From 0f7d6e29b4e7ff4ef44db8648a651b8641088cfa Mon Sep 17 00:00:00 2001 From: Nastasha Solomon <79124755+nastasha-solomon@users.noreply.github.com> Date: Mon, 29 Jan 2024 08:54:20 -0500 Subject: [PATCH] [Request][7.17-8.10] Doc privs required to create and manage the .lists data stream (#4696) (cherry picked from commit 2990160e6345d61b207b9004cd3595428d7f0b79) # Conflicts: # docs/getting-started/detections-req.asciidoc --- .../exceptions-api-overview.asciidoc | 13 ++----- .../lists-index-api-overview.asciidoc | 2 +- .../api/lists/lists-api-overview.asciidoc | 16 ++------- docs/getting-started/detections-req.asciidoc | 34 ++++++++++++++++++- 4 files changed, 40 insertions(+), 25 deletions(-) diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc index b0bc68d936..440b4b012e 100644 --- a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc +++ b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc @@ -43,15 +43,8 @@ IMPORTANT: Before you can create exceptions, you must create `.lists` and `.items` indices for the {kib} space (see <>). [float] -=== Kibana role requirements +=== Exceptions requirements -To create list containers and items, the user role for the {kib} space must -have: +Before you start working with exceptions that use value lists, you must create the `.lists` and `.items` indices for the relevant {kib} space. To learn how to do this, go to <>. -* `read` and `write` index privileges for the -`.lists` and `.items` indices (the system index used for storing exception lists). -* {kib} space `All` privileges for the `Security` and `Saved Objects Management` -features (see -{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). - -See <> for a complete list of requirements. +Once these indices are created, your role needs privileges to manage rules. Refer to <> for a complete list of requirements. diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc index 5a73e29977..7889ecae67 100644 --- a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc +++ b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc @@ -6,7 +6,7 @@ and `.items` system indices in the relevant {kibana-ref}/xpack-spaces.html[{kib} space]. For information about the permissions and privileges required to create -`.lists` and `.items` indices, see <>. +`.lists` and `.items` indices, refer to <>. NOTE: Console supports only Elasticsearch APIs. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc index dfb5983421..c2fb1f1910 100644 --- a/docs/detections/api/lists/lists-api-overview.asciidoc +++ b/docs/detections/api/lists/lists-api-overview.asciidoc @@ -56,19 +56,9 @@ Use an <> to define the operator and associate it with an <>. You can then add the exception container to a rule's `exceptions_list` object. -IMPORTANT: Before you can create lists, you must create `.lists` and `.items` -indices for the {kib} space (see <>). - [float] -=== Kibana role requirements - -To create list containers and items, the user role for the {kib} space must -have: +=== Lists requirements -* `read` and `write` index privileges for the -`.lists` and `.items` indices (the system index used for storing exception lists). -* {kib} space `All` privileges for the `Security` and `Saved Objects Management` -features (see -{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). +Before you can start using lists, you must create the `.lists` and `.items` indices for the relevant {kib} space. To learn how to do this, go to <>. -See <> for a complete list of requirements. +Once these indices are created, your role needs privileges to manage rules. Refer to <> for a complete list of requirements. diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc index 50e63cb2f9..abb6a64ba4 100644 --- a/docs/getting-started/detections-req.asciidoc +++ b/docs/getting-started/detections-req.asciidoc @@ -58,7 +58,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t |{kib} space `All` privileges for the `Security` feature (see {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) - |Enable the Detections feature in all Kibana spaces *Note*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space. @@ -66,10 +65,31 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t |The `manage` privilege a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following system indices: +<<<<<<< HEAD * `.siem-signals-*` * `.lists-*` * `.items-*` |{kib} space `All` privileges for the `Security` feature (see +======= +* `.alerts-security.alerts-` +* `.siem-signals-` ^1^ +* `.lists-` +* `.items-` + +^1^ *NOTE*: If you're upgrading to {stack} 8.0.0 or later, users should have privileges for the `.alerts-security.alerts-` AND `.siem-signals-` indices. If you're newly installing the {stack}, then users do not need privileges for the `.siem-signals-` index. + +|{kib} space `All` privileges for the `Security` feature (refer to +{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) + +| Preview rules +|N/A +a| The `read` privilege for the following indices: + +* `.preview.alerts-security.alerts-` +* `.internal.preview.alerts-security.alerts--*` + +|{kib} space `All` privileges for the `Security` feature (refer to +>>>>>>> 2990160 ([Request][7.17-8.10] Doc privs required to create and manage the .lists data stream (#4696)) {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) |Manage rules @@ -109,6 +129,18 @@ a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges |{kib} space `read` privileges for the `Security` feature (see {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) +|Create the `.lists` and `.items` indices in your {kib} space + +**NOTE**: To initiate the process that creates the `.lists` and `.items` indices, you must visit the Rules page for each appropriate {kib} space. + +|The `manage` privilege +a| The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following indices, where `` is the {kib} space name: + +* `.lists-` +* `.items-` +|{kib} space `All` privileges for the `Security` and `Saved Objects Management` +features (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) + |============================================== Here is an example of a user who has the Detections feature enabled in all {kib}