diff --git a/x-pack/plugins/security/server/routes/authorization/roles/get_all_by_space.ts b/x-pack/plugins/security/server/routes/authorization/roles/get_all_by_space.ts index 734f0292db116..a441ba15164c1 100644 --- a/x-pack/plugins/security/server/routes/authorization/roles/get_all_by_space.ts +++ b/x-pack/plugins/security/server/routes/authorization/roles/get_all_by_space.ts @@ -24,8 +24,10 @@ export function defineGetAllRolesBySpaceRoutes({ router.get( { path: '/internal/security/roles/{spaceId}', - options: { - tags: ['access:manage_spaces'], + security: { + authz: { + requiredPrivileges: ['manage_spaces'], + }, }, validate: { params: schema.object({ spaceId: schema.string({ minLength: 1 }) }), diff --git a/x-pack/plugins/security/server/routes/session_management/invalidate.ts b/x-pack/plugins/security/server/routes/session_management/invalidate.ts index a45d8f00c1ca4..bbc81c21706d9 100644 --- a/x-pack/plugins/security/server/routes/session_management/invalidate.ts +++ b/x-pack/plugins/security/server/routes/session_management/invalidate.ts @@ -37,6 +37,11 @@ export function defineInvalidateSessionsRoutes({ ), }), }, + security: { + authz: { + requiredPrivileges: ['sessionManagement'], + }, + }, options: { // The invalidate session API was introduced to address situations where the session index // could grow rapidly - when session timeouts are disabled, or with anonymous access. @@ -44,7 +49,7 @@ export function defineInvalidateSessionsRoutes({ // anonymous access. However, keeping this endpoint available internally in serverless would // be useful in situations where we need to batch-invalidate user sessions. access: buildFlavor === 'serverless' ? 'internal' : 'public', - tags: ['access:sessionManagement'], + summary: `Invalidate user sessions`, }, }, diff --git a/x-pack/plugins/security/server/routes/user_profile/bulk_get.ts b/x-pack/plugins/security/server/routes/user_profile/bulk_get.ts index 20da1d573901f..0ffe760d57d52 100644 --- a/x-pack/plugins/security/server/routes/user_profile/bulk_get.ts +++ b/x-pack/plugins/security/server/routes/user_profile/bulk_get.ts @@ -24,7 +24,11 @@ export function defineBulkGetUserProfilesRoute({ dataPath: schema.maybe(schema.string()), }), }, - options: { tags: ['access:bulkGetUserProfiles'] }, + security: { + authz: { + requiredPrivileges: ['bulkGetUserProfiles'], + }, + }, }, createLicensedRouteHandler(async (context, request, response) => { const userProfileServiceInternal = getUserProfileService(); diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts index 196ffc71162db..8ba1de0bb70d9 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts @@ -27,7 +27,12 @@ export function registerActionAuditLogRoutes( .get({ access: 'public', path: ENDPOINT_ACTION_LOG_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts index 96b466a251cf4..1d524b08aefce 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts @@ -32,7 +32,12 @@ export const registerActionDetailsRoutes = ( .get({ access: 'public', path: ACTION_DETAILS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts index 2e16c57886f7d..29aa6f4bba3d8 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts @@ -38,7 +38,12 @@ export const registerActionFileDownloadRoutes = ( // we need to enable setting the version number via query params enableQueryVersion: true, path: ACTION_AGENT_FILE_DOWNLOAD_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts index 1cb4e95e1eaf1..63118a64fc453 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts @@ -74,7 +74,12 @@ export const registerActionFileInfoRoute = ( .get({ access: 'public', path: ACTION_AGENT_FILE_INFO_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts index a858909f5e2ed..05e5d77eb945b 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts @@ -30,7 +30,12 @@ export function registerActionListRoutes( .get({ access: 'public', path: BASE_ENDPOINT_ACTION_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts index b6eb2376bd1cb..0fc90c7589b99 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts @@ -80,7 +80,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: ISOLATE_HOST_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -99,7 +104,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: UNISOLATE_HOST_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -119,7 +129,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: ISOLATE_HOST_ROUTE_V2, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -139,7 +154,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: UNISOLATE_HOST_ROUTE_V2, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -159,7 +179,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: KILL_PROCESS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -182,7 +207,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: SUSPEND_PROCESS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -205,7 +235,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: GET_PROCESSES_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -225,7 +260,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: GET_FILE_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -245,7 +285,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: EXECUTE_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -265,9 +310,14 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: UPLOAD_ROUTE, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { authRequired: true, - tags: ['access:securitySolution'], + body: { accepts: ['multipart/form-data'], output: 'stream', @@ -293,7 +343,12 @@ export function registerResponseActionRoutes( .post({ access: 'public', path: SCAN_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts index 3ea4d9fa35753..c2d5b850d6bb2 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts @@ -32,7 +32,12 @@ export function registerActionStateRoutes( .get({ access: 'public', path: ACTION_STATE_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts b/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts index 6172bf07d2320..8a245dfb451ea 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts @@ -29,7 +29,12 @@ export function registerActionStatusRoutes( .get({ access: 'public', path: ACTION_STATUS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts index e6ea2f7595785..7ca24156b45fd 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts @@ -27,7 +27,12 @@ export const registerAgentStatusRoute = ( .get({ access: 'internal', path: AGENT_STATUS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts index 2f6e46d1d7727..3f028719fe5ad 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts @@ -54,7 +54,12 @@ export function registerEndpointRoutes( .get({ access: 'public', path: HOST_METADATA_LIST_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -94,7 +99,12 @@ export function registerEndpointRoutes( .get({ access: 'public', path: METADATA_TRANSFORMS_STATUS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo} deprecated: true, }) @@ -114,7 +124,12 @@ export function registerEndpointRoutes( .get({ access: 'internal', path: METADATA_TRANSFORMS_STATUS_INTERNAL_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/protection_updates_note/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/protection_updates_note/index.ts index 7b28ccfcf9fe7..4355684407bb1 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/protection_updates_note/index.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/protection_updates_note/index.ts @@ -25,7 +25,12 @@ export function registerProtectionUpdatesNoteRoutes( .post({ access: 'public', path: PROTECTION_UPDATES_NOTE_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { @@ -45,7 +50,12 @@ export function registerProtectionUpdatesNoteRoutes( .get({ access: 'public', path: PROTECTION_UPDATES_NOTE_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts index 677fb004ee862..bbee33114534b 100644 --- a/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts +++ b/x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts @@ -42,7 +42,12 @@ export function registerEndpointSuggestionsRoutes( .post({ access: 'public', path: SUGGESTIONS_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo} deprecated: true, }) @@ -64,7 +69,12 @@ export function registerEndpointSuggestionsRoutes( .post({ access: 'internal', path: SUGGESTIONS_INTERNAL_ROUTE, - options: { authRequired: true, tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, + options: { authRequired: true }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/lib/dashboards/routes/get_dashboards_by_tags.ts b/x-pack/plugins/security_solution/server/lib/dashboards/routes/get_dashboards_by_tags.ts index e7a3ebf9a7f10..589923be2fc3e 100644 --- a/x-pack/plugins/security_solution/server/lib/dashboards/routes/get_dashboards_by_tags.ts +++ b/x-pack/plugins/security_solution/server/lib/dashboards/routes/get_dashboards_by_tags.ts @@ -21,8 +21,10 @@ export const getDashboardsByTagsRoute = (router: SecuritySolutionPluginRouter, l .post({ path: INTERNAL_DASHBOARDS_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts index 5b4eab27f71ab..4b5642b9d199b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts @@ -23,8 +23,10 @@ export const getAllIntegrationsRoute = (router: SecuritySolutionPluginRouter) => .get({ access: 'internal', path: GET_ALL_INTEGRATIONS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts index 3a3d159d1337f..27b1c4b103ab7 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts @@ -21,8 +21,10 @@ export const getInstalledIntegrationsRoute = (router: SecuritySolutionPluginRout .get({ access: 'internal', path: GET_INSTALLED_INTEGRATIONS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts index d17435a543320..8d3788a2cf7f8 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts @@ -21,8 +21,10 @@ export const bootstrapPrebuiltRulesRoute = (router: SecuritySolutionPluginRouter .post({ access: 'internal', path: BOOTSTRAP_PREBUILT_RULES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts index 3713176e919c5..dc9c15ac5b5f7 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts @@ -30,8 +30,10 @@ export const getPrebuiltRulesAndTimelinesStatusRoute = (router: SecuritySolution .get({ access: 'public', path: PREBUILT_RULES_STATUS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts index 86809a3a79a93..0561c826e0c78 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts @@ -20,8 +20,10 @@ export const getPrebuiltRulesStatusRoute = (router: SecuritySolutionPluginRouter .get({ access: 'internal', path: GET_PREBUILT_RULES_STATUS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts index 11e841ed50431..8740d27fce817 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts @@ -33,8 +33,12 @@ export const installPrebuiltRulesAndTimelinesRoute = (router: SecuritySolutionPl .put({ access: 'public', path: PREBUILT_RULES_URL, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts index 1a29568ca496b..8b4d38bd2f4a4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts @@ -34,8 +34,12 @@ export const performRuleInstallationRoute = (router: SecuritySolutionPluginRoute .post({ access: 'internal', path: PERFORM_RULE_INSTALLATION_URL, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts index 085c41db3a5db..6da2cd7187b08 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts @@ -31,8 +31,12 @@ export const performRuleUpgradeRoute = (router: SecuritySolutionPluginRouter) => .post({ access: 'internal', path: PERFORM_RULE_UPGRADE_URL, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts index 00fc5e2beb5b8..c1c45532f61bb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts @@ -26,8 +26,12 @@ export const reviewRuleInstallationRoute = (router: SecuritySolutionPluginRouter .post({ access: 'internal', path: REVIEW_RULE_INSTALLATION_URL, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts index 382ec27a1bf35..3da62bd9bb21d 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts @@ -35,8 +35,12 @@ export const reviewRuleUpgradeRoute = (router: SecuritySolutionPluginRouter) => .post({ access: 'internal', path: REVIEW_RULE_UPGRADE_URL, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts index b5c61bb82c29e..85fe5a2c29a1b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts @@ -40,8 +40,10 @@ export const createIndexRoute = (router: SecuritySolutionPluginRouter) => { .post({ path: DETECTION_ENGINE_INDEX_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts index 49b14944633cc..08f975c023851 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts @@ -35,8 +35,10 @@ export const deleteIndexRoute = (router: SecuritySolutionPluginRouter) => { .delete({ path: DETECTION_ENGINE_INDEX_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_alerts_index_exists_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_alerts_index_exists_route.ts