diff --git a/config/serverless.security.search_ai_lake.yml b/config/serverless.security.search_ai_lake.yml index 2766bb1e079f0..4e780766ed1d2 100644 --- a/config/serverless.security.search_ai_lake.yml +++ b/config/serverless.security.search_ai_lake.yml @@ -27,6 +27,21 @@ xpack.features.overrides: securitySolutionSiemMigrations.hidden: true ## Fine-tune the security solution essentials feature privileges. These feature privilege overrides are set individually for each project type. Also, refer to `serverless.yml` for the project-agnostic overrides. + siemV5: + privileges: + all.composedOf: + ## Limited values so the fields from serverless.yml or serverless.security.yml are overwritten + ## We do not need to compose 4 from maps and visualizations because these functionalities are disabled in this tier + - feature: 'discover_v2' + privileges: ['all'] + ## We need limited access to fleet (v1) in order to use integrations + - feature: 'fleet' + privileges: ['all'] + read.composedOf: + - feature: 'discover_v2' + privileges: ['read'] + - feature: 'fleet' + privileges: ['read'] siemV4: privileges: all.composedOf: diff --git a/config/serverless.security.yml b/config/serverless.security.yml index 435a328834998..afa4565511cd4 100644 --- a/config/serverless.security.yml +++ b/config/serverless.security.yml @@ -29,6 +29,31 @@ xpack.features.overrides: category: "security" order: 1103 ### Security's feature privileges are fine-tuned to grant access to Discover, Dashboard, Maps, and Visualize apps. + siemV5: + privileges: + ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and + ### Visualize features. + all.composedOf: + - feature: 'discover_v2' + privileges: ['all'] + - feature: 'dashboard_v2' + privileges: ['all'] + - feature: 'visualize_v2' + privileges: ['all'] + - feature: 'maps_v2' + privileges: ['all'] + # Security's `Read` feature privilege should implicitly grant `Read` access to Discover, Dashboard, Maps, and + # Visualize features. Additionally, it should implicitly grant privilege to create short URLs in Discover, + ### Dashboard, and Visualize apps. + read.composedOf: + - feature: 'discover_v2' + privileges: ['read'] + - feature: 'dashboard_v2' + privileges: ['read'] + - feature: 'visualize_v2' + privileges: ['read'] + - feature: 'maps_v2' + privileges: ['read'] siemV4: privileges: ### Security's `All` feature privilege should implicitly grant `All` access to Discover, Dashboard, Maps, and diff --git a/x-pack/platform/plugins/private/translations/translations/de-DE.json b/x-pack/platform/plugins/private/translations/translations/de-DE.json index 684307e1e1da4..27650551a5940 100644 --- a/x-pack/platform/plugins/private/translations/translations/de-DE.json +++ b/x-pack/platform/plugins/private/translations/translations/de-DE.json @@ -7131,49 +7131,35 @@ "securitySolutionPackages.features.featureRegistry.subFeatures.assistant.description": "Ändern Sie die Standard-Felder, die vom KI-Assistenten und der Angriffserkennung verwendet werden dürfen. Anonymisieren Sie jeglichen Inhalt für die ausgewählten Felder.", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList": "Blockliste", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.description": "Erweitern Sie den Schutz von Elastic Defend gegen bösartige Prozesse und schützen Sie vor potenziell schädlichen Anwendungen.", - "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.privilegesTooltip": "Für den Zugriff auf die Blocklist ist 'Alle Spaces' erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions": "Endpoint-Ausnahmen", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description": "Verwenden Sie Endpoint-Ausnahmen (dies ist eine Test-Unterfunktion).", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.privilegesTooltip": "Für den Zugriff auf Endpoint-Ausnahmen ist „Alle Bereiche“ erforderlich.A", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList": "Endpoint-Liste", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.description": "Zeigt alle Hosts an, auf denen Elastic Defend läuft, sowie deren relevante Integrationsdetails.", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.privilegesTooltip": "Für den Zugriff auf die Endpoint-Liste ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters": "Ereignisfilter", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.description": "Filtern Sie Endpoint-Ereignisse heraus, die Sie nicht in Elasticsearch speichern müssen oder möchten.", - "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.privilegesTooltip": "Für den Zugriff auf Ereignisfilter ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations": "Operationen ausführen", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.description": "Führen Sie Reaktionsmaßnahmen auf Skriptausführungen in der Antwortkonsole aus.", - "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.privilegesTooltip": "Für den Zugriff auf „Operationen ausführen“ ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations": "Dateioperationen", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.description": "Führen Sie dateibezogene Reaktionsmaßnahmen in der