Skip to content

Commit

Permalink
[Cases] [Security Solution] New cases subfeatures, add comments and r…
Browse files Browse the repository at this point in the history
…eopen cases (elastic#194898)

## Summary

This pr adds 2 new sub feature permissions to the cases plugin in
stack/security/observability, that behave as follows. The first is for
controlling the ability to reopen cases. When Cases has the read
permission, and the reopen permission is not enabled, users have
permissions as before. When enabled, users can move cases from closed to
open/in progress, but nothing else. If a user has all and this
permission, they can do anything as before, if the option is unselected,
they can change case properties, and change a case from open to
anything, in progress to anything, but if the case is closed, are unable
to reopen it.

The 2nd permission is 'Add comment'. When enabled and the user has case
read permissions, users can add comments, but not make any other changes
to the case. When the user has read and this deselected, read functions
as before. When a user has this permission and cases is all, this
functions as all. When they have all but this permission is deselected,
the user can do everything normally, except add cases comments.

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: Michael Olorunnisola <michael.olorunnisola@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
  • Loading branch information
3 people authored and paulinashakirova committed Nov 26, 2024
1 parent 2a0edf3 commit fa546a6
Showing 145 changed files with 3,541 additions and 516 deletions.
Original file line number Diff line number Diff line change
@@ -46,7 +46,7 @@ viewer:
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_securitySolutionCases.read
- feature_securitySolutionCasesV2.read
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -126,7 +126,7 @@ editor:
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -175,7 +175,7 @@ t1_analyst:
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_securitySolutionCases.read
- feature_securitySolutionCasesV2.read
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -230,7 +230,7 @@ t2_analyst:
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -300,7 +300,7 @@ t3_analyst:
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_siem.scan_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -362,7 +362,7 @@ threat_intelligence_analyst:
- feature_siem.all
- feature_siem.endpoint_list_read
- feature_siem.blocklist_all
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -430,7 +430,7 @@ rule_author:
- feature_siem.host_isolation_exceptions_read
- feature_siem.blocklist_all # Elastic Defend Policy Management
- feature_siem.actions_log_management_read
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.read
@@ -502,7 +502,7 @@ soc_manager:
- feature_siem.file_operations_all
- feature_siem.execute_operations_all
- feature_siem.scan_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.all
@@ -562,7 +562,7 @@ detections_admin:
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.all
@@ -621,7 +621,7 @@ platform_engineer:
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all # Elastic Defend Policy Management
- feature_siem.actions_log_management_read
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.all
@@ -694,7 +694,7 @@ endpoint_operations_analyst:
- feature_siem.file_operations_all
- feature_siem.execute_operations_all
- feature_siem.scan_operations_all
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.all
@@ -769,7 +769,7 @@ endpoint_policy_manager:
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all # Elastic Defend Policy Management
- feature_securitySolutionCases.all
- feature_securitySolutionCasesV2.all
- feature_securitySolutionAssistant.all
- feature_securitySolutionAttackDiscovery.all
- feature_actions.all
14 changes: 7 additions & 7 deletions packages/kbn-es/src/serverless_resources/security_roles.json
Original file line number Diff line number Diff line change
@@ -35,7 +35,7 @@
"siem": ["read", "read_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"securitySolutionCases": ["read"],
"securitySolutionCasesV2": ["read"],
"actions": ["read"],
"builtInAlerts": ["read"]
},
@@ -82,7 +82,7 @@
"siem": ["read", "read_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"securitySolutionCases": ["read"],
"securitySolutionCasesV2": ["read"],
"actions": ["read"],
"builtInAlerts": ["read"]
},
@@ -150,7 +150,7 @@
"actions_log_management_all",
"file_operations_all"
],
"securitySolutionCases": ["all"],
"securitySolutionCasesV2": ["all"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"actions": ["read"],
@@ -210,7 +210,7 @@
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"securitySolutionCases": ["all"],
"securitySolutionCasesV2": ["all"],
"actions": ["read"],
"builtInAlerts": ["all"]
},
@@ -263,7 +263,7 @@
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"securitySolutionCases": ["all"],
"securitySolutionCasesV2": ["all"],
"actions": ["all"],
"builtInAlerts": ["all"]
},
@@ -311,7 +311,7 @@
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"securitySolutionCases": ["all"],
"securitySolutionCasesV2": ["all"],
"actions": ["read"],
"builtInAlerts": ["all"],
"dev_tools": ["all"]
@@ -366,7 +366,7 @@
"siem": ["all", "read_alerts", "crud_alerts"],
"securitySolutionAssistant": ["all"],
"securitySolutionAttackDiscovery": ["all"],
"securitySolutionCases": ["all"],
"securitySolutionCasesV2": ["all"],
"actions": ["all"],
"builtInAlerts": ["all"]
},
Original file line number Diff line number Diff line change
@@ -6,6 +6,6 @@
*/