index 9f75689cf7811..894e5ec642c07 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_alerts_index_exists_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_alerts_index_exists_route.ts @@ -18,8 +18,10 @@ export const readAlertsIndexExistsRoute = (router: SecuritySolutionPluginRouter) .get({ path: DETECTION_ENGINE_ALERTS_INDEX_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts index bd13fe09b687b..2f5131d1abf8b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts @@ -26,8 +26,10 @@ export const readIndexRoute = ( .get({ path: DETECTION_ENGINE_INDEX_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts index 314d2c273b04a..22c031d5d5eb5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts @@ -22,8 +22,10 @@ export const readPrivilegesRoute = ( .get({ path: DETECTION_ENGINE_PRIVILEGES_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/create_signals_migration_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/create_signals_migration_route.ts index 8d8d80a700478..b4947b939b336 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/create_signals_migration_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/create_signals_migration_route.ts @@ -24,8 +24,10 @@ export const createSignalsMigrationRoute = (router: SecuritySolutionPluginRouter .post({ path: DETECTION_ENGINE_SIGNALS_MIGRATION_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/delete_signals_migration_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/delete_signals_migration_route.ts index c4838280ac6a4..14a490d34d4fc 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/delete_signals_migration_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/delete_signals_migration_route.ts @@ -20,8 +20,10 @@ export const deleteSignalsMigrationRoute = (router: SecuritySolutionPluginRouter .delete({ path: DETECTION_ENGINE_SIGNALS_MIGRATION_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/finalize_signals_migration_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/finalize_signals_migration_route.ts index 9e09ffe0cf895..6ea0584c0b0c4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/finalize_signals_migration_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/finalize_signals_migration_route.ts @@ -25,8 +25,10 @@ export const finalizeSignalsMigrationRoute = ( .post({ path: DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/get_signals_migration_status_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/get_signals_migration_status_route.ts index ece4d3444be99..fc7cfe6fc2eae 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/get_signals_migration_status_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/get_signals_migration_status_route.ts @@ -23,8 +23,10 @@ export const getSignalsMigrationStatusRoute = (router: SecuritySolutionPluginRou .get({ path: DETECTION_ENGINE_SIGNALS_MIGRATION_STATUS_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts index dde24af7007c4..5438db042e7df 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts @@ -37,8 +37,10 @@ export const setSignalsStatusRoute = ( .post({ path: DETECTION_ENGINE_SIGNALS_STATUS_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts index 60e0bde69c590..f49eaad74e490 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts @@ -23,8 +23,10 @@ export const querySignalsRoute = ( .post({ path: DETECTION_ENGINE_QUERY_SIGNALS_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts index 1ce791143705b..9e5547e03c7e6 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts @@ -22,8 +22,10 @@ export const setAlertAssigneesRoute = (router: SecuritySolutionPluginRouter) => .post({ path: DETECTION_ENGINE_ALERT_ASSIGNEES_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts index d285c381c4b54..3fbd21c57ffef 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts @@ -22,8 +22,10 @@ export const setAlertTagsRoute = (router: SecuritySolutionPluginRouter) => { .post({ path: DETECTION_ENGINE_ALERT_TAGS_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/telemetry/telemetry_detection_rules_preview_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/telemetry/telemetry_detection_rules_preview_route.ts index 271e6e7d27749..8013b2af9742b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/telemetry/telemetry_detection_rules_preview_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/telemetry/telemetry_detection_rules_preview_route.ts @@ -26,8 +26,10 @@ export const telemetryDetectionRulesPreviewRoute = ( .get({ path: SECURITY_TELEMETRY_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts index 1b1aeada05660..2b8f65af12ca5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts @@ -23,8 +23,10 @@ export const suggestUserProfilesRoute = ( .get({ path: DETECTION_ENGINE_ALERT_SUGGEST_USERS_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/api/create_legacy_notification/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/api/create_legacy_notification/route.ts index 518ece11dbefe..d5623df8db91c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/api/create_legacy_notification/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_actions_legacy/api/create_legacy_notification/route.ts @@ -34,8 +34,10 @@ export const legacyCreateLegacyNotificationRoute = ( .post({ path: UPDATE_OR_CREATE_LEGACY_ACTIONS, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts index 22aa94ad80aee..1d8038b1052c3 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts @@ -36,8 +36,10 @@ export const createRuleExceptionsRoute = (router: SecuritySolutionPluginRouter) .post({ path: CREATE_RULE_EXCEPTIONS_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts index f8714c4e260ee..3680a70525fd4 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts @@ -29,8 +29,10 @@ export const findRuleExceptionReferencesRoute = (router: SecuritySolutionPluginR .get({ path: DETECTION_ENGINE_RULES_EXCEPTIONS_REFERENCE_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts index 658a9b193e0a2..e599ff4a936ef 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts @@ -61,8 +61,13 @@ export const performBulkActionRoute = ( .post({ access: 'public', path: DETECTION_ENGINE_RULES_BULK_ACTION, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution', routeLimitedConcurrencyTag(MAX_ROUTE_CONCURRENCY)], + tags: [routeLimitedConcurrencyTag(MAX_ROUTE_CONCURRENCY)], timeout: { idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts index 98910ea337630..4a9b0b659e982 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_create_rules/route.ts @@ -37,8 +37,12 @@ export const bulkCreateRulesRoute = (router: SecuritySolutionPluginRouter, logge .post({ access: 'public', path: DETECTION_ENGINE_RULES_BULK_CREATE, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts index da75e4e33362a..d3d4648ccdde9 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_patch_rules/route.ts @@ -31,8 +31,12 @@ export const bulkPatchRulesRoute = (router: SecuritySolutionPluginRouter, logger .patch({ access: 'public', path: DETECTION_ENGINE_RULES_BULK_UPDATE, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts index fb95e7e452afd..a2c14610fdf2c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_update_rules/route.ts @@ -35,8 +35,12 @@ export const bulkUpdateRulesRoute = (router: SecuritySolutionPluginRouter, logge .put({ access: 'public', path: DETECTION_ENGINE_RULES_BULK_UPDATE, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: RULE_MANAGEMENT_BULK_ACTION_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts index 0a298008dd354..a959c522c1718 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts @@ -22,8 +22,10 @@ export const getCoverageOverviewRoute = (router: SecuritySolutionPluginRouter) = .post({ access: 'internal', path: RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts index aa6425b2e673c..a5fee66d00148 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts @@ -27,8 +27,10 @@ export const createRuleRoute = (router: SecuritySolutionPluginRouter): void => { access: 'public', path: DETECTION_ENGINE_RULES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts index 42a6a1c47544f..a5854e9a2caf5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts @@ -24,8 +24,10 @@ export const deleteRuleRoute = (router: SecuritySolutionPluginRouter) => { .delete({ access: 'public', path: DETECTION_ENGINE_RULES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts index 3c770c714334c..a37bb29963332 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts @@ -33,8 +33,12 @@ export const exportRulesRoute = ( .post({ access: 'public', path: `${DETECTION_ENGINE_RULES_URL}/_export`, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], timeout: { idleSocket: RULE_MANAGEMENT_IMPORT_EXPORT_SOCKET_TIMEOUT_MS, }, diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts index 183d4f8e2f78d..05633892cdddb 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts @@ -56,8 +56,10 @@ export const getRuleManagementFilters = (router: SecuritySolutionPluginRouter) = .get({ access: 'internal', path: RULE_MANAGEMENT_FILTERS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts index 02ff637ab6f10..899e568e79630 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts @@ -25,8 +25,10 @@ export const findRulesRoute = (router: SecuritySolutionPluginRouter, logger: Log .get({ access: 'public', path: DETECTION_ENGINE_RULES_URL_FIND, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts index e9131050d9629..d6a5213fcbea6 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts @@ -47,8 +47,12 @@ export const importRulesRoute = (router: SecuritySolutionPluginRouter, config: C .post({ access: 'public', path: `${DETECTION_ENGINE_RULES_URL}/_import`, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], body: { maxBytes: config.maxRuleImportPayloadBytes, output: 'stream', diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts index 3886f63c482b0..fcd388e81d1e7 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts @@ -26,8 +26,10 @@ export const patchRuleRoute = (router: SecuritySolutionPluginRouter) => { .patch({ access: 'public', path: DETECTION_ENGINE_RULES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts index a119d1afae912..f8826e8aad45b 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts @@ -24,8 +24,10 @@ export const readRuleRoute = (router: SecuritySolutionPluginRouter, logger: Logg .get({ access: 'public', path: DETECTION_ENGINE_RULES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts index fb7a7a9e3197d..0bedcb25de528 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts @@ -27,8 +27,10 @@ export const updateRuleRoute = (router: SecuritySolutionPluginRouter) => { .put({ access: 'public', path: DETECTION_ENGINE_RULES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts index 5120603f9f674..d94f695f39179 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts @@ -18,8 +18,10 @@ export const readTagsRoute = (router: SecuritySolutionPluginRouter) => { .get({ access: 'public', path: DETECTION_ENGINE_TAGS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts index 719f46788a524..d6d9e6843e5a2 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts @@ -36,8 +36,10 @@ export const getClusterHealthRoute = (router: SecuritySolutionPluginRouter) => { .get({ access: 'internal', path: GET_CLUSTER_HEALTH_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( @@ -62,8 +64,10 @@ export const getClusterHealthRoute = (router: SecuritySolutionPluginRouter) => { .post({ access: 'internal', path: GET_CLUSTER_HEALTH_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts index a69f7961b19f8..401040b33faa5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts @@ -33,8 +33,10 @@ export const getRuleHealthRoute = (router: SecuritySolutionPluginRouter) => { .post({ access: 'internal', path: GET_RULE_HEALTH_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts index 96ced4e34151d..772de5aead760 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts @@ -36,8 +36,10 @@ export const getSpaceHealthRoute = (router: SecuritySolutionPluginRouter) => { .get({ access: 'internal', path: GET_SPACE_HEALTH_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( @@ -62,8 +64,10 @@ export const getSpaceHealthRoute = (router: SecuritySolutionPluginRouter) => { .post({ access: 'internal', path: GET_SPACE_HEALTH_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts index 685ce8f677952..0e8e5e5b676fa 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts @@ -22,8 +22,10 @@ export const setupHealthRoute = (router: SecuritySolutionPluginRouter) => { .post({ access: 'internal', path: SETUP_HEALTH_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts index 4e8001193b5c5..fc3c485710c1a 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts @@ -27,8 +27,10 @@ export const getRuleExecutionEventsRoute = (router: SecuritySolutionPluginRouter .get({ access: 'internal', path: GET_RULE_EXECUTION_EVENTS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts index bf3a9864260ac..c23396e139afc 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts @@ -27,8 +27,10 @@ export const getRuleExecutionResultsRoute = (router: SecuritySolutionPluginRoute .get({ access: 'internal', path: GET_RULE_EXECUTION_RESULTS_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts index 3b3656c82f06d..bc805867f69e0 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts @@ -89,8 +89,13 @@ export const previewRulesRoute = ( .post({ path: DETECTION_ENGINE_RULES_PREVIEW, access: 'public', + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution', routeLimitedConcurrencyTag(MAX_ROUTE_CONCURRENCY)], + tags: [routeLimitedConcurrencyTag(MAX_ROUTE_CONCURRENCY)], }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts index 93251bcf92652..e0de56da88c8d 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/bulk_upload.ts @@ -33,8 +33,10 @@ export const assetCriticalityPublicBulkUploadRoute = ( .post({ access: 'public', path: ASSET_CRITICALITY_PUBLIC_BULK_UPLOAD_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/delete.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/delete.ts index 6c2437081500d..de3f8cda4f5ba 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/delete.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/delete.ts @@ -28,8 +28,10 @@ export const assetCriticalityPublicDeleteRoute = ( .delete({ access: 'public', path: ASSET_CRITICALITY_PUBLIC_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts index 048df61757a56..2cea50a2bbe20 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/get.ts @@ -30,8 +30,10 @@ export const assetCriticalityPublicGetRoute = ( .get({ access: 'public', path: ASSET_CRITICALITY_PUBLIC_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts index a6316646bc612..7cfc763e8b97c 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/list.ts @@ -28,8 +28,10 @@ export const assetCriticalityPublicListRoute = ( .get({ access: 'public', path: ASSET_CRITICALITY_PUBLIC_LIST_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts index 8c40335423973..59cdc983770ca 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/privileges.ts @@ -28,8 +28,10 @@ export const assetCriticalityInternalPrivilegesRoute = ( .get({ access: 'internal', path: ASSET_CRITICALITY_INTERNAL_PRIVILEGES_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts index fc1cc92bbe1cf..6443981b327d9 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/status.ts @@ -26,8 +26,10 @@ export const assetCriticalityInternalStatusRoute = ( .get({ access: 'internal', path: ASSET_CRITICALITY_INTERNAL_STATUS_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts index 8c1d94176111c..dccf24d161054 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upload_csv.ts @@ -35,8 +35,12 @@ export const assetCriticalityPublicCSVUploadRoute = ( .post({ access: 'public', path: ASSET_CRITICALITY_PUBLIC_CSV_UPLOAD_URL, + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, + }, options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], body: { output: 'stream', accepts: 'multipart/form-data', diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts index 488a75c0196ab..8614a2b8e9ad1 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/routes/upsert.ts @@ -31,8 +31,10 @@ export const assetCriticalityPublicUpsertRoute = ( .post({ access: 'public', path: ASSET_CRITICALITY_PUBLIC_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/apply_dataview_indices.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/apply_dataview_indices.ts index 72cd02f273cad..115afdb6b0b3b 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/apply_dataview_indices.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/apply_dataview_indices.ts @@ -20,8 +20,10 @@ export const applyDataViewIndicesEntityEngineRoute = ( .post({ access: 'public', path: '/api/entity_store/engines/apply_dataview_indices', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/delete.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/delete.ts index e11c9d3fa7b9d..9e221093d9582 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/delete.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/delete.ts @@ -28,8 +28,10 @@ export const deleteEntityEngineRoute = ( .delete({ access: 'public', path: '/api/entity_store/engines/{entityType}', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts index 3eefcb7de5752..9f195bb33c8d9 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts @@ -32,8 +32,10 @@ export const listEntitiesRoute = (router: EntityAnalyticsRoutesDeps['router'], l .get({ access: 'public', path: LIST_ENTITIES_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/get.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/get.ts index 23f013598b476..3ae59d6d748cb 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/get.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/get.ts @@ -23,8 +23,10 @@ export const getEntityEngineRoute = ( .get({ access: 'public', path: '/api/entity_store/engines/{entityType}', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/init.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/init.ts index 3535be022179b..c6ae2f23366a0 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/init.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/init.ts @@ -28,8 +28,10 @@ export const initEntityEngineRoute = ( .post({ access: 'public', path: '/api/entity_store/engines/{entityType}/init', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/list.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/list.ts index 7cec67bcdf5cd..372331cea7087 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/list.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/list.ts @@ -22,8 +22,10 @@ export const listEntityEnginesRoute = ( .get({ access: 'public', path: '/api/entity_store/engines', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/start.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/start.ts index 1872de211cb8f..2985553e874c1 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/start.