Antwortkonsole aus.", - "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.privilegesTooltip": "Für den Zugriff auf Dateivorgänge sind alle Spaces erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement": "Globale Artefaktverwaltung", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement.description": "Verwalten Sie die globale Zuweisung von Endpoint-Artefakten (z. B. Trusted Applications, Ereignisfilter) über alle Richtlinien hinweg. Diese Berechtigung steuert nur die globalen Zuweisungsrechte; für die vollständige Verwaltung der Artefakte sind Berechtigungen für jeden Artefakttyp erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation": "Host-Isolierung", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.description": "Führen Sie die Reaktionsmaßnahmen „Isolieren“ und „Freigeben“ durch.", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.privilegesTooltip": "Für den Zugriff auf die Host-Isolierung sind alle Spaces erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions": "Ausnahmen für die Host-Isolation", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.description": "Fügen Sie spezifische IP-Adressen hinzu, mit denen isolierte Hosts weiterhin kommunizieren dürfen, selbst wenn sie vom Rest des Netzwerks isoliert sind.", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.privilegesTooltip": "Für den Zugriff auf Ausnahmen für die Host-Isolation ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement": "Elastic Defend-Richtlinienverwaltung", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.description": "Greifen Sie auf die Elastic Defend-Integrationsrichtlinie zu, um Schutzmaßnahmen, Ereigniserfassung und erweiterte Elastic Features zu konfigurieren.", - "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.privilegesTooltip": "Für den Zugriff auf die Richtlinienverwaltung ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations": "Prozessabläufe", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.description": "Führen Sie prozessbezogene Reaktionsmaßnahmen in der Reaktionkonsole durch.", - "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.privilegesTooltip": "Für den Zugriff auf Prozessvorgänge sind alle Bereiche erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.readPrivilegeName": "Lesen", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory": "Verlauf der Reaktionsmaßnahmen", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.description": "Greifen Sie auf den Verlauf der Reaktionsmaßnahmen zu, die auf Endpoints durchgeführt wurden.", - "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.privilegesTooltip": "Alle Spaces sind für den Zugriff auf den Verlauf der Reaktionsaktionen erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations": "Scanvorgänge", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.description": "Führen Sie Bekämpfungsmaßnahmen für Ordnerscans in der Antwortkonsole aus.", - "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.privilegesTooltip": "Für den Zugriff auf Scan-Vorgänge ist „Alle Spaces“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications": "Vertrauenswürdige Anwendungen", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.description": "Hilft, Konflikte mit anderer Software zu mildern, normalerweise mit anderen Antiviren- oder Endpoint-Sicherheitsanwendungen.", - "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.privilegesTooltip": "Für den Zugriff auf vertrauenswürdige Anwendungen ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights": "Automatische Problembehebung", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.description": "Zugriff auf die automatische Problembehebung.", - "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.privilegesTooltip": "Für den Zugriff auf die automatische Fehlerbehebung ist „Alle Bereiche“ erforderlich.", "securitySolutionPackages.markdown.insight.upsell": "Führen Sie ein Upgrade auf {requiredLicense} durch, um Einblicke in Untersuchungsleitfäden zu erhalten", "securitySolutionPackages.markdown.investigationGuideInteractions.upsell": "Aktualisieren Sie auf {requiredLicense}, um die Interaktionen des Untersuchungsleitfadens nutzen zu können.", "securitySolutionPackages.navigation.landingLinks": "Security-Ansichten", @@ -35107,7 +35093,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "Regel-Einstellungen bearbeiten", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "Regel exportieren", "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaActionsFeaturePrivileges": "Sie verfügen nicht über Kibana Actions-Berechtigungen", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaSecurityPrivileges": "Sie haben keine Berechtigungen für Kibana Security", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunDescription": "Manuelle Ausführung", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunTooltip": "Manuelles Ausführen nur für aktivierte Regeln verfügbar", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "Massenaktionen", @@ -38515,7 +38500,6 @@ "xpack.securitySolution.siemMigrations.rulesService.polling.successLinkText": "Zu den übersetzten