[AI4DSOC] Change rules and alerts capabilities#215148
[AI4DSOC] Change rules and alerts capabilities#215148tomsonpl merged 40 commits intoelastic:mainfrom
Conversation
|
/ci |
|
/ci |
|
/ci |
|
/ci |
|
/ci |
… ai-soc-alerts-capabilities
|
/ci |
|
/ci |
… ai-soc-alerts-capabilities
|
/ci |
tomsonpl
changed the title
|
/ci |
This reverts commit 721a915.
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
4 similar comments
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
tomsonpl
added
backport:skip
tomsonpl
added
backport:version
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15465817133 |
|
Starting backport for target branches: 8.19 https://github.com/elastic/kibana/actions/runs/15465817098 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
1 similar comment
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
(cherry picked from commit 795094d) # Conflicts: # x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.test.tsx # x-pack/solutions/security/plugins/security_solution/public/common/components/security_route_page_wrapper/index.tsx # x-pack/solutions/security/plugins/security_solution/public/common/utils/timeline/use_show_timeline.test.tsx # x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/__snapshots__/side_navigation.test.tsx.snap # x-pack/solutions/security/plugins/security_solution_serverless/public/navigation/ai_soc/ai_soc_navigation.ts # x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts # x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/constants.ts # x-pack/test/security_solution_cypress/cypress/e2e/ai4dsoc/navigation/navigation.cy.ts
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
kibanamachine
added
the
backport missing
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
|
Looks like this PR has a backport PR but it still hasn't been merged. Please merge it ASAP to keep the branches relatively in sync. |
) # Backport This will backport the following commits from `main` to `8.19`: - [[AI4DSOC] Change rules and alerts capabilities (#215148)](#215148) <!--- Backport version: 10.0.0 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Tomasz Ciecierski","email":"tomasz.ciecierski@elastic.co"},"sourceCommit":{"committedDate":"2025-04-09T09:29:09Z","message":"[AI4DSOC] Change rules and alerts capabilities (#215148)","sha":"795094d8c63dde1439220cfba1808fce50c781d1","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Security Generative AI","backport:version","v9.1.0","v8.19.0"],"title":"[AI4DSOC] Change rules and alerts capabilities","number":215148,"url":"https://github.com/elastic/kibana/pull/215148","mergeCommit":{"message":"[AI4DSOC] Change rules and alerts capabilities (#215148)","sha":"795094d8c63dde1439220cfba1808fce50c781d1"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215148","number":215148,"mergeCommit":{"message":"[AI4DSOC] Change rules and alerts capabilities (#215148)","sha":"795094d8c63dde1439220cfba1808fce50c781d1"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
kibanamachine
removed
the
backport missing
kibanamachine
added
the
backport missing
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
tomsonpl
removed
the
backport missing
|
@jbudz - backport has been merged, but the label keeps getting back, could you suggest how to tackle this ? :) |
11 participants
Description
This PR introduces a new capabilities-based gating to hide the Alerts and Rules pages.
It results in the pages being hidden in
AI_SOCproduct, but normally available inSecurity.Users manually navigating to the restricted URLs will be redirected to
/app/security/get_startedpage.Changes
ProductFeatureSecurityKey.detections]:extends thesiemv2by addingdetectionsUI capability next toshow. Sinceshowenables general Security functionalities, anddetectionsadd some limitations to internal functionalities like: rules and alerts that are not available in AI_SOC.detectionscapability from now on.ProductFeatureSecurityKey.externalDetections]:extends limited version ofsiemv2by addingexternal_detectionsUI capability next toshow. This enables AI_SOC user to see basic_rules or alerts_summary, but not rules and alerts pages.ProductFeatureSecurityKey.alertsSummaryin favor ofProductFeatureSecurityKey.externalDetectionsRoutes (Example)
/app/security/alerts→ Visible only if the user meets detections capabilities./app/security/rules→ Visible only if the user meets detections capabilities.Otherwise both redirect to
/app/security/get_startedHow to verify these pages are hidden locally:
Please add the following configuration to your
serverless.security.dev.ymlfile: