Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable reporting for Permissions Policy violations #184664

Closed
legrego opened this issue Jun 3, 2024 · 1 comment · Fixed by #186892
Closed

Enable reporting for Permissions Policy violations #184664

legrego opened this issue Jun 3, 2024 · 1 comment · Fixed by #186892
Assignees
@elena-shostak
Labels
enhancement New value added to drive a business result Feature:Hardening Harding of Kibana from a security perspective Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@legrego
Copy link
Member

legrego commented Jun 3, 2024

We currently support CSP violation reporting via YML config:

# kibana.yml
server.customResponseHeaders.Reporting-Endpoints: violations-endpoint="{{kibana_public_base_url}}/internal/security/analytics/_record_violations"
csp.report_to: [violations-endpoint]

We should extend this functionality to also report on Permissions Policy violations.

Blocked on the discussion for how we want to expose these options to consumers:
@legrego legrego added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! enhancement New value added to drive a business result Feature:Hardening Harding of Kibana from a security perspective labels Jun 3, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego linked a pull request Jul 29, 2024 that will close this issue
Permissions Policy Reporting #186892
Merged
4 tasks
@legrego legrego closed this as completed Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@elena-shostak elena-shostak

Labels
enhancement New value added to drive a business result Feature:Hardening Harding of Kibana from a security perspective Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Permissions Policy Reporting elena-shostak/kibana
3 participants
@legrego @elasticmachine @elena-shostak