Regeln", "xpack.securitySolution.siemMigrations.rulesService.polling.successTitle": "Regelübersetzung abgeschlossen.", "xpack.securitySolution.siemMigrations.service.capabilities.connectorsRead": "Management > Aktionen und Konnektoren: Lesen", - "xpack.securitySolution.siemMigrations.service.capabilities.securityAll": "Security > Security: Alle", "xpack.securitySolution.siemMigrations.service.capabilities.siemMigrationsAll": "Security > SIEM-Migrationen: Alle", "xpack.securitySolution.socTrends.properties.lockDatePickerDescription": "Globale Datumsauswahl bei der SOC Trends-Datumsauswahl sperren", "xpack.securitySolution.socTrends.properties.lockDatePickerTooltip": "Synchronisierung des Datums-/Zeitbereichs zwischen der aktuell angezeigten Seite und SOC-Trends deaktivieren", diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json index 60551c48d4917..2e7b6e1e15955 100644 --- a/x-pack/platform/plugins/private/translations/translations/fr-FR.json +++ b/x-pack/platform/plugins/private/translations/translations/fr-FR.json @@ -7283,49 +7283,35 @@ "securitySolutionPackages.features.featureRegistry.subFeatures.assistant.description": "Modifiez les champs par défaut autorisés à être utilisés par l'assistant IA et Attack discovery. Anonymisez n'importe quel contenu pour les champs sélectionnés.", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList": "Liste noire", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.description": "Étendez la protection d'Elastic Defend contre les processus malveillants et protégez-vous des applications potentiellement nuisibles.", - "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès à la liste noire.", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions": "Exceptions de point de terminaison", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description": "Utiliser les exceptions de point de terminaison (il s'agit d'une sous-fonctionnalité test).", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux exceptions de points de terminaison.", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList": "Liste de points de terminaison", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.description": "Affiche tous les hôtes exécutant Elastic Defend et leurs détails d'intégration associés.", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès à la liste de points de terminaison.", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters": "Filtres d'événements", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.description": "Excluez les événements de point de terminaison dont vous n'avez pas besoin ou que vous ne souhaitez pas stocker dans Elasticsearch.", - "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux filtres d'événements.", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations": "Exécuter les opérations", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.description": "Effectuez les actions de réponse d'exécution de script dans la console de réponse.", - "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux opérations d'exécution.", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations": "Opérations de fichier", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.description": "Effectuez les actions de réponse liées aux fichiers dans la console de réponse.", - "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux opérations de fichier.", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement": "Gestion globale des artefacts", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement.description": "Gérez l'affectation globale des artefacts des points de terminaison (par exemple, les applications de confiance, les filtres d'événements) dans l'ensemble des politiques. Ce privilège gère uniquement les droits d'affectation globale ; il est nécessaire d'avoir des privilèges pour chaque type d'artefact pour assurer une gestion complète des artefacts.", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation": "Isolation de l'hôte", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.description": "Effectuez les actions de réponse \"isoler\" et \"libérer\".", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès à l'isolation de l'hôte.", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions": "Exceptions d'isolation de l'hôte", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.description": "Ajoutez des adresses IP spécifiques avec lesquelles les hôtes isolés sont toujours autorisés à communiquer, même lorsqu'ils sont isolés du reste du réseau.", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux exceptions d'isolation de l'hôte.", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement": "Gestion des politiques Elastic Defend", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.description": "Accédez à la politique d'intégration Elastic Defend pour configurer les protections, la collecte des événements et les fonctionnalités de politique avancées.", - "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès à la gestion des politiques.", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations": "Opérations de