[Security Solution] SIEM Migrations RBAC#207087
Merged
semd merged 40 commits intoelastic:mainfrom Feb 6, 2025
Merged
Conversation
Contributor
Author
|
@elasticmachine merge upstream |
…_migrations/feature_rbac
…ture_rbac' into siem_migrations/feature_rbac
This comment was marked as resolved.
This comment was marked as resolved.
Contributor
|
ACK: re-reviewing |
kc13greiner
approved these changes
Feb 5, 2025
Contributor
kc13greiner
left a comment
kc13greiner
left a comment
There was a problem hiding this comment.
Overall LGTM!
One nit: When I load this card, it doesn't match your screenshot, but it is probably misconfig error on my end ( It looked like there should be 2 sections):
Thanks for working with me on this - looks great!
Contributor
Author
@kc13greiner This is the UI when there's no AI connector created, the UI with 2 sections is displayed when you have at least one connector available |
…ture_rbac' into siem_migrations/feature_rbac
Contributor
|
Starting backport for target branches: 8.18, 8.x, 9.0 https://github.com/elastic/kibana/actions/runs/13184684371 |
kibanamachine
added a commit
to kibanamachine/kibana
that referenced
this pull request
Feb 6, 2025
## Summary Implements the access controls for SIEM rule migrations. ## API changes - All API routes have been secured with "SIEM Migration" feature checks - Start migration API route now checks if the user has privileges to use the connector ID received ## UI changes ### Onboarding SIEM migrations - AI Connector selection - Actions & Connectors: Read -> This privilege allows reading and selecting a connector Otherwise, we show a callout with the missing privileges:  - Create a migration - Security All -> Main Security read & write access - Siem Migrations All -> new feature under the Security catalog - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, we show a callout with the missing privileges:  ### Rule Translations page - Minimum privileges to make the page accessible (read access): - Security Read -> Main Security read access - Siem Migrations All -> new feature under the Security catalog Otherwise, we hide the link in the navigation and display the generic empty state if accessed:  - To successfully install rules the following privileges are also required (write access): - Security All -> Main Security read & write access - Index privileges for `.alerts*` pattern: _read, write, view_index_metadata, manage_ - Index privileges for `lookup_*` pattern: _read_ Otherwise, we show a callout at the top of the page, this callout is consistent with the one displayed on the Detection Rules page (`/app/security/rules`)  - To retry rule translations (upload missing macros/lookups or retry errors) - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, when attempted, we show a toast with the missing privilege.  ## Other changes - Technical preview label  - No connector selected toast https://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d ## Fixes - [Fixed] Not possible to select a connector when no connector is selected:  --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit a990be6)
Contributor
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
drewdaemon
pushed a commit
to drewdaemon/kibana
that referenced
this pull request
Feb 6, 2025
## Summary Implements the access controls for SIEM rule migrations. ## API changes - All API routes have been secured with "SIEM Migration" feature checks - Start migration API route now checks if the user has privileges to use the connector ID received ## UI changes ### Onboarding SIEM migrations - AI Connector selection - Actions & Connectors: Read -> This privilege allows reading and selecting a connector Otherwise, we show a callout with the missing privileges:  - Create a migration - Security All -> Main Security read & write access - Siem Migrations All -> new feature under the Security catalog - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, we show a callout with the missing privileges:  ### Rule Translations page - Minimum privileges to make the page accessible (read access): - Security Read -> Main Security read access - Siem Migrations All -> new feature under the Security catalog Otherwise, we hide the link in the navigation and display the generic empty state if accessed:  - To successfully install rules the following privileges are also required (write access): - Security All -> Main Security read & write access - Index privileges for `.alerts*` pattern: _read, write, view_index_metadata, manage_ - Index privileges for `lookup_*` pattern: _read_ Otherwise, we show a callout at the top of the page, this callout is consistent with the one displayed on the Detection Rules page (`/app/security/rules`)  - To retry rule translations (upload missing macros/lookups or retry errors) - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, when attempted, we show a toast with the missing privilege.  ## Other changes - Technical preview label  - No connector selected toast https://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d ## Fixes - [Fixed] Not possible to select a connector when no connector is selected:  --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine
added a commit
that referenced
this pull request
Feb 7, 2025
# Backport This will backport the following commits from `main` to `9.0`: - [[Security Solution] SIEM Migrations RBAC (#207087)](#207087) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Sergi Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-02-06T17:41:21Z","message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] SIEM Migrations RBAC","number":207087,"url":"https://github.com/elastic/kibana/pull/207087","mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207087","number":207087,"mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>
This was referenced Feb 7, 2025
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
semd
added a commit
to semd/kibana
that referenced
this pull request
Feb 7, 2025
## Summary Implements the access controls for SIEM rule migrations. ## API changes - All API routes have been secured with "SIEM Migration" feature checks - Start migration API route now checks if the user has privileges to use the connector ID received ## UI changes ### Onboarding SIEM migrations - AI Connector selection - Actions & Connectors: Read -> This privilege allows reading and selecting a connector Otherwise, we show a callout with the missing privileges:  - Create a migration - Security All -> Main Security read & write access - Siem Migrations All -> new feature under the Security catalog - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, we show a callout with the missing privileges:  ### Rule Translations page - Minimum privileges to make the page accessible (read access): - Security Read -> Main Security read access - Siem Migrations All -> new feature under the Security catalog Otherwise, we hide the link in the navigation and display the generic empty state if accessed:  - To successfully install rules the following privileges are also required (write access): - Security All -> Main Security read & write access - Index privileges for `.alerts*` pattern: _read, write, view_index_metadata, manage_ - Index privileges for `lookup_*` pattern: _read_ Otherwise, we show a callout at the top of the page, this callout is consistent with the one displayed on the Detection Rules page (`/app/security/rules`)  - To retry rule translations (upload missing macros/lookups or retry errors) - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, when attempted, we show a toast with the missing privilege.  ## Other changes - Technical preview label  - No connector selected toast https://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d ## Fixes - [Fixed] Not possible to select a connector when no connector is selected:  --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit a990be6) # Conflicts: # x-pack/test/spaces_api_integration/common/suites/get.ts
semd
added a commit
to semd/kibana
that referenced
this pull request
Feb 7, 2025
## Summary Implements the access controls for SIEM rule migrations. ## API changes - All API routes have been secured with "SIEM Migration" feature checks - Start migration API route now checks if the user has privileges to use the connector ID received ## UI changes ### Onboarding SIEM migrations - AI Connector selection - Actions & Connectors: Read -> This privilege allows reading and selecting a connector Otherwise, we show a callout with the missing privileges:  - Create a migration - Security All -> Main Security read & write access - Siem Migrations All -> new feature under the Security catalog - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, we show a callout with the missing privileges:  ### Rule Translations page - Minimum privileges to make the page accessible (read access): - Security Read -> Main Security read access - Siem Migrations All -> new feature under the Security catalog Otherwise, we hide the link in the navigation and display the generic empty state if accessed:  - To successfully install rules the following privileges are also required (write access): - Security All -> Main Security read & write access - Index privileges for `.alerts*` pattern: _read, write, view_index_metadata, manage_ - Index privileges for `lookup_*` pattern: _read_ Otherwise, we show a callout at the top of the page, this callout is consistent with the one displayed on the Detection Rules page (`/app/security/rules`)  - To retry rule translations (upload missing macros/lookups or retry errors) - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, when attempted, we show a toast with the missing privilege.  ## Other changes - Technical preview label  - No connector selected toast https://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d ## Fixes - [Fixed] Not possible to select a connector when no connector is selected:  --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit a990be6) # Conflicts: # x-pack/test/spaces_api_integration/common/suites/get.ts
semd
