experimental features may be changed or removed completely in future releases. Elastic will make a best effort to fix any issues, but experimental features are not supported to the same level as generally available (GA) features.

xpack.securitySolution.enableExperimental:
  - sentinelRulesMigration