Skip to content

[SIEM] [Detection engine] Add user permission to detection engine#53778

Merged
XavierM merged 9 commits intoelastic:masterfrom
XavierM:detection-engine-priviledge
Jan 5, 2020
Merged

[SIEM] [Detection engine] Add user permission to detection engine#53778
XavierM merged 9 commits intoelastic:masterfrom
XavierM:detection-engine-priviledge

Conversation

@XavierM
Copy link
Copy Markdown
Contributor

@XavierM XavierM commented Dec 23, 2019

Summary

  • Allow user who has the write to create siem-signal index at initialization;
  • Get index name from API to search signals
  • Block user who is unauthenticated to use Detection Engine

image
image

Checklist

Use strikethroughs to remove checklist items you don't feel are applicable to this PR.

For maintainers

@XavierM XavierM added Team:SIEM v8.0.0 release_note:skip Skip the PR/issue when compiling release notes v7.6.0 labels Dec 23, 2019
@XavierM XavierM self-assigned this Dec 23, 2019
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Dec 23, 2019

Pinging @elastic/siem (Team:SIEM)

@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Dec 24, 2019

💚 Build Succeeded

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@elastic elastic deleted a comment from kibanamachine Dec 24, 2019
MikePaquette
MikePaquette reviewed Dec 27, 2019
View reviewed changes
Copy link
Copy Markdown

@MikePaquette MikePaquette left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggesting a couple text modifications.

x-pack/legacy/plugins/siem/public/pages/detection_engine/translations.ts Outdated
Copy link
Copy Markdown

@MikePaquette MikePaquette Dec 27, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be more specific? For example: "Before the SIEM detection engine can be used, a user with create_index privilege on the SIEM signals index for this Kibana Space must first access this page. Doing so will cause the required index to be created and will allow users to activate rules that can generate signals. You do not currently have this permission. Please contact your Elastic Stack administrator for further assistance."

Copy link
Copy Markdown
Contributor

@benskelker benskelker Dec 31, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd keep this simple, as users without the required privileges will always need to contact an admin. Suggested text:

To use the detection engine, a user with the required cluster and index privileges must first access this page. For more help, contact your administrator.

@XavierM
Copy link
Copy Markdown
Contributor Author

XavierM commented Dec 30, 2019

@elasticmachine merge upstream

@XavierM
Copy link
Copy Markdown
Contributor Author

XavierM commented Jan 2, 2020

@elasticmachine merge upstream

MichaelMarcialis
MichaelMarcialis reviewed Jan 2, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@MichaelMarcialis MichaelMarcialis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, @XavierM. This is looking good. Added a few comments below.

I also noticed that the "View documentation" buttons in the EmptyPage components were 100% the width of their container. I was wondering if it would be possible to change this to just be the width of the text and icon the button contains. Should probably be as easy as setting grow={false} to the containing EuiFlexItem components.

@XavierM XavierM requested a review from a team January 3, 2020 14:10
@XavierM XavierM requested review from a team as code owners January 3, 2020 14:10
@XavierM XavierM force-pushed the detection-engine-priviledge branch from 2838504 to ef20d85 Compare January 3, 2020 14:16
@XavierM XavierM removed request for a team January 3, 2020 19:00
MichaelMarcialis
MichaelMarcialis reviewed Jan 3, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@MichaelMarcialis MichaelMarcialis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unresolved one comment that wasn't resolved yet. Otherwise, once that and the changes to the EmptyPage button width are addressed, this is good from my perspective. Thanks!

MichaelMarcialis
MichaelMarcialis approved these changes Jan 3, 2020
View reviewed changes
Copy link
Copy Markdown
Contributor

@MichaelMarcialis MichaelMarcialis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fixes, @XavierM! Looks good from my perspective :)

spong
spong approved these changes Jan 3, 2020
View reviewed changes
Copy link
Copy Markdown
Member

@spong spong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checked out, tested locally, and performed code review -- LGTM! 🎉

Tested on multiple spaces with differing roles/privileges and saw the expected error screens when navigating to any of the detection-engine routes. Once the appropriate Cluster/Index Privileges were assigned the signals index was created and I was able to navigate to and use the detection engine.

Good stuff in here @XavierM. And extra thanks for the fixes from comments!

@kibanamachine
Copy link
Copy Markdown
Contributor

kibanamachine commented Jan 4, 2020

💚 Build Succeeded

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@XavierM XavierM merged commit a73ad23 into elastic:master Jan 5, 2020
@XavierM XavierM mentioned this pull request Jan 5, 2020
Merged
XavierM added a commit to XavierM/kibana that referenced this pull request Jan 5, 2020
@XavierM
[SIEM] [Detection engine] Add user permission to detection engine (el…
e1c6b90 
…astic#53778)

* add logic to see if we can show signals or create signal index for user

* fix unit test

* fix spelling set up

* Update msg from review

* review II

* fix type

* review III

* fix bug found by Garrett

* fix snapshot
XavierM added a commit that referenced this pull request Jan 5, 2020
@XavierM
[SIEM] [Detection engine] Add user permission to detection engine (#5…
fa61a65 
…3778) (#53988)