added a commit
that referenced
this pull request
Feb 7, 2025
# Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] SIEM Migrations RBAC (#207087)](#207087) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Sergi Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-02-06T17:41:21Z","message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] SIEM Migrations RBAC","number":207087,"url":"https://github.com/elastic/kibana/pull/207087","mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/210086","number":210086,"state":"MERGED","mergeCommit":{"sha":"8acee959bc8252dade3aa5f2a335dbe129d962c3","message":"[9.0] [Security Solution] SIEM Migrations RBAC (#207087) (#210086)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.0`:\n- [[Security Solution] SIEM Migrations RBAC\n(#207087)](https://github.com/elastic/kibana/pull/207087)\n\n<!--- Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT [{\"author\":{\"name\":\"Sergi\nMassaneda\",\"email\":\"sergi.massaneda@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2025-02-06T17:41:21Z\",\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\",\"branchLabelMapping\":{\"^v9.1.0$\":\"main\",\"^v8.19.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:skip\",\"v9.0.0\",\"Team:Threat\nHunting\",\"backport:version\",\"v8.18.0\",\"v9.1.0\",\"v8.19.0\"],\"title\":\"[Security\nSolution] SIEM Migrations\nRBAC\",\"number\":207087,\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"mergeCommit\":{\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"9.0\",\"8.18\",\"8.x\"],\"targetPullRequestStates\":[{\"branch\":\"9.0\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.18\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"main\",\"label\":\"v9.1.0\",\"branchLabelMappingKey\":\"^v9.1.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"number\":207087,\"mergeCommit\":{\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},{\"branch\":\"8.x\",\"label\":\"v8.19.0\",\"branchLabelMappingKey\":\"^v8.19.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207087","number":207087,"mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
semd
added a commit
that referenced
this pull request
Feb 7, 2025
# Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] SIEM Migrations RBAC (#207087)](#207087) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Sergi Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-02-06T17:41:21Z","message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] SIEM Migrations RBAC","number":207087,"url":"https://github.com/elastic/kibana/pull/207087","mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/210086","number":210086,"state":"MERGED","mergeCommit":{"sha":"8acee959bc8252dade3aa5f2a335dbe129d962c3","message":"[9.0] [Security Solution] SIEM Migrations RBAC (#207087) (#210086)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.0`:\n- [[Security Solution] SIEM Migrations RBAC\n(#207087)](https://github.com/elastic/kibana/pull/207087)\n\n<!--- Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT [{\"author\":{\"name\":\"Sergi\nMassaneda\",\"email\":\"sergi.massaneda@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2025-02-06T17:41:21Z\",\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\",\"branchLabelMapping\":{\"^v9.1.0$\":\"main\",\"^v8.19.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:skip\",\"v9.0.0\",\"Team:Threat\nHunting\",\"backport:version\",\"v8.18.0\",\"v9.1.0\",\"v8.19.0\"],\"title\":\"[Security\nSolution] SIEM Migrations\nRBAC\",\"number\":207087,\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"mergeCommit\":{\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"9.0\",\"8.18\",\"8.x\"],\"targetPullRequestStates\":[{\"branch\":\"9.0\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.18\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"main\",\"label\":\"v9.1.0\",\"branchLabelMappingKey\":\"^v9.1.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"number\":207087,\"mergeCommit\":{\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},{\"branch\":\"8.x\",\"label\":\"v8.19.0\",\"branchLabelMappingKey\":\"^v8.19.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207087","number":207087,"mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements the access controls for SIEM rule migrations.
API changes
UI changes
Onboarding SIEM migrations
Otherwise, we show a callout with the missing privileges:
Otherwise, we show a callout with the missing privileges:
Rule Translations page
Otherwise, we hide the link in the navigation and display the generic empty state if accessed:
.alerts*pattern: read, write, view_index_metadata, managelookup_*pattern: readOtherwise, we show a callout at the top of the page, this callout is consistent with the one displayed on the Detection Rules page (
/app/security/rules)Otherwise, when attempted, we show a toast with the missing privilege.
Other changes
no_connector_toast.mov
Fixes