Skip to content

Commit

Permalink
[Request][7.17-8.10] Doc privs required to create and manage the .lis…
Browse files Browse the repository at this point in the history
…ts data stream (#4696)

(cherry picked from commit 2990160)

# Conflicts:
#	docs/getting-started/detections-req.asciidoc
  • Loading branch information
nastasha-solomon authored and mergify[bot] committed Jan 29, 2024
1 parent d241b03 commit 0f7d6e2
Show file tree
Hide file tree
Showing 4 changed files with 40 additions and 25 deletions.
13 changes: 3 additions & 10 deletions docs/detections/api/exceptions/exceptions-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,8 @@ IMPORTANT: Before you can create exceptions, you must create `.lists` and
`.items` indices for the {kib} space (see <<lists-index-api-overview>>).

[float]
=== Kibana role requirements
=== Exceptions requirements

To create list containers and items, the user role for the {kib} space must
have:
Before you start working with exceptions that use value lists, you must create the `.lists` and `.items` indices for the relevant {kib} space. To learn how to do this, go to <<lists-index-api-overview>>.

* `read` and `write` index privileges for the
`.lists` and `.items` indices (the system index used for storing exception lists).
* {kib} space `All` privileges for the `Security` and `Saved Objects Management`
features (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).

See <<detections-permissions-section>> for a complete list of requirements.
Once these indices are created, your role needs privileges to manage rules. Refer to <<enable-detections-ui>> for a complete list of requirements.
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ and `.items` system indices in the relevant
{kibana-ref}/xpack-spaces.html[{kib} space].

For information about the permissions and privileges required to create
`.lists` and `.items` indices, see <<enable-detections-ui>>.
`.lists` and `.items` indices, refer to <<enable-detections-ui>>.

NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests].

Expand Down
16 changes: 3 additions & 13 deletions docs/detections/api/lists/lists-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -56,19 +56,9 @@ Use an <<exceptions-api-create-exception-item, exception item>> to define the
operator and associate it with an <<exceptions-api-create-container, exception container>>.
You can then add the exception container to a rule's `exceptions_list` object.

IMPORTANT: Before you can create lists, you must create `.lists` and `.items`
indices for the {kib} space (see <<lists-index-api-overview>>).

[float]
=== Kibana role requirements

To create list containers and items, the user role for the {kib} space must
have:
=== Lists requirements

* `read` and `write` index privileges for the
`.lists` and `.items` indices (the system index used for storing exception lists).
* {kib} space `All` privileges for the `Security` and `Saved Objects Management`
features (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).
Before you can start using lists, you must create the `.lists` and `.items` indices for the relevant {kib} space. To learn how to do this, go to <<lists-index-api-overview>>.

See <<detections-permissions-section>> for a complete list of requirements.
Once these indices are created, your role needs privileges to manage rules. Refer to <<enable-detections-ui>> for a complete list of requirements.
34 changes: 33 additions & 1 deletion docs/getting-started/detections-req.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -58,18 +58,38 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t
|{kib} space `All` privileges for the `Security` feature (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])


|Enable the Detections feature in all Kibana spaces

*Note*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space.

|The `manage` privilege
a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices:

<<<<<<< HEAD
* `.siem-signals-*`
* `.lists-*`
* `.items-*`
|{kib} space `All` privileges for the `Security` feature (see
=======
* `.alerts-security.alerts-<space-id>`
* `.siem-signals-<space-id>` ^1^
* `.lists-<space-id>`
* `.items-<space-id>`
^1^ *NOTE*: If you're upgrading to {stack} 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-<space-id>` AND `.siem-signals-<space-id>` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-<space-id>` index.
|{kib} space `All` privileges for the `Security` feature (refer to
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
| Preview rules
|N/A
a| The `read` privilege for the following indices:
* `.preview.alerts-security.alerts-<space-id>`
* `.internal.preview.alerts-security.alerts-<space-id>-*`
|{kib} space `All` privileges for the `Security` feature (refer to
>>>>>>> 2990160 ([Request][7.17-8.10] Doc privs required to create and manage the .lists data stream (#4696))
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])
|Manage rules
Expand Down Expand Up @@ -109,6 +129,18 @@ a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges
|{kib} space `read` privileges for the `Security` feature (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])

|Create the `.lists` and `.items` indices in your {kib} space

**NOTE**: To initiate the process that creates the `.lists` and `.items` indices, you must visit the Rules page for each appropriate {kib} space.

|The `manage` privilege
a| The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following indices, where `<space-id>` is the {kib} space name:

* `.lists-<space-id>`
* `.items-<space-id>`
|{kib} space `All` privileges for the `Security` and `Saved Objects Management`
features (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges])

|==============================================

Here is an example of a user who has the Detections feature enabled in all {kib}
Expand Down

0 comments on commit 0f7d6e2

Please sign in to comment.