traitement", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.description": "Effectuez les actions de réponse liées aux processus dans la console de réponse.", - "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux opérations de traitement.", "securitySolutionPackages.features.featureRegistry.subFeatures.readPrivilegeName": "Lire", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory": "Historique des actions de réponse", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.description": "Accédez à l'historique des actions de réponse effectuées sur les points de terminaison.", - "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès à l'historique des actions de réponse.", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations": "Opérations d’analyse", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.description": "Effectuez les actions de réponse liées aux analyses de dossiers dans la console de réponse.", - "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.privilegesTooltip": "Tous les espaces est requis pour l'accès aux opérations d’analyse.", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications": "Applications de confiance", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.description": "Aide à atténuer les conflits avec d'autres logiciels, généralement d'autres applications d'antivirus ou de sécurité des points de terminaison.", - "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès aux applications de confiance.", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights": "Résolution des problèmes automatisée", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.description": "Accès à la résolution des problèmes automatisée.", - "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.privilegesTooltip": "\"Tous les espaces\" est requis pour l'accès à la résolution des problèmes automatisée.", "securitySolutionPackages.markdown.insight.upsell": "Passez au niveau {requiredLicense} pour pouvoir utiliser les informations des guides d'investigation", "securitySolutionPackages.markdown.investigationGuideInteractions.upsell": "Passez au niveau {requiredLicense} pour pouvoir utiliser les interactions des guides d'investigation", "securitySolutionPackages.navigation.landingLinks": "Vues de sécurité", @@ -35434,7 +35420,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "Modifier les paramètres de règles", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "Exporter la règle", "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaActionsFeaturePrivileges": "Vous ne disposez pas des privilèges d'actions Kibana", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaSecurityPrivileges": "Vous ne disposez pas des privilèges pour la sécurité de Kibana", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunDescription": "Exécution manuelle", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunTooltip": "Exécution manuelle disponible uniquement pour les règles activées", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "Actions groupées", @@ -38907,7 +38892,6 @@ "xpack.securitySolution.siemMigrations.rulesService.polling.successLinkText": "Rendez-vous aux règles traduites", "xpack.securitySolution.siemMigrations.rulesService.polling.successTitle": "Traduction de règles terminée.", "xpack.securitySolution.siemMigrations.service.capabilities.connectorsRead": "Gestion > Actions & connecteurs : Lire", - "xpack.securitySolution.siemMigrations.service.capabilities.securityAll": "Sécurité > Sécurité : Tous", "xpack.securitySolution.siemMigrations.service.capabilities.siemMigrationsAll": "Sécurité > Migrations SIEM : Tous", "xpack.securitySolution.socTrends.properties.lockDatePickerDescription": "Verrouiller le sélecteur de date global sur le sélecteur de date de tendances SOC", "xpack.securitySolution.socTrends.properties.lockDatePickerTooltip": "Désactiver la synchronisation de la plage de date/heure entre la page actuellement consultée et les tendances SOC", diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json index 7f137bc030935..9421a6ec698f2 100644 --- a/x-pack/platform/plugins/private/translations/translations/ja-JP.json +++ b/x-pack/platform/plugins/private/translations/translations/ja-JP.json @@ -7289,49 +7289,35 @@ "securitySolutionPackages.features.featureRegistry.subFeatures.assistant.description": "AI AssistantおよびAttack Discoveryで使用できるデフォルトフィールドを変更します。