Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ResponseOps] Require all privilege to "Actions and Connectors" in order to execute SentinelOne sub-actions #171247

Merged
merged 8 commits into from
Nov 27, 2023
Merged

[ResponseOps] Require all privilege to "Actions and Connectors" in order to execute SentinelOne sub-actions #171247

merged 8 commits into from
Nov 27, 2023

Conversation

paul-tavares
Copy link
Contributor

Summary

  • Adds an additional authz check to the execution of SentinelOne sub-actions to ensure the user has the all privilege to "Actions and Connectors"

Testing

In order to test this change the SentinelOne connector needs to be enabled by setting the following config property:

xpack.stack_connectors.enableExperimental:
  - sentinelOneConnectorOn

Checklist

@paul-tavares paul-tavares added release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.12.0 labels Nov 14, 2023
@paul-tavares paul-tavares self-assigned this Nov 14, 2023
@paul-tavares paul-tavares mentioned this pull request Nov 14, 2023
Closed
1 task
@paul-tavares paul-tavares marked this pull request as ready for review November 15, 2023 13:13
@paul-tavares paul-tavares requested a review from a team as a code owner November 15, 2023 13:13
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@paul-tavares
Copy link
Contributor Author

buildkite test this

1 similar comment
@paul-tavares
Copy link
Contributor Author

buildkite test this

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @paul-tavares

mikecote
mikecote approved these changes Nov 27, 2023
View reviewed changes
Copy link
Contributor

@mikecote mikecote left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes LGTM but I noticed the UI doesn't reflect the updated RBAC changes:

  • "Run this connector" button in the connectors list is still visible for SentinelOne connector when the user is read only
  • "Test" tab is visible when opening the connector flyout for a read only user
  • SentinelOne connector shows up as an action to alerting rules when user is read only

We'll need these bugs fixed before a EDR connector becomes GA. Is this something you would like to fix in this PR or would like to defer to a later time? We can provide code pointers.

Screenshot 2023-11-27 at 3 04 22 PM Screenshot 2023-11-27 at 3 04 36 PM Screenshot 2023-11-27 at 3 11 39 PM

@paul-tavares paul-tavares merged commit 20d3fe2 into elastic:main Nov 27, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Nov 27, 2023
@paul-tavares paul-tavares deleted the task/olm-7823-sentinelone-authz-all branch November 27, 2023 20:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikecote mikecote mikecote approved these changes

@patrykkopycinski patrykkopycinski Awaiting requested review from patrykkopycinski

@kobelb kobelb Awaiting requested review from kobelb

@cnasikas cnasikas Awaiting requested review from cnasikas

Assignees

@paul-tavares paul-tavares

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Defend Workflows “EDR Workflows” sub-team of Security Solution v8.12.0
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@paul-tavares @elasticmachine @kibana-ci @mikecote @kibanamachine