* add logic to see if we can show signals or create signal index for user

* fix unit test

* fix spelling set up

* Update msg from review

* review II

* fix type

* review III

* fix bug found by Garrett

* fix snapshot
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 6, 2020
@gmmorris
Merge branch 'master' into alerting/client-types
8f5c13d 
* master:
  increase delay to make sure license refetched (elastic#53882)
  Allow custom NP plugin paths in production (elastic#53562)
  [Maps] show custom color ramps in legend (elastic#53780)
  [Lens] Expression type on document can be null (elastic#53883)
  [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778)
  Update dependency @elastic/charts to v16.0.2 (elastic#52619)
  Set consistent EOL symbol in core API docs (elastic#53815)
  [Logs UI] Refactor query bar state to hooks (elastic#52656)
  [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937)
  Invalidate alert API Key when generating a new one (elastic#53732)
  [Logs UI] HTTP API for log entries (elastic#53798)
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 6, 2020
@gmmorris
Merge branch 'master' into alerting/zombie-tasks
8c34d4a 
* master:
  increase delay to make sure license refetched (elastic#53882)
  Allow custom NP plugin paths in production (elastic#53562)
  [Maps] show custom color ramps in legend (elastic#53780)
  [Lens] Expression type on document can be null (elastic#53883)
  [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778)
  Update dependency @elastic/charts to v16.0.2 (elastic#52619)
  Set consistent EOL symbol in core API docs (elastic#53815)
  [Logs UI] Refactor query bar state to hooks (elastic#52656)
  [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937)
  Invalidate alert API Key when generating a new one (elastic#53732)
  [Logs UI] HTTP API for log entries (elastic#53798)
  [kbn/pm] add caching to bootstrap (elastic#53622)
  adds createdAt and updatedAt fields to alerting (elastic#53793)
gmmorris added a commit to gmmorris/kibana that referenced this pull request Jan 6, 2020
@gmmorris
Merge branch 'master' into task-manager/schema-config
923846a 
* master:
  increase delay to make sure license refetched (elastic#53882)
  Allow custom NP plugin paths in production (elastic#53562)
  [Maps] show custom color ramps in legend (elastic#53780)
  [Lens] Expression type on document can be null (elastic#53883)
  [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778)
  Update dependency @elastic/charts to v16.0.2 (elastic#52619)
  Set consistent EOL symbol in core API docs (elastic#53815)
  [Logs UI] Refactor query bar state to hooks (elastic#52656)
  [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937)
  Invalidate alert API Key when generating a new one (elastic#53732)
  [Logs UI] HTTP API for log entries (elastic#53798)
  [kbn/pm] add caching to bootstrap (elastic#53622)
  adds createdAt and updatedAt fields to alerting (elastic#53793)
  [SR] Enable component integration tests (elastic#53893)
jloleysens added a commit to jloleysens/kibana that referenced this pull request Jan 6, 2020
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into chore/move-co…
8f8f7a5 
…nsole-dependencies

* 'master' of github.com:elastic/kibana: (33 commits)
  adds strict types to Alerting Client (elastic#53821)
  [Dashboard] Empty screen redesign (elastic#53681)
  Migrate config deprecations and `ShieldUser` functionality to the New Platform (elastic#53768)
  increase delay to make sure license refetched (elastic#53882)
  Allow custom NP plugin paths in production (elastic#53562)
  [Maps] show custom color ramps in legend (elastic#53780)
  [Lens] Expression type on document can be null (elastic#53883)
  [SIEM] [Detection engine] Add user permission to detection engine (elastic#53778)
  Update dependency @elastic/charts to v16.0.2 (elastic#52619)
  Set consistent EOL symbol in core API docs (elastic#53815)
  [Logs UI] Refactor query bar state to hooks (elastic#52656)
  [Maps] pass getFieldFormatter to DynamicTextProperty (elastic#53937)
  Invalidate alert API Key when generating a new one (elastic#53732)
  [Logs UI] HTTP API for log entries (elastic#53798)
  [kbn/pm] add caching to bootstrap (elastic#53622)
  adds createdAt and updatedAt fields to alerting (elastic#53793)
  [SR] Enable component integration tests (elastic#53893)
  Move index patterns: src/legacy/core_plugins/data 👉 src/plugins/data (elastic#53794)
  moved Task Manager server code under "server" directory (elastic#53777)
  Rename `/api/security/oidc` to `/api/security/oidc/callback`. (elastic#53886)
  ...

# Conflicts:
#	yarn.lock
@XavierM XavierM deleted the detection-engine-priviledge branch June 4, 2020 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MikePaquette MikePaquette MikePaquette left review comments

@spong spong spong approved these changes

@MichaelMarcialis MichaelMarcialis MichaelMarcialis approved these changes

@FrankHassanabad FrankHassanabad Awaiting requested review from FrankHassanabad

+1 more reviewer

@benskelker benskelker benskelker left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@XavierM XavierM

Labels

release_note:skip Skip the PR/issue when compiling release notes Team:SIEM v7.6.0 v8.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@XavierM @elasticmachine @kibanamachine @spong @MichaelMarcialis @MikePaquette @benskelker