[ExtraHop][Qualys GAV] - Fix Cannot execute ILM policy delete step

[ShourieG]

This PR focuses on the short term solution which add the logs-extrahop.investigation-* and logs-qualys_gav.asset-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PRs.

Current behavior:

• It shows permission issue while deleting the index

For Qualys GAV:

{
  "failed_step": "delete",
  "step_info": {
    "type": "security_exception",
    "reason": "action [indices:admin/delete] is unauthorized for user [found-internal-kibana4-server] with effective roles [found-internal-kibana4-server,kibana_system] on indices [.ds-logs-qualys_gav.asset-default-2025.07.24-000001], this action is granted by the index privileges [delete_index,manage,all]"
  }
}

For ExtraHop:

{
  "failed_step": "delete",
  "step_info": {
    "type": "security_exception",
    "reason": "action [indices:admin/delete] is unauthorized for user [found-internal-kibana4-server] with effective roles [found-internal-kibana4-server, kibana_system] on indices [.ds-logs-extrahop.investigation-default-2025.07.23-000001], this action is granted by the index privileges [delete_index, manage, all]"
  }
}

Closes - #131825
Similar Issues : elastic/kibana#197390, #116982

[elasticsearchmachine]

Pinging @elastic/es-security (Team:Security)

[kcreddy]

@ShourieG, can create a new list as this list for 3rd party integrations required for CDR workflow.

Say: 245d69d and with comments to your usecase.

[ShourieG]

thanks, this makes sense

[gmarouli]

Hi @ShourieG , I do not think that I am qualified to review this, it looks like github has already selected the a team to review.

My only comment is the wrong version. I removed the 8.18.0 and put back the 9.2.0. Changes in this branch only make it to 9.2.0, if you need it backported to other versions let me know and I can add the necessary the labels.