Skip to content

Commit

Permalink
[8.0] Updates warning about editing rules using API authentication (b…
Browse files Browse the repository at this point in the history
…ackport #4110) (#4161)

* Updates warning about editing rules using API authentication (#4110)

* Updates warning about editing rules using API authentication

* Apply suggestions from TW review

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Applies TW feedback

* Updates notes to address both scenarios

* Removes extra period

---------

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
(cherry picked from commit 783ce5a)

# Conflicts:
#	docs/detections/api/rules/rules-api-bulk-actions.asciidoc
#	docs/detections/api/rules/rules-api-create.asciidoc
#	docs/detections/api/rules/rules-api-import.asciidoc

* Resolves conflict

* Removes frontmatter

---------

Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <natasha.moore@elastic.co>
  • Loading branch information
3 people authored Nov 1, 2023
1 parent 3822706 commit ca56409
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 5 deletions.
23 changes: 20 additions & 3 deletions docs/detections/api/rules/rules-api-bulk-actions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,12 @@ NOTE: Console supports only {es} APIs and doesn't allow interactions with {kib}
[[bulk-actions-rules-api-create]]
==== Bulk create

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Creates new rules.

Expand Down Expand Up @@ -135,7 +140,12 @@ A JSON array containing the deleted rules.
[[bulk-actions-rules-api-update]]
==== Bulk update

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Updates multiple rules.

Expand Down Expand Up @@ -216,7 +226,14 @@ A JSON array containing the updated rules.
[[bulk-actions-rules-api-action]]
==== Bulk action

Applies a bulk action to multiple rules. The bulk action is applied to all rules that match the filter.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Applies a bulk action to multiple rules. The bulk action is applied to all rules that match the filter or to the list of rules by their IDs.

[discrete]
===== Request URL
Expand Down
7 changes: 6 additions & 1 deletion docs/detections/api/rules/rules-api-create.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
[[rules-api-create]]
=== Create rule

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Creates a new detection rule.

Expand Down
7 changes: 7 additions & 0 deletions docs/detections/api/rules/rules-api-import.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ Imports rules from an `.ndjson` file. The following configuration items are also
* Actions
* Exception lists

[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

NOTE: Console supports {es} APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. Please also note this API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.

NOTE: You need at least `Read` privileges for the `Action and Connectors` feature to import rules with actions. If you're importing rules without actions, `Action and Connectors` feature privileges are not required. Refer to <<enable-detections-ui>> for more information.
Expand Down
17 changes: 17 additions & 0 deletions docs/detections/api/rules/rules-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,23 @@ the status of Elastic <<prebuilt-rules, prebuilt rules>>
TIP: You can view and download a Detections API Postman collection
https://github.com/elastic/examples/tree/master/Security%20Analytics/SIEM-examples/Detections-API[here].

[float]
=== Authentication
This API supports both key- and token-based authentication.

To use key-based authentication, create an {kibana-ref}/api-keys.html[API key], then specify the key in the header of your API calls.

To use token-based authentication, provide a username and password; this automatically creates an API key that matches the current user's privileges.

In both cases, the API key is subsequently used for authorization when the rule runs.

[WARNING]
====
If the API key has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
If the key that created the rule gets deleted, or the user that created the rule becomes inactive, the rule will stop running.
====

[float]
=== Kibana role requirements

Expand Down
7 changes: 6 additions & 1 deletion docs/detections/api/rules/rules-api-update.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
[[rules-api-update]]
=== Update rule

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Updates an existing detection rule.

Expand Down

0 comments on commit ca56409

Please sign in to comment.