Security Solution settings in Kibana
Configure the following Security Solution settings in the kibana.yml file:
Cloud Security Posture settings
- xpack.cloudSecurityPosture.enabled
-
Supported on:
Set to
falseto disable the Kibana UI for Elastic's Cloud Security Posture solution, which provides compliance checks on Cloud and Kubernetes environments.Datatype:
boolDefault:
true
Value lists settings
- xpack.lists.maxImportPayloadBytes
-
Supported on:
Sets the maximum number of bytes allowed for uploading Security Solution value lists. For every 10 MB, it is recommended to have an additional 1 GB of RAM reserved for Kibana.
Datatype:
intDefault:
9000000 - xpack.lists.importBufferSize
-
Supported on:
Sets the buffer size used for uploading Security Solution value lists. Increase the value to improve upload throughput at the expense of higher Kibana memory usage; decrease it to reduce memory usage at the cost of throughput.
Datatype:
intDefault:
1000
Elastic Defend settings
- xpack.securitySolution.maxUploadResponseActionFileBytes
-
Supported on:
Configure the maximum file size for use with the
uploadresponse action available with the Elastic Defend integration. To learn more, check Endpoint response actions.The default and maximum values vary by version:
-
Default: 500000000bytes (500 MB). Maximum: no limit. -
Default: 26214400bytes (25 MB). Maximum:104857600bytes (100 MB).
Datatype:
intNoteSetting this value too high may cause timeouts, depending on your cluster's setup and resources.
-
- xpack.securitySolution.disableEndpointRuleAutoInstall
-
Supported on:
Set to
trueto disable the automatic installation of Elastic Defend SIEM rules when a new Endpoint integration policy is created.Datatype:
boolDefault:
false - xpack.securitySolution.maxEndpointScriptFileSize
-
Supported on:
The maximum file size in bytes for scripts uploaded to the Elastic Defend script library. Default is
26214400(25MB).Datatype:
intDefault:
26214400
Experimental features
- xpack.securitySolution.enableExperimental
-
Supported on:
A list of experimental feature flags to enable.
Datatype:
array of stringsNoteExperimental features should not be enabled in production environments. Experimental features may be changed or removed completely in future releases. Elastic will make a best effort to fix any issues, but experimental features are not supported to the same level as generally available (GA) features.
xpack.securitySolution.enableExperimental: - sentinelRulesMigration