選択したフィールドのすべてのコンテンツを匿名化します。", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList": "ブロックリスト", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.description": "Elastic Defendの悪意のあるプロセスに対する保護機能を拡張し、潜在的に有害なアプリケーションから保護します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.privilegesTooltip": "ブロックリストのアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions": "エンドポイント例外", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description": "エンドポイント例外を使用します(これはテストサブ機能です)。", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.privilegesTooltip": "エンドポイント例外のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList": "エンドポイントリスト", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.description": "Elastic Defendを実行しているすべてのホストと、関連する統合の詳細が表示されます。", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.privilegesTooltip": "エンドポイントリストのアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters": "イベントフィルター", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.description": "Elasticsearchに保存する必要のない、あるいは保存しないエンドポイントイベントをフィルターします。", - "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.privilegesTooltip": "イベントフィルターのアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations": "実行操作", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.description": "応答コンソールでスクリプト実行応答アクションを実行します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.privilegesTooltip": "実行操作のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations": "ファイル操作", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.description": "対応コンソールでファイル関連の対応アクションを実行します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.privilegesTooltip": "ファイル操作のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement": "グローバルアーティファクト管理", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement.description": "すべてのポリシーでエンドポイントアーティファクト(例:信頼できるアプリケーション、イベントフィルター)のグローバル割り当てを管理します。この権限はグローバル割り当て権限のみを制御します。完全なアーティファクト管理には、各アーティファクトタイプの権限が必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation": "ホスト分離", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.description": "「isolate」および「release」応答アクションを実行します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.privilegesTooltip": "ホスト分離のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions": "ホスト分離例外", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.description": "ネットワークの他の部分から分離された場合でも、分離されたホストが通信することを許可する特定のIPアドレスを追加します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.privilegesTooltip": "ホスト分離例外のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement": "Elastic Defendポリシー管理", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.description": "Elastic Defendの統合ポリシーにアクセスし、プロテクション、イベント収集、および高度なポリシー機能を設定することができます。", - "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.privilegesTooltip": "ポリシー管理のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations": "プロセス操作", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.description": "対応コンソールでプロセス関連の対応アクションを実行します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.privilegesTooltip": "プロセス操作のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.readPrivilegeName": "読み取り", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory": "対応アクション履歴", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.description": "エンドポイントで実行された対応アクションの履歴を表示します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.privilegesTooltip": "対応アクション履歴アクセスにはすべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations": "スキャン操作", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.description": "対応コンソールでフォルダースキャン対応アクションを実行します。", - "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.privilegesTooltip": "スキャン操作のアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications": "信頼できるアプリケーション", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.description": "他のソフトウェア(通常は他のウイルス対策またはエンドポイントセキュリティアプリケーション)との競合を軽減することができます。", - "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.privilegesTooltip": "信頼できるアプリケーションのアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights": "自動トラブルシューティング", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.description": "自動トラブルシューティングへのアクセス。", - "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.privilegesTooltip": "自動トラブルシューティングへのアクセスには、すべてのスペースが必要です。", "securitySolutionPackages.markdown.insight.upsell": "{requiredLicense}にアップグレードして、調査ガイドのインサイトを利用", "securitySolutionPackages.markdown.investigationGuideInteractions.upsell": "{requiredLicense}にアップグレードして、調査ガイドのインタラクションを利用", "securitySolutionPackages.navigation.landingLinks": "セキュリティビュー", @@ -35468,7 +35454,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "ルール設定の編集", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "ルールのエクスポート", "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaActionsFeaturePrivileges": "Kibana アクション特権がありません", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaSecurityPrivileges": "Kibanaセキュリティ権限がありません", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunDescription": "手動実行", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunTooltip": "手動実行は有効なルールでのみ使用できます", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "一斉アクション", @@ -38944,7 +38929,6 @@ "xpack.securitySolution.siemMigrations.rulesService.polling.successLinkText": "変換されたルールに移動", "xpack.securitySolution.siemMigrations.rulesService.polling.successTitle": "ルール変換が完了しました。", "xpack.securitySolution.siemMigrations.service.capabilities.connectorsRead": "管理 > アクションとコネクター:読み取り", - "xpack.securitySolution.siemMigrations.service.capabilities.securityAll": "Security > Security:すべて", "xpack.securitySolution.siemMigrations.service.capabilities.siemMigrationsAll": "Security > SIEM移行:すべて", "xpack.securitySolution.socTrends.properties.lockDatePickerDescription": "グローバル日付ピッカーをSOCトレンド日付ピッカーにロック", "xpack.securitySolution.socTrends.properties.lockDatePickerTooltip": "現在表示中のページとSOCトレンドの間の日付/時刻範囲の同期を無効にします", diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json index b467d095a9660..f137b96b54626 100644 --- a/x-pack/platform/plugins/private/translations/translations/zh-CN.json +++ b/x-pack/platform/plugins/private/translations/translations/zh-CN.json @@ -7280,49 +7280,35 @@ "securitySolutionPackages.features.featureRegistry.subFeatures.assistant.description": "更改 AI 助手和 Attack Discovery 功能可使用的默认字段。