[8.x] [Security Solution] SIEM Migrations RBAC (#207087)#210151
Merged
semd merged 2 commits intoelastic:8.xfrom Feb 7, 2025
Merged
[8.x] [Security Solution] SIEM Migrations RBAC (#207087)#210151semd merged 2 commits intoelastic:8.xfrom
semd merged 2 commits intoelastic:8.xfrom
Conversation
## Summary Implements the access controls for SIEM rule migrations. ## API changes - All API routes have been secured with "SIEM Migration" feature checks - Start migration API route now checks if the user has privileges to use the connector ID received ## UI changes ### Onboarding SIEM migrations - AI Connector selection - Actions & Connectors: Read -> This privilege allows reading and selecting a connector Otherwise, we show a callout with the missing privileges:  - Create a migration - Security All -> Main Security read & write access - Siem Migrations All -> new feature under the Security catalog - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, we show a callout with the missing privileges:  ### Rule Translations page - Minimum privileges to make the page accessible (read access): - Security Read -> Main Security read access - Siem Migrations All -> new feature under the Security catalog Otherwise, we hide the link in the navigation and display the generic empty state if accessed:  - To successfully install rules the following privileges are also required (write access): - Security All -> Main Security read & write access - Index privileges for `.alerts*` pattern: _read, write, view_index_metadata, manage_ - Index privileges for `lookup_*` pattern: _read_ Otherwise, we show a callout at the top of the page, this callout is consistent with the one displayed on the Detection Rules page (`/app/security/rules`)  - To retry rule translations (upload missing macros/lookups or retry errors) - Actions & Connectors: Read -> This privilege allows connector execution for LLM calls Otherwise, when attempted, we show a toast with the missing privilege.  ## Other changes - Technical preview label  - No connector selected toast https://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d ## Fixes - [Fixed] Not possible to select a connector when no connector is selected:  --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit a990be6) # Conflicts: # x-pack/test/spaces_api_integration/common/suites/get.ts
P1llus
approved these changes
Feb 7, 2025
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
ESLint disabled line counts
Total ESLint disabled count
History
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.x:Questions ?
Please refer to the Backport tool documentation
\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sqren/backport)\n\n\n\nCo-authored-by: Sergi Massaneda "}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com//pull/207087","number":207087,"mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine \r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->