[BUG] Missing indices / datastreams in Threat Intellignce - Configure logs scan

[Psych0meter]

What is the bug?
I only have access to security-auditlog-* indices in Select Index/Aliases in Configure logs scan (Threat Intelligence)

How can one reproduce the bug?
Steps to reproduce the behavior:

Go to 'Security Analytics --> Threat Intelligence --> Configure scan'
Click on 'Select Indexes/Aliases'
Datastreams and indices starting with '.' are not displayed
What is the expected behavior?
A clear and concise description of what you expected to happen.

What is your host/environment?

OS: Debian 12
Version 2.16 and 2.17
Plugins
Do you have any additional context?
It seems that there is an issue with Datastreams and Indices starting with . (so it's impossible to add indices created by datastreams)
It's recommended to use Aliases and Datastreams, but none of them are displayed in the dropdown list...
Aliases and data streams are recommended for optimal threat intel scans.

[ananzh]

@opensearch-project/admin could we transfer this to security analytics plugin?

[cwperks]

@Psych0meter Indices starting with . are system indices which plugins can use to store metadata associated with their plugin. For instance, the security index (.opendistro_security) stores security config such internal_users, roles and roles mappings.

These indices are not searchable by regular users and there are additional protections in place for these indices that prevents any regular users from performing administrative operations (like delete) or writing to these indices.

[Psych0meter]

@cwperks so how can I use Datastreams in Threat Intelligence ? Indices created by datastreams are all named .ds-DATASTREAM_NAME-xxx, and datastreams themselves are not displayed in the dropdown list. All my logs are stored in OpenSearch through dedicated datastreams

[dblock]

[Catch All Triage - 1, 2]