diff --git a/Dockerfile b/Dockerfile
index 4cfa264c6d903725a9775da9daec9dfc4b7695f2..efc2309e3ab0b3e51b0f527b1bb79758f3d02947 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,8 +14,8 @@ RUN yum update --setopt=tsflags=nodocs -y && \
 
 RUN mkdir /usr/share/kibana
 WORKDIR /usr/share/kibana
-COPY --chown=1000:0 kibana-7.12.0-linux-x86_64.tar.gz .
-RUN tar --strip-components=1 -zxf kibana-7.12.0-linux-x86_64.tar.gz
+COPY --chown=1000:0 kibana-7.13.0-linux-x86_64.tar.gz .
+RUN tar --strip-components=1 -zxf kibana-7.13.0-linux-x86_64.tar.gz
 
 # Ensure that group permissions are the same as user permissions.
 # This will help when relying on GID-0 to run Kibana, rather than UID-1000.
diff --git a/bin/kibana-docker b/bin/kibana-docker
index 12752e0624c017fe1e8546c760b1b610c14cbaa4..877be1afeebe898e99ec3e52ff1504e0e732da92 100755
--- a/bin/kibana-docker
+++ b/bin/kibana-docker
@@ -116,12 +116,17 @@ kibana_vars=(
     server.compression.referrerWhitelist
     server.cors
     server.cors.origin
-    server.customResponseHeaders
+    server.securityResponseHeaders.strictTransportSecurity
+    server.securityResponseHeaders.xContentTypeOptions
+    server.securityResponseHeaders.referrerPolicy
+    server.securityResponseHeaders.permissionsPolicy
+    server.securityResponseHeaders.disableEmbedding
     server.customResponseHeaders
     server.defaultRoute
     server.host
     server.keepAliveTimeout
     server.maxPayloadBytes
+    server.maxPayload
     server.name
     server.port
     server.rewriteBasePath
@@ -159,14 +164,22 @@ kibana_vars=(
     xpack.actions.allowedHosts
     xpack.actions.enabled
     xpack.actions.enabledActionTypes
+    xpack.actions.preconfiguredAlertHistoryEsIndex
     xpack.actions.preconfigured
     xpack.actions.proxyHeaders
     xpack.actions.proxyRejectUnauthorizedCertificates
     xpack.actions.proxyUrl
+    xpack.actions.proxyBypassHosts
+    xpack.actions.proxyOnlyHosts
     xpack.actions.rejectUnauthorized
+    xpack.actions.maxResponseContentLength
+    xpack.actions.responseTimeout
     xpack.alerts.healthCheck.interval
     xpack.alerts.invalidateApiKeysTask.interval
     xpack.alerts.invalidateApiKeysTask.removalDelay
+    xpack.alerting.healthCheck.interval
+    xpack.alerting.invalidateApiKeysTask.interval
+    xpack.alerting.invalidateApiKeysTask.removalDelay
     xpack.apm.enabled
     xpack.apm.serviceMapEnabled
     xpack.apm.ui.enabled
@@ -192,6 +205,8 @@ kibana_vars=(
     xpack.fleet.agents.elasticsearch.host
     xpack.fleet.agents.kibana.host
     xpack.fleet.agents.tlsCheckDisabled
+    xpack.fleet.agentPolicies
+    xpack.fleet.packages
     xpack.fleet.registryUrl
     xpack.graph.canEditDrillDownUrls
     xpack.graph.enabled
@@ -214,6 +229,7 @@ kibana_vars=(
     xpack.maps.enabled
     xpack.maps.showMapVisualizationTypes
     xpack.ml.enabled
+    xpack.observability.unsafe.alertingExperience.enabled
     xpack.reporting.capture.browser.autoDownload
     xpack.reporting.capture.browser.chromium.disableSandbox
     xpack.reporting.capture.browser.chromium.inspect
@@ -258,6 +274,7 @@ kibana_vars=(
     xpack.reporting.queue.timeout
     xpack.reporting.roles.allow
     xpack.rollup.enabled
+    xpack.ruleRegistry.unsafe.write.enabled
     xpack.searchprofiler.enabled
     xpack.security.audit.enabled
     xpack.security.audit.appender.type
diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml
index 5f5c37c2047a8dd0cec6acbdf99c6f325446522a..74db93a84d54062244d05e69a38c423972e8b813 100644
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -2,57 +2,57 @@
 apiVersion: v1
 
