Indices used by kibana or the security integration.
Kibana event logs which include detection rule execution logs
Metrics of the "Elastic Defend" / "Elastic Endpoint Security" integration
Alerts raised by detection rules
Metadata for files created by fleets -> diagnostics exports (>= 8.7.0)
Metadata for files created by the endpoint integration