export { getSecurityFeature } from './src/security';
export { getCasesFeature } from './src/cases';
export { getCasesFeature, getCasesV2Feature } from './src/cases';
export { getAssistantFeature } from './src/assistant';
export { getAttackDiscoveryFeature } from './src/attack_discovery';
23 changes: 21 additions & 2 deletions x-pack/packages/security-solution/features/src/cases/index.ts
Original file line number Diff line number Diff line change
@@ -6,14 +6,33 @@
*/
import type { CasesSubFeatureId } from '../product_features_keys';
import type { ProductFeatureParams } from '../types';
import { getCasesBaseKibanaFeature } from './kibana_features';
import { getCasesBaseKibanaSubFeatureIds, getCasesSubFeaturesMap } from './kibana_sub_features';
import { getCasesBaseKibanaFeature } from './v1_features/kibana_features';
import {
getCasesBaseKibanaSubFeatureIds,
getCasesSubFeaturesMap,
} from './v1_features/kibana_sub_features';
import type { CasesFeatureParams } from './types';
import { getCasesBaseKibanaFeatureV2 } from './v2_features/kibana_features';
import {
getCasesBaseKibanaSubFeatureIdsV2,
getCasesSubFeaturesMapV2,
} from './v2_features/kibana_sub_features';

/**
* @deprecated Use getCasesV2Feature instead
*/
export const getCasesFeature = (
params: CasesFeatureParams
): ProductFeatureParams<CasesSubFeatureId> => ({
baseKibanaFeature: getCasesBaseKibanaFeature(params),
baseKibanaSubFeatureIds: getCasesBaseKibanaSubFeatureIds(),
subFeaturesMap: getCasesSubFeaturesMap(params),
});

export const getCasesV2Feature = (
params: CasesFeatureParams
): ProductFeatureParams<CasesSubFeatureId> => ({
baseKibanaFeature: getCasesBaseKibanaFeatureV2(params),
baseKibanaSubFeatureIds: getCasesBaseKibanaSubFeatureIdsV2(),
subFeaturesMap: getCasesSubFeaturesMapV2(params),
});
Original file line number Diff line number Diff line change
@@ -4,7 +4,6 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { CasesUiCapabilities, CasesApiTags } from '@kbn/cases-plugin/common';
import type { ProductFeatureCasesKey, CasesSubFeatureId } from '../product_features_keys';
import type { ProductFeatureKibanaConfig } from '../types';
Original file line number Diff line number Diff line change
@@ -0,0 +1,98 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import { i18n } from '@kbn/i18n';

import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common';
import { KibanaFeatureScope } from '@kbn/features-plugin/common';
import type { BaseKibanaFeatureConfig } from '../../types';
import { APP_ID, CASES_FEATURE_ID, CASES_FEATURE_ID_V2 } from '../../constants';
import type { CasesFeatureParams } from '../types';

