Skip to content

[Security] Fix siemV3 migration for Endpoint Exceptions on Serverless#225331

Merged
gergoabraham merged 3 commits intoelastic:mainfrom
gergoabraham:fix-siemv3-migration-endpoint-exceptions
Jun 25, 2025
Merged

[Security] Fix siemV3 migration for Endpoint Exceptions on Serverless#225331
gergoabraham merged 3 commits intoelastic:mainfrom
gergoabraham:fix-siemv3-migration-endpoint-exceptions

Conversation

@gergoabraham
Copy link
Copy Markdown
Contributor

@gergoabraham gergoabraham commented Jun 25, 2025
edited
Loading

Summary

Endpoint Exception ALL privilege got lost, because the original migration (PR: #219566) did this:

  • for siem:ALL or siemV2:ALL:
    • it adds the new global_artifact_management_all, because siemVX all meant that user can write Endpoint Exceptions
    • and: it changed siemVX:ALL to siemVX:MINIMAL_ALL, in order to enabled the sub-features toggle, so it is visible to the user that they are granted a new sub-privilege

and the issue: Endpoint Exceptions are not included in siemVX:MINIMAL_ALL, and thanks to this the user lost their access to Endpoint Exceptions.

this PR solves this issue.

visualization

with this change, the siem/siemV2:ALL -> siemV3 migration graph now looks like this:

flowchart LR
    classDef serverless stroke:blue,stroke-dasharray: 5 5

    subgraph siemV2[siem/siemV2]
        all1[all]
    end

    subgraph siemV3
        subgraph minall2[minimal_all]
            g1[global_artifact_management_all]

            eea["`endpoint_exceptions_all
                (only serverless)`"]:::serverless
        end
    end

    all1 -->|keep access to the included Endpoint Exceptions ALL| g1
    all1 -->|enable sub-feature toggle| minall2

    all1 -->|keep access to EE ALL, as it WAS included in ALL. only serverless| eea
    linkStyle 2 stroke:#00f,color:blue
Loading

see the previous ones here: #219566

Checklist

Check the PR satisfies following conditions.

Reviewers should verify this PR satisfies this list as well.

@gergoabraham gergoabraham self-assigned this Jun 25, 2025
@gergoabraham gergoabraham requested review from a team as code owners June 25, 2025 15:59
@gergoabraham gergoabraham added the release_note:skip Skip the PR/issue when compiling release notes label Jun 25, 2025
@gergoabraham gergoabraham added backport:skip This PR does not require backporting Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Jun 25, 2025
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jun 25, 2025

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@gergoabraham gergoabraham requested a review from semd June 25, 2025 16:02
@gergoabraham gergoabraham mentioned this pull request Jun 25, 2025
Merged
4 tasks
semd
semd approved these changes Jun 25, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@semd semd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kc13greiner
kc13greiner approved these changes Jun 25, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@kc13greiner kc13greiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@gergoabraham gergoabraham enabled auto-merge (squash) June 25, 2025 16:56
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Jun 25, 2025

⏳ Build in-progress, with failures

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #104 / Cloud Security Posture Test adding Cloud Security Posture Integrations CSPM AWS CIS_AWS Organization Manual Direct Access CIS_AWS Organization Manual Direct Access Workflow
  • [job] [logs] FTR Configs #104 / Cloud Security Posture Test adding Cloud Security Posture Integrations CSPM AWS CIS_AWS Organization Manual Temporary Keys CIS_AWS Organization Manual Temporary Keys Workflow

cc @gergoabraham

@gergoabraham gergoabraham merged commit 0c2cd22 into elastic:main Jun 25, 2025
18 checks passed
@gergoabraham gergoabraham deleted the fix-siemv3-migration-endpoint-exceptions branch June 25, 2025 18:46
@gergoabraham gergoabraham mentioned this pull request Sep 5, 2025
Closed
26 tasks
@gergoabraham gergoabraham mentioned this pull request Sep 19, 2025
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@semd semd semd approved these changes

@kc13greiner kc13greiner kc13greiner approved these changes

@paul-tavares paul-tavares paul-tavares approved these changes

@parkiino parkiino Awaiting requested review from parkiino parkiino was automatically assigned from elastic/security-defend-workflows

Assignees

@gergoabraham gergoabraham

Labels

backport:skip This PR does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v9.1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@gergoabraham @elasticmachine @semd @kc13greiner @paul-tavares @kibanamachine