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/start.ts @@ -24,8 +24,10 @@ export const startEntityEngineRoute = ( .post({ access: 'public', path: '/api/entity_store/engines/{entityType}/start', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stats.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stats.ts index 9ca3cd906f016..24785fbd5c015 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stats.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stats.ts @@ -23,8 +23,10 @@ export const getEntityEngineStatsRoute = ( .post({ access: 'public', path: '/api/entity_store/engines/{entityType}/stats', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stop.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stop.ts index e1c28bc2cc073..010ec4e08177d 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stop.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/stop.ts @@ -24,8 +24,10 @@ export const stopEntityEngineRoute = ( .post({ access: 'public', path: '/api/entity_store/engines/{entityType}/stop', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.ts index 1776ddcca69b1..473627c9c7b09 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.ts @@ -23,8 +23,10 @@ export const riskEngineCleanupRoute = ( .delete({ access: 'public', path: RISK_ENGINE_CLEANUP_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts index 59b4b4f77537e..fafa887d6fbb4 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/disable.ts @@ -24,8 +24,10 @@ export const riskEngineDisableRoute = ( .post({ access: 'internal', path: RISK_ENGINE_DISABLE_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts index 24b3c3816440d..ce86ac8f99bd6 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/enable.ts @@ -24,8 +24,10 @@ export const riskEngineEnableRoute = ( .post({ access: 'internal', path: RISK_ENGINE_ENABLE_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts index 4657d21cbcbe0..67edb78b740c5 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/init.ts @@ -26,8 +26,10 @@ export const riskEngineInitRoute = ( .post({ access: 'internal', path: RISK_ENGINE_INIT_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts index f14e06fa72868..307da6980da50 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/privileges.ts @@ -24,8 +24,10 @@ export const riskEnginePrivilegesRoute = ( .get({ access: 'internal', path: RISK_ENGINE_PRIVILEGES_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts index 91f32954f6102..99ec60b281293 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/schedule_now.ts @@ -27,8 +27,10 @@ export const riskEngineScheduleNowRoute = ( .post({ access: 'public', path: RISK_ENGINE_SCHEDULE_NOW_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts index e300f012b86cf..8073f1222302f 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts @@ -19,8 +19,10 @@ export const riskEngineSettingsRoute = (router: EntityAnalyticsRoutesDeps['route .get({ access: 'internal', path: RISK_ENGINE_SETTINGS_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts index 9b69ddec6b005..5ece4cbf48e43 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/status.ts @@ -20,8 +20,10 @@ export const riskEngineStatusRoute = ( .get({ access: 'internal', path: RISK_ENGINE_STATUS_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts index 4b1cf773a572b..8fe611721d323 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/entity_calculation.ts @@ -166,8 +166,10 @@ export const deprecatedRiskScoreEntityCalculationRoute = ( .post({ path: '/api/risk_scores/calculation/entity', access: 'internal', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( @@ -192,8 +194,10 @@ export const riskScoreEntityCalculationRoute = ( .post({ path: RISK_SCORE_ENTITY_CALCULATION_URL, access: 'internal', - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts index e2a1e664c5e76..5ab6791a300c3 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/risk_score/routes/preview.ts @@ -30,8 +30,10 @@ export const riskScorePreviewRoute = ( .post({ access: 'internal', path: RISK_SCORE_PREVIEW_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts b/x-pack/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts index 01a04a284b16a..5b2a3a70be1a2 100644 --- a/x-pack/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts +++ b/x-pack/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts @@ -23,8 +23,10 @@ export const createSharedExceptionListRoute = (router: SecuritySolutionPluginRou .post({ path: SHARED_EXCEPTION_LIST_URL, access: 'public', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/index_status/index.ts b/x-pack/plugins/security_solution/server/lib/risk_score/index_status/index.ts index 79eef256f8e93..c53039367dfbe 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/index_status/index.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/index_status/index.ts @@ -18,8 +18,10 @@ export const getRiskScoreIndexStatusRoute = (router: SecuritySolutionPluginRoute .get({ access: 'internal', path: RISK_SCORE_INDEX_STATUS_API_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/indices/create_index_route.ts b/x-pack/plugins/security_solution/server/lib/risk_score/indices/create_index_route.ts index ef4aacf251ff4..d029d098b03bf 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/indices/create_index_route.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/indices/create_index_route.ts @@ -19,8 +19,10 @@ export const createEsIndexRoute = (router: SecuritySolutionPluginRouter, logger: .put({ access: 'internal', path: RISK_SCORE_CREATE_INDEX, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/indices/delete_indices_route.ts b/x-pack/plugins/security_solution/server/lib/risk_score/indices/delete_indices_route.ts index 407e9e0a8f3e0..4e7f8ed0975f1 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/indices/delete_indices_route.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/indices/delete_indices_route.ts @@ -17,8 +17,10 @@ export const deleteEsIndicesRoute = (router: SecuritySolutionPluginRouter) => { .post({ access: 'internal', path: RISK_SCORE_DELETE_INDICES, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/onboarding/routes/install_risk_scores.ts b/x-pack/plugins/security_solution/server/lib/risk_score/onboarding/routes/install_risk_scores.ts index de6675985fc00..342ae7a0c577b 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/onboarding/routes/install_risk_scores.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/onboarding/routes/install_risk_scores.ts @@ -21,8 +21,10 @@ export const installRiskScoresRoute = (router: SecuritySolutionPluginRouter, log .post({ access: 'internal', path: INTERNAL_RISK_SCORE_URL, - options: { - tags: ['access:securitySolution', `access:${APP_ID}-entity-analytics`], + security: { + authz: { + requiredPrivileges: ['securitySolution', `${APP_ID}-entity-analytics`], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_dev_tool_content/routes/read_prebuilt_dev_tool_content_route.ts b/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_dev_tool_content/routes/read_prebuilt_dev_tool_content_route.ts index 77553eca21d5c..81a7694ba79e9 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_dev_tool_content/routes/read_prebuilt_dev_tool_content_route.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_dev_tool_content/routes/read_prebuilt_dev_tool_content_route.ts @@ -53,8 +53,10 @@ export const readPrebuiltDevToolContentRoute = (router: SecuritySolutionPluginRo .get({ access: 'internal', path: DEV_TOOL_PREBUILT_CONTENT, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/create_prebuilt_saved_objects.ts b/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/create_prebuilt_saved_objects.ts index a17669af734fe..2ccccc4bab787 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/create_prebuilt_saved_objects.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/create_prebuilt_saved_objects.ts @@ -24,8 +24,10 @@ export const createPrebuiltSavedObjectsRoute = ( .post({ access: 'internal', path: PREBUILT_SAVED_OBJECTS_BULK_CREATE, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/delete_prebuilt_saved_objects.ts b/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/delete_prebuilt_saved_objects.ts index bd7ae03191ea5..7e772e710cc93 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/delete_prebuilt_saved_objects.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/prebuilt_saved_objects/routes/delete_prebuilt_saved_objects.ts @@ -21,8 +21,10 @@ export const deletePrebuiltSavedObjectsRoute = (router: SecuritySolutionPluginRo .post({ access: 'internal', path: PREBUILT_SAVED_OBJECTS_BULK_DELETE, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/create_script_route.ts b/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/create_script_route.ts index 573d1d30bcd28..85cd1fb9d1928 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/create_script_route.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/create_script_route.ts @@ -18,8 +18,10 @@ export const createStoredScriptRoute = (router: SecuritySolutionPluginRouter, lo .put({ access: 'internal', path: RISK_SCORE_CREATE_STORED_SCRIPT, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/delete_script_route.ts b/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/delete_script_route.ts index 0d7ef94be2635..91bf387d55bd0 100644 --- a/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/delete_script_route.ts +++ b/x-pack/plugins/security_solution/server/lib/risk_score/stored_scripts/delete_script_route.ts @@ -17,8 +17,10 @@ export const deleteStoredScriptRoute = (router: SecuritySolutionPluginRouter) => .delete({ access: 'internal', path: RISK_SCORE_DELETE_STORED_SCRIPT, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts index e2cf97dd094a9..f4c52e9b444b8 100644 --- a/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts +++ b/x-pack/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts @@ -25,7 +25,11 @@ export const registerSiemRuleMigrationsCreateRoute = ( .post({ path: SIEM_RULE_MIGRATIONS_PATH, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/security_solution/server/lib/tags/routes/create_tag.ts b/x-pack/plugins/security_solution/server/lib/tags/routes/create_tag.ts index 1604b4374b984..8b76d6b380893 100644 --- a/x-pack/plugins/security_solution/server/lib/tags/routes/create_tag.ts +++ b/x-pack/plugins/security_solution/server/lib/tags/routes/create_tag.ts @@ -21,8 +21,10 @@ export const createTagRoute = (router: SecuritySolutionPluginRouter, logger: Log .put({ path: INTERNAL_TAGS_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/tags/routes/get_tags_by_name.ts b/x-pack/plugins/security_solution/server/lib/tags/routes/get_tags_by_name.ts index 75ae24d0eacd5..dc5a9da70c71f 100644 --- a/x-pack/plugins/security_solution/server/lib/tags/routes/get_tags_by_name.ts +++ b/x-pack/plugins/security_solution/server/lib/tags/routes/get_tags_by_name.ts @@ -21,8 +21,10 @@ export const getTagsByNameRoute = (router: SecuritySolutionPluginRouter, logger: .get({ path: INTERNAL_TAGS_URL, access: 'internal', - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, }) .addVersion( diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts index 6515817f28e11..fb6ffba7995b8 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/clean_draft_timelines/index.ts @@ -31,8 +31,10 @@ export const cleanDraftTimelinesRoute = (router: SecuritySolutionPluginRouter) = router.versioned .post({ path: TIMELINE_DRAFT_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts index 1ba3167cdefae..e83d2cc839db0 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/draft_timelines/get_draft_timelines/index.ts @@ -24,8 +24,10 @@ export const getDraftTimelinesRoute = (router: SecuritySolutionPluginRouter) => router.versioned .get({ path: TIMELINE_DRAFT_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts index 9e6aeb5473fc2..7308801030f4a 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/delete_note.ts @@ -22,8 +22,10 @@ export const deleteNoteRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .delete({ path: NOTE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts index 0cd7853b38a1b..3a1ae1ba27e2f 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/get_notes.ts @@ -37,8 +37,10 @@ export const getNotesRoute = ( router.versioned .get({ path: NOTE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts index 2e825b4ff3a15..f9759444b26d8 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/notes/persist_note.ts @@ -25,8 +25,10 @@ export const persistNoteRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .patch({ path: NOTE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts index 74db9e58d904b..51b001c9ea29e 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/pinned_events/persist_pinned_event.ts @@ -26,8 +26,10 @@ export const persistPinnedEventRoute = (router: