diff --git a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc index 478ea06da4..1967b83b5f 100644 --- a/docs/detections/api/exceptions/exceptions-api-overview.asciidoc +++ b/docs/detections/api/exceptions/exceptions-api-overview.asciidoc @@ -37,19 +37,9 @@ entities: image::images/exceptions-logic.png[] -IMPORTANT: Before you can create exceptions, you must create `.lists` and -`.items` data streams for the {kib} space (see <>). - [float] -=== Kibana role requirements - -To create list containers and items, the user role for the {kib} space must -have: - -* `read` and `write` index privileges for the -`.lists` and `.items` data streams (the system data stream used for storing exception lists). -* {kib} space `All` privileges for the `Security` and `Saved Objects Management` -features (see -{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). +=== Exceptions requirements -See <> for a complete list of requirements. +Before you start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant {kib} space. To learn how to do this, go to <>. + +Once these data streams are created, your role needs privileges to manage rules. Refer to <> for a complete list of requirements. diff --git a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc index 1bade6bcd9..4bd0e5590a 100644 --- a/docs/detections/api/exceptions/lists-index-api-overview.asciidoc +++ b/docs/detections/api/exceptions/lists-index-api-overview.asciidoc @@ -6,7 +6,7 @@ and `.items` system data streams in the relevant {kibana-ref}/xpack-spaces.html[{kib} space]. For information about the permissions and privileges required to create -`.lists` and `.items` data streams, see <>. +`.lists` and `.items` data streams, refer to <>. [discrete] === Create data stream diff --git a/docs/detections/api/lists/lists-api-overview.asciidoc b/docs/detections/api/lists/lists-api-overview.asciidoc index a99e6d571c..0cd1e28ebb 100644 --- a/docs/detections/api/lists/lists-api-overview.asciidoc +++ b/docs/detections/api/lists/lists-api-overview.asciidoc @@ -54,19 +54,9 @@ Use an <> to define the operator and associate it with an <>. You can then add the exception container to a rule's `exceptions_list` object. -IMPORTANT: Before you can create lists, you must create `.lists` and `.items` -data streams for the {kib} space (see <>). - [float] -=== Kibana role requirements - -To create list containers and items, the user role for the {kib} space must -have: - -* `read` and `write` index privileges for the -`.lists` and `.items` data streams (the system data stream used for storing exception lists). -* {kib} space `All` privileges for the `Security` and `Saved Objects Management` -features (see -{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]). +=== Lists requirements -See <> for a complete list of requirements. +Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant {kib} space. To learn how to do this, go to <>. + +Once these data streams are created, your role needs privileges to manage rules. Refer to <> for a complete list of requirements. \ No newline at end of file diff --git a/docs/getting-started/detections-req.asciidoc b/docs/getting-started/detections-req.asciidoc index cd23627330..e58f73a039 100644 --- a/docs/getting-started/detections-req.asciidoc +++ b/docs/getting-started/detections-req.asciidoc @@ -12,8 +12,6 @@ deployments. If you're using an Elastic Cloud deployment, you only need to Additionally, there are some <> used to configure {kib} <> upload limits. - - [discrete] [[detections-on-prem-requirements]] == Configure self-managed {stack} deployments @@ -65,7 +63,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t |{kib} space `All` privileges for the `Security` feature (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) - |Enable the Detections feature in all Kibana spaces *NOTE*: To turn on the Detections feature, visit the Detections page for each appropriate Kibana space. @@ -83,7 +80,6 @@ a|The `manage`, `write`,`read`, and `view_index_metadata` index privileges for t |{kib} space `All` privileges for the `Security` feature (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) - | Preview rules |N/A a| The `read` privilege for the following indices: @@ -130,6 +126,19 @@ a|The `maintenance`, `write`,`read`, and `view_index_metadata` index privileges |{kib} space `Read` privileges for the `Security` feature (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) +|Create the `.lists` and `.items` data streams in your {kib} space + +**NOTE**: To initiate the process that creates the `.lists` and `.items` data streams, you must visit the Rules page for each appropriate {kib} space. + +|The `manage` privilege +a| The `manage`, `write`,`read`, and `view_index_metadata` index privileges for the following data streams, where `` is the {kib} space name: + +* `.lists-` +* `.items-` + +|{kib} space `All` privileges for the `Security` and `Saved Objects Management` +features (refer to {kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]) + |============================================== Here is an example of a user who has the Detections feature enabled in all {kib} spaces: