Loading

Security Solution settings in Kibana

Configure the following Security Solution settings in the kibana.yml file:

Cloud Security Posture settings

xpack.cloudSecurityPosture.enabled

Supported on:

Set to false to disable the Kibana UI for Elastic's Cloud Security Posture solution, which provides compliance checks on Cloud and Kubernetes environments.

Datatype: bool

Default: true

Value lists settings

xpack.lists.maxImportPayloadBytes

Supported on:

Sets the maximum number of bytes allowed for uploading Security Solution value lists. For every 10 MB, it is recommended to have an additional 1 GB of RAM reserved for Kibana.

Datatype: int

Default: 9000000

xpack.lists.importBufferSize

Supported on:

Sets the buffer size used for uploading Security Solution value lists. Increase the value to improve upload throughput at the expense of higher Kibana memory usage; decrease it to reduce memory usage at the cost of throughput.

Datatype: int

Default: 1000

Elastic Defend settings

xpack.securitySolution.maxUploadResponseActionFileBytes

Supported on:

Configure the maximum file size for use with the upload response action available with the Elastic Defend integration. To learn more, check Endpoint response actions.

The default and maximum values vary by version:

  • Default: 500000000 bytes (500 MB). Maximum: no limit.
  • Default: 26214400 bytes (25 MB). Maximum: 104857600 bytes (100 MB).

Datatype: int

Note

Setting this value too high may cause timeouts, depending on your cluster's setup and resources.

xpack.securitySolution.disableEndpointRuleAutoInstall

Supported on:

Set to true to disable the automatic installation of Elastic Defend SIEM rules when a new Endpoint integration policy is created.

Datatype: bool

Default: false

xpack.securitySolution.maxEndpointScriptFileSize

Supported on:

The maximum file size in bytes for scripts uploaded to the Elastic Defend script library. Default is 26214400 (25MB).

Datatype: int

Default: 26214400

Experimental features

xpack.securitySolution.enableExperimental

Supported on:

A list of experimental feature flags to enable.

Datatype: array of strings

Note

Experimental features should not be enabled in production environments. Experimental features may be changed or removed completely in future releases. Elastic will make a best effort to fix any issues, but experimental features are not supported to the same level as generally available (GA) features.

xpack.securitySolution.enableExperimental:
  - sentinelRulesMigration