匿名处理选定字段的任何内容。", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList": "阻止列表", "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.description": "针对恶意进程扩大 Elastic Defend 防护,并防范具有潜在危害的应用程序。", - "securitySolutionPackages.features.featureRegistry.subFeatures.blockList.privilegesTooltip": "访问阻止列表需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions": "终端例外", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.description": "使用终端例外(这是一项测试子功能)。", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.privilegesTooltip": "访问终端例外需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList": "终端列表", "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.description": "显示运行 Elastic Defend 的所有主机及其相关集成详情。", - "securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.privilegesTooltip": "访问终端列表需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters": "事件筛选", "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.description": "筛除您不需要或希望存储在 Elasticsearch 中的终端事件。", - "securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.privilegesTooltip": "访问事件筛选需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations": "执行操作", "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.description": "在响应控制台中执行脚本执行响应操作。", - "securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.privilegesTooltip": "访问执行操作需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations": "文件操作", "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.description": "在响应控制台中执行文件相关响应操作。", - "securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.privilegesTooltip": "访问文件操作需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement": "全局项目管理", "securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement.description": "跨所有策略管理终端项目(如受信任的应用程序、事件筛选)的全局分配。此权限仅控制全局分配权限;进行全面项目管理需要每种项目类型的权限。", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation": "主机隔离", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.description": "执行“隔离”和“释放”响应操作。", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.privilegesTooltip": "访问主机隔离需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions": "主机隔离例外", "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.description": "添加仍允许已隔离(即使与剩余网络隔离)主机与其通信的特定 IP 地址。", - "securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.privilegesTooltip": "访问主机隔离例外需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement": "Elastic Defend 策略管理", "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.description": "访问 Elastic Defend 集成策略以配置防护、事件收集和高级策略功能。", - "securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.privilegesTooltip": "访问策略管理需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations": "进程操作", "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.description": "在响应控制台中执行进程相关响应操作。", - "securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.privilegesTooltip": "访问进程操作需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.readPrivilegeName": "读取", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory": "响应操作历史记录", "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.description": "访问在终端上执行的响应操作的历史记录。", - "securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.privilegesTooltip": "访问响应操作历史记录需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations": "扫描操作", "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.description": "在响应控制台中执行文件夹扫描响应操作。", - "securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.privilegesTooltip": "访问扫描操作需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications": "受信任的应用程序", "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.description": "帮助减少与其他软件(通常指其他防病毒或终端安全应用程序)的冲突。", - "securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.privilegesTooltip": "访问受信任的应用程序需要所有工作区。", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights": "自动故障排除", "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.description": "访问自动故障排除。", - "securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.privilegesTooltip": "需要所有工作区的访问权限才能使用自动故障排除功能。", "securitySolutionPackages.markdown.insight.upsell": "升级到{requiredLicense}以利用调查指南中的洞见", "securitySolutionPackages.markdown.investigationGuideInteractions.upsell": "升级到 {requiredLicense} 以利用调查指南交互", "securitySolutionPackages.navigation.landingLinks": "安全视图", @@ -35450,7 +35436,6 @@ "xpack.securitySolution.detectionEngine.rules.allRules.actions.editRuleSettingsDescription": "编辑规则设置", "xpack.securitySolution.detectionEngine.rules.allRules.actions.exportRuleDescription": "导出规则", "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaActionsFeaturePrivileges": "您没有 Kibana 操作权限", - "xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaSecurityPrivileges": "您没有 Kibana 安全权限", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunDescription": "手动运行", "xpack.securitySolution.detectionEngine.rules.allRules.actions.manualRuleRunTooltip": "手动运行仅适用于已启用的规则", "xpack.securitySolution.detectionEngine.rules.allRules.batchActionsTitle": "批处理操作", @@ -38927,7 +38912,6 @@ "xpack.securitySolution.siemMigrations.rulesService.polling.successLinkText": "前往已转换规则", "xpack.securitySolution.siemMigrations.rulesService.polling.successTitle": "规则转换完成。", "xpack.securitySolution.siemMigrations.service.capabilities.connectorsRead": "管理 > 操作和连接器:读取", - "xpack.securitySolution.siemMigrations.service.capabilities.securityAll": "安全 > 安全:全部", "xpack.securitySolution.siemMigrations.service.capabilities.siemMigrationsAll": "安全 > SIEM 迁移:全部", "xpack.securitySolution.socTrends.properties.lockDatePickerDescription": "将全局日期选取器锁定到 SOC 趋势日期选取器", "xpack.securitySolution.socTrends.properties.lockDatePickerTooltip": "禁用当前查看的页面与 SOC 趋势之间的日期/时间范围同步", diff --git a/x-pack/platform/plugins/shared/fleet/common/constants/authz.ts b/x-pack/platform/plugins/shared/fleet/common/constants/authz.ts index 7179043e8c02d..8985998069171 100644 --- a/x-pack/platform/plugins/shared/fleet/common/constants/authz.ts +++ b/x-pack/platform/plugins/shared/fleet/common/constants/authz.ts @@ -8,7 +8,7 @@ import { deepFreeze } from '@kbn/std'; import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common'; -export const SECURITY_SOLUTION_APP_ID = 'siemV4'; +export const SECURITY_SOLUTION_APP_ID = 'siemV5'; export interface PrivilegeMapObject { appId: string; diff --git a/x-pack/platform/test/api_integration/apis/features/features/features.ts b/x-pack/platform/test/api_integration/apis/features/features/features.ts index 21484fb3cdcf6..3cb3c9569c6dd 100644 --- a/x-pack/platform/test/api_integration/apis/features/features/features.ts +++ b/x-pack/platform/test/api_integration/apis/features/features/features.ts @@ -133,7 +133,7 @@ export default function ({ getService }: FtrProviderContext) { 'searchSynonyms', 'searchQueryRules', 'searchPlayground', - 'siemV4', + 'siemV5', 'slo', 'streams', 'securitySolutionAssistant', @@ -141,6 +141,7 @@ export default function ({ getService }: FtrProviderContext) { 'securitySolutionCasesV3', 'securitySolutionTimeline', 'securitySolutionNotes', + 'securitySolutionRulesV1', 'securitySolutionSiemMigrations', 'workflowsManagement', 'fleet', diff --git a/x-pack/platform/test/api_integration/apis/security/privileges.ts b/x-pack/platform/test/api_integration/apis/security/privileges.ts index e54c4b52e86d8..310ede96bfdd6 100644 --- a/x-pack/platform/test/api_integration/apis/security/privileges.ts +++ b/x-pack/platform/test/api_integration/apis/security/privileges.ts @@ -243,6 +243,39 @@ export default function ({ getService }: FtrProviderContext) { 'execute_operations_all', 'scan_operations_all', ], + siemV5: [ + 'all', + 'read', + 'minimal_all', + 'minimal_read', + 'endpoint_list_all', + 'endpoint_list_read', + 'workflow_insights_all', + 'workflow_insights_read', + 'soc_management_all', + 'global_artifact_management_all', + 'trusted_applications_all', + 'trusted_applications_read', + 'trusted_devices_all', + 'trusted_devices_read', + 'host_isolation_exceptions_all', + 'host_isolation_exceptions_read', + 'blocklist_all', + 'blocklist_read', + 'event_filters_all', + 'event_filters_read', + 'endpoint_exceptions_all', + 'endpoint_exceptions_read', + 'policy_management_all', + 'policy_management_read', + 'actions_log_management_all', + 'actions_log_management_read', + 'host_isolation_all', + 'process_operations_all', + 'file_operations_all', + 'execute_operations_all', + 'scan_operations_all', + ], uptime: [ 'all', 'read', @@ -299,6 +332,7 @@ export default function ({ getService }: FtrProviderContext) { securitySolutionTimeline: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionNotes: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionSiemMigrations: ['all', 'read', 'minimal_all', 'minimal_read'], + securitySolutionRulesV1: ['all', 'read', 'minimal_all', 'minimal_read'], infrastructure: ['all', 'read', 'minimal_all', 'minimal_read'], logs: ['all', 'read', 'minimal_all', 'minimal_read'], dataQuality: ['all', 'read', 'minimal_all', 'minimal_read', 'manage_rules', 'manage_alerts'], diff --git a/x-pack/platform/test/api_integration_basic/apis/security/privileges.ts b/x-pack/platform/test/api_integration_basic/apis/security/privileges.ts index e32f26550309a..309f729267368 100644 --- a/x-pack/platform/test/api_integration_basic/apis/security/privileges.ts +++ b/x-pack/platform/test/api_integration_basic/apis/security/privileges.ts @@ -59,6 +59,8 @@ export default function ({ getService }: FtrProviderContext) { siemV2: ['all', 'read', 'minimal_all', 'minimal_read'], siemV3: ['all', 'read', 'minimal_all', 'minimal_read'], siemV4: ['all', 'read', 'minimal_all', 'minimal_read'], + siemV5: ['all', 'read', 'minimal_all', 'minimal_read'], + securitySolutionRulesV1: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAssistant: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAttackDiscovery: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionCases: ['all', 'read', 'minimal_all', 'minimal_read'], @@ -354,6 +356,39 @@ export default function ({ getService }: FtrProviderContext) { 