[SIEM][Detection Engine] Setup possible with read-only space privilege #56897

cwurm · 2020-02-05T18:36:47Z

Scenario:
Trying to set up the DE with reduced privileges.

Privileges:

Cluster: manage_ilm, manage_index_templates
Index: all on *
Kibana: Read on SIEM

What did I do? Navigate to Detections tab

Behavior: Sets up the DE signals index even though the user has read-only space privileges.

Suggestion:
Do not try to set up signals index with only a Read space privilege.

The text was updated successfully, but these errors were encountered:

elasticmachine · 2020-02-05T18:36:49Z

Pinging @elastic/siem (Team:SIEM)

cwurm added the Team:SIEM label Feb 5, 2020

andrew-goldstein mentioned this issue Jun 16, 2020

[Meta] Embeddable types #43879

Closed

1 task

stacey-gammon mentioned this issue Jun 16, 2020

Allow plugins to register default saved objects that will be created for every space. #33496

Closed

MindyRS added Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. Feature:Detection Rules Security Solution rules and Detection Engine labels Oct 27, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SIEM][Detection Engine] Setup possible with read-only space privilege #56897

[SIEM][Detection Engine] Setup possible with read-only space privilege #56897

cwurm commented Feb 5, 2020

elasticmachine commented Feb 5, 2020

[SIEM][Detection Engine] Setup possible with read-only space privilege #56897

[SIEM][Detection Engine] Setup possible with read-only space privilege #56897

Comments

cwurm commented Feb 5, 2020

elasticmachine commented Feb 5, 2020