/**
* @deprecated Use getCasesBaseKibanaFeatureV2 instead
*/
export const getCasesBaseKibanaFeature = ({
uiCapabilities,
apiTags,
savedObjects,
}: CasesFeatureParams): BaseKibanaFeatureConfig => {
return {
deprecated: {
notice: i18n.translate(
'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionCase.deprecationMessage',
{
defaultMessage:
'The {currentId} permissions are deprecated, please see {casesFeatureIdV2}.',
values: {
currentId: CASES_FEATURE_ID,
casesFeatureIdV2: CASES_FEATURE_ID_V2,
},
}
),
},
id: CASES_FEATURE_ID,
name: i18n.translate(
'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionCaseTitleDeprecated',
{
defaultMessage: 'Cases (Deprecated)',
}
),
order: 1100,
category: DEFAULT_APP_CATEGORIES.security,
scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security],
app: [CASES_FEATURE_ID, 'kibana'],
catalogue: [APP_ID],
cases: [APP_ID],
privileges: {
all: {
api: [...apiTags.all, ...apiTags.createComment],
app: [CASES_FEATURE_ID, 'kibana'],
catalogue: [APP_ID],
cases: {
create: [APP_ID],
read: [APP_ID],
update: [APP_ID],
push: [APP_ID],
createComment: [APP_ID],
reopenCase: [APP_ID],
},
savedObject: {
all: [...savedObjects.files],
read: [...savedObjects.files],
},
ui: uiCapabilities.all,
replacedBy: {
default: [{ feature: CASES_FEATURE_ID_V2, privileges: ['all'] }],
minimal: [
{
feature: CASES_FEATURE_ID_V2,
privileges: ['minimal_all', 'create_comment', 'case_reopen'],
},
],
},
},
read: {
api: apiTags.read,
app: [CASES_FEATURE_ID, 'kibana'],
catalogue: [APP_ID],
cases: {
read: [APP_ID],
},
savedObject: {
all: [],
read: [...savedObjects.files],
},
ui: uiCapabilities.read,
replacedBy: {
default: [{ feature: CASES_FEATURE_ID_V2, privileges: ['read'] }],
minimal: [{ feature: CASES_FEATURE_ID_V2, privileges: ['minimal_read'] }],
},
},
},
};
};
Original file line number Diff line number Diff line change
@@ -7,9 +7,9 @@

import { i18n } from '@kbn/i18n';
import type { SubFeatureConfig } from '@kbn/features-plugin/common';
import { CasesSubFeatureId } from '../product_features_keys';
import { APP_ID } from '../constants';
import type { CasesFeatureParams } from './types';
import { CasesSubFeatureId } from '../../product_features_keys';
import { APP_ID, CASES_FEATURE_ID_V2 } from '../../constants';
import type { CasesFeatureParams } from '../types';

/**
* Sub-features that will always be available for Security Cases
@@ -21,7 +21,8 @@ export const getCasesBaseKibanaSubFeatureIds = (): CasesSubFeatureId[] => [
];

/**
* Defines all the Security Assistant subFeatures available.
* @deprecated Use getCasesSubFeaturesMapV2 instead
* @description - Defines all the Security Solution Cases available.
* The order of the subFeatures is the order they will be displayed
*/
export const getCasesSubFeaturesMap = ({
@@ -55,6 +56,7 @@ export const getCasesSubFeaturesMap = ({
delete: [APP_ID],
},
ui: uiCapabilities.delete,
replacedBy: [{ feature: CASES_FEATURE_ID_V2, privileges: ['cases_delete'] }],
},
],
},
@@ -89,6 +91,7 @@ export const getCasesSubFeaturesMap = ({
settings: [APP_ID],
},
ui: uiCapabilities.settings,
replacedBy: [{ feature: CASES_FEATURE_ID_V2, privileges: ['cases_settings'] }],
},
],
},
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { ProductFeatureCasesKey, CasesSubFeatureId } from '../../product_features_keys';
import type { ProductFeatureKibanaConfig } from '../../types';

export type DefaultCasesProductFeaturesConfig = Record<
ProductFeatureCasesKey,
ProductFeatureKibanaConfig<CasesSubFeatureId>
>;
Loading

0 comments on commit fa546a6

Please sign in to comment.