 # The repository name in registry1, excluding /ironbank/
-name: "elastic/kibana/kibana"
+name: 'elastic/kibana/kibana'
 
 # List of tags to push for the repository in registry1
 # The most specific version should be the first tag and will be shown
 # on ironbank.dsop.io
 tags:
-- "7.12.0"
-- "latest"
+  - '7.13.0'
+  - 'latest'
 
 # Build args passed to Dockerfile ARGs
 args:
-  BASE_IMAGE: "redhat/ubi/ubi8"
-  BASE_TAG: "8.3"
+  BASE_IMAGE: 'redhat/ubi/ubi8'
+  BASE_TAG: '8.3'
 
 # Docker image labels
 labels:
-  org.opencontainers.image.title: "kibana"
-  org.opencontainers.image.description: "Your window into the Elastic Stack."
-  org.opencontainers.image.licenses: "Elastic License"
-  org.opencontainers.image.url: "https://www.elastic.co/products/kibana"
-  org.opencontainers.image.vendor: "Elastic"
-  org.opencontainers.image.version: "7.12.0"
+  org.opencontainers.image.title: 'kibana'
+  org.opencontainers.image.description: 'Your window into the Elastic Stack.'
+  org.opencontainers.image.licenses: 'Elastic License'
+  org.opencontainers.image.url: 'https://www.elastic.co/products/kibana'
+  org.opencontainers.image.vendor: 'Elastic'
+  org.opencontainers.image.version: '7.13.0'
   # mil.dso.ironbank.image.keywords: ""
   # mil.dso.ironbank.image.type: "commercial"
-  mil.dso.ironbank.product.name: "Kibana"
+  mil.dso.ironbank.product.name: 'Kibana'
 
 # List of resources to make available to the offline build context
 resources:
-- filename: kibana-7.12.0-linux-x86_64.tar.gz
-  url: https://artifacts.elastic.co/downloads/kibana/kibana-7.12.0-linux-x86_64.tar.gz
-  validation:
-    type: sha512
-    value: 0b6a9596698c64a65d82cc146dad8e24118eb8991b9ed36e13f309d2e3d7af408c35358a8b39899bf2daf260ddd8d50678d437a3dba32923fe026da99a526006
-- filename: tini
-  url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64
-  validation:
-    type: sha512
-    value: 8053cc21a3a9bdd6042a495349d1856ae8d3b3e7664c9654198de0087af031f5d41139ec85a2f5d7d2febd22ec3f280767ff23b9d5f63d490584e2b7ad3c218c
-- filename: NotoSansCJK-Regular.ttc
-  url: https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc
-  validation:
-    type: sha512
-    value: 0ce56bde1853fed3e53282505bac65707385275a27816c29712ab04c187aa249797c82c58759b2b36c210d4e2683eda92359d739a8045cb8385c2c34d37cc9e1
+  - filename: kibana-7.13.0-linux-x86_64.tar.gz
+    url: https://artifacts.elastic.co/downloads/kibana/kibana-7.13.0-linux-x86_64.tar.gz
+    validation:
+      type: sha512
+      value: 4a23bbac87f2ca74ad2e473aaee8257874aca7044e7f32a454a61175053b05961d720352d4ba0a74dcc0a38aea35aa19da86a6ebf57968a09106ed514e78a757
+  - filename: tini
+    url: https://github.com/krallin/tini/releases/download/v0.19.0/tini-amd64
+    validation:
+      type: sha512
+      value: 8053cc21a3a9bdd6042a495349d1856ae8d3b3e7664c9654198de0087af031f5d41139ec85a2f5d7d2febd22ec3f280767ff23b9d5f63d490584e2b7ad3c218c
+  - filename: NotoSansCJK-Regular.ttc
+    url: https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc
+    validation:
+      type: sha512
+      value: 0ce56bde1853fed3e53282505bac65707385275a27816c29712ab04c187aa249797c82c58759b2b36c210d4e2683eda92359d739a8045cb8385c2c34d37cc9e1
 
 # List of project maintainers
 maintainers:
-- email: "tyler.smalley@elastic.co"
-  name: "Tyler Smalley"
-  username: "tylersmalley"
-  cht_member: false
-- email: "klepal_alexander@bah.com"
-  name: "Alexander Klepal"
-  username: "alexander.klepal"
-  cht_member: true
+  - email: 'tyler.smalley@elastic.co'
+    name: 'Tyler Smalley'
+    username: 'tylersmalley'
+    cht_member: false
+  - email: 'klepal_alexander@bah.com'
+    name: 'Alexander Klepal'
+    username: 'alexander.klepal'
+    cht_member: true