[SIEM] [Detection engine] Add user permission to detection engine #53778
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
XavierM
added
Team:SIEM
v8.0.0
release_note:skip
|
Pinging @elastic/siem (Team:SIEM) |
💚 Build Succeeded
To update your PR or re-run it, just comment with: |
x-pack/legacy/plugins/siem/public/pages/detection_engine/translations.ts
Outdated
Show resolved
Hide resolved
|
|
||
| export const NO_INDEX_MSG_BODY = i18n.translate('xpack.siem.detectionEngine.noIndexMsgBody', { | ||
| defaultMessage: | ||
| 'To begin using the detection engine, a user with permission must first access this page to create the necessary Elasticsearch index. Doing so will automatically generate the required index and allow users to begin generating signals from rules. As you currently don’t have these permissions, please contact your administrator for further assistance.', |
There was a problem hiding this comment.
Should this be more specific? For example: "Before the SIEM detection engine can be used, a user with create_index privilege on the SIEM signals index for this Kibana Space must first access this page. Doing so will cause the required index to be created and will allow users to activate rules that can generate signals. You do not currently have this permission. Please contact your Elastic Stack administrator for further assistance."
There was a problem hiding this comment.
I'd keep this simple, as users without the required privileges will always need to contact an admin. Suggested text:
To use the detection engine, a user with the required cluster and index privileges must first access this page. For more help, contact your administrator.
|
@elasticmachine merge upstream |
benskelker
reviewed
Dec 31, 2019
x-pack/legacy/plugins/siem/public/pages/detection_engine/translations.ts
Outdated
Show resolved
Hide resolved
|
@elasticmachine merge upstream |
There was a problem hiding this comment.
Hey, @XavierM. This is looking good. Added a few comments below.
I also noticed that the "View documentation" buttons in the EmptyPage components were 100% the width of their container. I was wondering if it would be possible to change this to just be the width of the text and icon the button contains. Should probably be as easy as setting grow={false} to the containing EuiFlexItem components.
x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx
Outdated
Show resolved
Hide resolved
.../legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx
Outdated
Show resolved
Hide resolved
.../legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx
Outdated
Show resolved
Hide resolved
x-pack/legacy/plugins/siem/public/pages/detection_engine/detection_engine_no_signal_index.tsx
Outdated
Show resolved
Hide resolved
XavierM
force-pushed
the
detection-engine-priviledge
branch
from
2838504 to
ef20d85
Compare
spong
reviewed
Jan 3, 2020
x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/api.ts
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/api.ts
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/use_privilege_user.tsx
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
...gacy/plugins/siem/public/containers/detection_engine/signals/errors_types/get_index_error.ts
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
...acy/plugins/siem/public/containers/detection_engine/signals/errors_types/post_index_error.ts
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
...plugins/siem/public/containers/detection_engine/signals/errors_types/privilege_user_error.ts
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/types.ts
Outdated
Show resolved
Hide resolved
spong
reviewed
Jan 3, 2020
x-pack/legacy/plugins/siem/public/containers/detection_engine/signals/types.ts
Outdated
Show resolved
Hide resolved
.../legacy/plugins/siem/public/pages/detection_engine/detection_engine_user_unauthenticated.tsx
Outdated
Show resolved
Hide resolved
MichaelMarcialis
approved these changes
Jan 3, 2020
There was a problem hiding this comment.
Thanks for the fixes, @XavierM! Looks good from my perspective :)
spong
approved these changes
Jan 3, 2020
There was a problem hiding this comment.
Checked out, tested locally, and performed code review -- LGTM! 🎉
Tested on multiple spaces with differing roles/privileges and saw the expected error screens when navigating to any of the detection-engine routes. Once the appropriate Cluster/Index Privileges were assigned the signals index was created and I was able to navigate to and use the detection engine.
Good stuff in here @XavierM. And extra thanks for the fixes from comments!
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
XavierM
added a commit
to XavierM/kibana
that referenced
this pull request
Jan 5, 2020
…astic#53778) * add logic to see if we can show signals or create signal index for user * fix unit test * fix spelling set up * Update msg from review * review II * fix type * review III * fix bug found by Garrett * fix snapshot
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 6, 2020
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798)
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 6, 2020
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793)
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Jan 6, 2020
* master: increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793) [SR] Enable component integration tests (elastic#53893)
jloleysens
added a commit
to jloleysens/kibana
that referenced
this pull request
Jan 6, 2020
…nsole-dependencies * 'master' of github.com:elastic/kibana: (33 commits) adds strict types to Alerting Client (elastic#53821) [Dashboard] Empty screen redesign (elastic#53681) Migrate config deprecations and `ShieldUser` functionality to the New Platform (elastic#53768) increase delay to make sure license refetched (elastic#53882) Allow custom NP plugin paths in production (elastic#53562) [Maps] show custom color ramps in legend (elastic#53780) [Lens] Expression type on document can be null (elastic#53883) [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778) Update dependency @elastic/charts to v16.0.2 (elastic#52619) Set consistent EOL symbol in core API docs (elastic#53815) [Logs UI] Refactor query bar state to hooks (elastic#52656) [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937) Invalidate alert API Key when generating a new one (elastic#53732) [Logs UI] HTTP API for log entries (elastic#53798) [kbn/pm] add caching to bootstrap (elastic#53622) adds createdAt and updatedAt fields to alerting (elastic#53793) [SR] Enable component integration tests (elastic#53893) Move index patterns: src/legacy/core_plugins/data 👉 src/plugins/data (elastic#53794) moved Task Manager server code under "server" directory (elastic#53777) Rename `/api/security/oidc` to `/api/security/oidc/callback`. (elastic#53886) ... # Conflicts: # yarn.lock
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
siem-signalindex at initialization;Detection EngineChecklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.[ ] This was checked for cross-browser compatibility, including a check against IE11[ ] Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support[ ] Documentation was added for features that require explanation or tutorials[ ] Unit or functional tests were updated or added to match the most common scenarios[ ] This was checked for keyboard-only and screenreader accessibilityFor maintainers
[ ] This was checked for breaking API changes and was labeled appropriately[ ] This includes a feature addition or change that requires a release note and was labeled appropriately