[Security Solution] [Detections] Update wording for read privilege check #88763
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…us a false negative, also update the text to better reflect this
dhurley14
added
docs
release_note:skip
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]
History
To update your PR or re-run it, just comment with: |
spong
pushed a commit
to spong/kibana
that referenced
this pull request
Jan 20, 2021
…us a false negative, also update the text to better reflect this (elastic#88763) Co-authored-by: Kibana Machine <[email protected]>
spong
pushed a commit
to spong/kibana
that referenced
this pull request
Jan 20, 2021
…us a false negative, also update the text to better reflect this (elastic#88763) Co-authored-by: Kibana Machine <[email protected]>
peluja1012
pushed a commit
that referenced
this pull request
Jan 20, 2021
…us a false negative, also update the text to better reflect this (#88763) (#88793) Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Devin W. Hurley <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
peluja1012
pushed a commit
that referenced
this pull request
Jan 20, 2021
…us a false negative, also update the text to better reflect this (#88763) (#88798) Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Devin W. Hurley <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Update rule to only write a partial failure status not an error status when checking for
readprivileges on indices because cross cluster search could be giving us a false negative via the elasticsearch_has_privilegesapi. Also updates the text to better reflect this.With the introduction of #83134 to determine if a rule has the necessary privileges to run against the provided indices, we discovered that the
_has_privilegesendpoint does not work when checking for remote indices when using cross cluster search. This PR updates the wording and changes the rule status to reflect the possibility that this endpoint could be giving us false negatives where a rule status says it does not have read privileges on a remote index (pattern) when in actuality it does.CC: @jmikell821 @Donnater
Checklist
Delete any items that are not applicable to this PR.
For maintainers