SecuritySolutionPluginRouter) => router.versioned .patch({ path: PINNED_EVENT_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts index b1a6e2f781f45..99c4d95942f15 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/prepackaged_timelines/install_prepackaged_timelines/index.ts @@ -34,8 +34,12 @@ export const installPrepackedTimelinesRoute = ( router.versioned .post({ path: `${TIMELINE_PREPACKAGED_URL}`, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], body: { maxBytes: config.maxTimelineImportPayloadBytes, output: 'stream', diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts index e795ec89dd926..502b43d4e347f 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/copy_timeline/index.ts @@ -23,8 +23,10 @@ export const copyTimelineRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .post({ path: TIMELINE_COPY_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'internal', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts index 95fb09fb28e56..a91fefc20f934 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/create_timelines/index.ts @@ -32,8 +32,10 @@ export const createTimelinesRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .post({ path: TIMELINE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts index 8dd476c9f4e44..07cffb3e13bf5 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/delete_timelines/index.ts @@ -23,8 +23,10 @@ export const deleteTimelinesRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .delete({ path: TIMELINE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts index 163b212840423..5a055d54a76ce 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/export_timelines/index.ts @@ -26,8 +26,10 @@ export const exportTimelinesRoute = (router: SecuritySolutionPluginRouter, confi router.versioned .post({ path: TIMELINE_EXPORT_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts index 870955f7e8691..a1ae2178fb6fd 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timeline/index.ts @@ -26,8 +26,10 @@ export const getTimelineRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .get({ path: TIMELINE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts index 52995efcf4be1..01a3801ad8672 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/get_timelines/index.ts @@ -25,8 +25,10 @@ export const getTimelinesRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .get({ path: TIMELINES_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts index 59a86238941ab..f66c5456c0396 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/import_timelines/index.ts @@ -32,8 +32,12 @@ export const importTimelinesRoute = (router: SecuritySolutionPluginRouter, confi router.versioned .post({ path: `${TIMELINE_IMPORT_URL}`, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, options: { - tags: ['access:securitySolution'], body: { maxBytes: config.maxTimelineImportPayloadBytes, output: 'stream', diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts index 1297f0cb1a829..7ddea9bd5ffe7 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/patch_timelines/index.ts @@ -26,8 +26,10 @@ export const patchTimelinesRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .patch({ path: TIMELINE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts index cf66c02cf9c97..22d579229a73b 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/persist_favorite/index.ts @@ -26,8 +26,10 @@ export const persistFavoriteRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .patch({ path: TIMELINE_FAVORITE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts index 0afc7d21ae296..773e74faaaf46 100644 --- a/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts +++ b/x-pack/plugins/security_solution/server/lib/timeline/routes/timelines/resolve_timeline/index.ts @@ -27,8 +27,10 @@ export const resolveTimelineRoute = (router: SecuritySolutionPluginRouter) => { router.versioned .get({ path: TIMELINE_RESOLVE_URL, - options: { - tags: ['access:securitySolution'], + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, }, access: 'public', }) diff --git a/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts b/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts index b0758f5645cc1..509de14e2928b 100644 --- a/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts +++ b/x-pack/plugins/spaces/server/routes/api/external/copy_to_space.ts @@ -37,9 +37,14 @@ export function initCopyToSpacesApi(deps: ExternalRouteDeps) { router.post( { path: '/api/spaces/_copy_saved_objects', + security: { + authz: { + requiredPrivileges: ['copySavedObjectsToSpaces'], + }, + }, options: { access: isServerless ? 'internal' : 'public', - tags: ['access:copySavedObjectsToSpaces', 'oas-tag:spaces'], + tags: ['oas-tag:spaces'], summary: `Copy saved objects between spaces`, description: 'It also allows you to automatically copy related objects, so when you copy a dashboard, this can automatically copy over the associated visualizations, data views, and saved searches, as required. You can request to overwrite any objects that already exist in the target space if they share an identifier or you can use the resolve copy saved objects conflicts API to do this on a per-object basis.', @@ -188,9 +193,14 @@ export function initCopyToSpacesApi(deps: ExternalRouteDeps) { router.post( { path: '/api/spaces/_resolve_copy_saved_objects_errors', + security: { + authz: { + requiredPrivileges: ['copySavedObjectsToSpaces'], + }, + }, options: { access: isServerless ? 'internal' : 'public', - tags: ['access:copySavedObjectsToSpaces'], + summary: `Resolve conflicts copying saved objects`, description: 'Overwrite saved objects that are returned as errors from the copy saved objects to space API.', diff --git a/x-pack/plugins/spaces/server/routes/api/internal/get_content_summary.ts b/x-pack/plugins/spaces/server/routes/api/internal/get_content_summary.ts index 848449bfd47b3..6c80a645f0c62 100644 --- a/x-pack/plugins/spaces/server/routes/api/internal/get_content_summary.ts +++ b/x-pack/plugins/spaces/server/routes/api/internal/get_content_summary.ts @@ -38,8 +38,10 @@ export function initGetSpaceContentSummaryApi(deps: InternalRouteDeps) { router.get( { path: '/internal/spaces/{spaceId}/content_summary', - options: { - tags: ['access:manage_spaces'], + security: { + authz: { + requiredPrivileges: ['manage_spaces'], + }, }, validate: { params: schema.object({