[Auditbeat] Update documentation for datasets to list required priviledges
andrewkroh opened this issue · comments
Andrew Kroh commented
For each dataset and auditbeat specific processors, the documentation should list the required privileges (e.g. must be root user?, required linux capabilities, must in in host namespace, etc). This will help users implement the least privileges in their deployments as well as understand what is needed when running Auditbeat in a container.
The Running in Docker topic should be updated to refer to these new sections.
Elastic Machine commented
Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)
Elastic Machine commented
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)