I am using OpenSearch as a part of my Wazuh installation. In order to ensure integrity of the logs in the database, I wanted to make the default indices, wazuh-alerts-*, as append-only. This way I could guarantee that logs are not modified by an attacker, either internal or external. Of course, indice management policy can and should modify the indices to cold state and delete the logs, as the only exception.
But until now, I can only find that a 3rd party can provide the immutable index capability. Is it possible to configure it using native capabilities like permissions and other advanced configurations?