'workflow_insights_all', 'workflow_insights_read', ], + siemV5: [ + 'actions_log_management_all', + 'actions_log_management_read', + 'all', + 'global_artifact_management_all', + 'blocklist_all', + 'blocklist_read', + 'endpoint_exceptions_all', + 'endpoint_exceptions_read', + 'endpoint_list_all', + 'endpoint_list_read', + 'event_filters_all', + 'event_filters_read', + 'host_isolation_all', + 'host_isolation_exceptions_all', + 'host_isolation_exceptions_read', + 'minimal_all', + 'minimal_read', + 'policy_management_all', + 'policy_management_read', + 'process_operations_all', + 'read', + 'trusted_applications_all', + 'trusted_applications_read', + 'file_operations_all', + 'execute_operations_all', + 'scan_operations_all', + 'soc_management_all', + 'trusted_devices_all', + 'trusted_devices_read', + 'workflow_insights_all', + 'workflow_insights_read', + ], uptime: [ 'all', 'can_manage_private_locations', @@ -363,6 +398,7 @@ export default function ({ getService }: FtrProviderContext) { 'minimal_all', 'minimal_read', ], + securitySolutionRulesV1: ['all', 'read', 'minimal_all', 'minimal_read'], securitySolutionAssistant: [ 'all', 'read', diff --git a/x-pack/platform/test/security_api_integration/tests/features/deprecated_features.ts b/x-pack/platform/test/security_api_integration/tests/features/deprecated_features.ts index ec3a9ce19f154..815fb9a2ee050 100644 --- a/x-pack/platform/test/security_api_integration/tests/features/deprecated_features.ts +++ b/x-pack/platform/test/security_api_integration/tests/features/deprecated_features.ts @@ -192,6 +192,7 @@ export default function ({ getService }: FtrProviderContext) { "siem", "siemV2", "siemV3", + "siemV4", "visualize", ] `); @@ -220,6 +221,8 @@ export default function ({ getService }: FtrProviderContext) { 'maps', 'siem', 'siemV2', + 'siemV3', + 'siemV4', ]); for (const feature of features) { if ( diff --git a/x-pack/platform/test/spaces_api_integration/common/suites/create.agnostic.ts b/x-pack/platform/test/spaces_api_integration/common/suites/create.agnostic.ts index dd8264da5f4ed..3f5d3f95b3adc 100644 --- a/x-pack/platform/test/spaces_api_integration/common/suites/create.agnostic.ts +++ b/x-pack/platform/test/spaces_api_integration/common/suites/create.agnostic.ts @@ -92,9 +92,10 @@ export function createTestSuiteFactory({ getService }: DeploymentAgnosticFtrProv 'securitySolutionAttackDiscovery', 'securitySolutionCasesV3', 'securitySolutionNotes', + 'securitySolutionRulesV1', 'securitySolutionSiemMigrations', 'securitySolutionTimeline', - 'siemV4', + 'siemV5', 'slo', 'uptime', ], diff --git a/x-pack/platform/test/spaces_api_integration/common/suites/get.agnostic.ts b/x-pack/platform/test/spaces_api_integration/common/suites/get.agnostic.ts index 8d94004cb5fcf..46e2c26b41f94 100644 --- a/x-pack/platform/test/spaces_api_integration/common/suites/get.agnostic.ts +++ b/x-pack/platform/test/spaces_api_integration/common/suites/get.agnostic.ts @@ -94,9 +94,10 @@ export function getTestSuiteFactory(context: DeploymentAgnosticFtrProviderContex 'securitySolutionAttackDiscovery', 'securitySolutionCasesV3', 'securitySolutionNotes', + 'securitySolutionRulesV1', 'securitySolutionSiemMigrations', 'securitySolutionTimeline', - 'siemV4', + 'siemV5', 'slo', 'uptime', ], diff --git a/x-pack/platform/test/spaces_api_integration/common/suites/get_all.agnostic.ts b/x-pack/platform/test/spaces_api_integration/common/suites/get_all.agnostic.ts index a023551134174..8e5fb26511f7c 100644 --- a/x-pack/platform/test/spaces_api_integration/common/suites/get_all.agnostic.ts +++ b/x-pack/platform/test/spaces_api_integration/common/suites/get_all.agnostic.ts @@ -84,9 +84,10 @@ const ALL_SPACE_RESULTS: Space[] = [ 'securitySolutionAttackDiscovery', 'securitySolutionCasesV3', 'securitySolutionNotes', + 'securitySolutionRulesV1', 'securitySolutionSiemMigrations', 'securitySolutionTimeline', - 'siemV4', + 'siemV5', 'slo', 'uptime', ], diff --git a/x-pack/platform/test/spaces_api_integration/spaces_only/telemetry/telemetry.ts b/x-pack/platform/test/spaces_api_integration/spaces_only/telemetry/telemetry.ts index d799c74b3d38e..177da91c4fc2c 100644 --- a/x-pack/platform/test/spaces_api_integration/spaces_only/telemetry/telemetry.ts +++ b/x-pack/platform/test/spaces_api_integration/spaces_only/telemetry/telemetry.ts @@ -97,6 +97,8 @@ export default function ({ getService }: FtrProviderContext) { siemV2: 0, siemV3: 0, siemV4: 0, + siemV5: 0, + securitySolutionRulesV1: 0, securitySolutionCases: 0, securitySolutionCasesV2: 0, securitySolutionCasesV3: 0, diff --git a/x-pack/solutions/security/packages/features/product_features.ts b/x-pack/solutions/security/packages/features/product_features.ts index c830fdbb3d456..93aaa24bda52e 100644 --- a/x-pack/solutions/security/packages/features/product_features.ts +++ b/x-pack/solutions/security/packages/features/product_features.ts @@ -11,9 +11,11 @@ export { getSecurityV2Feature, getSecurityV3Feature, getSecurityV4Feature, + getSecurityV5Feature, } from './src/security'; export { getAssistantFeature } from './src/assistant'; export { getAttackDiscoveryFeature } from './src/attack_discovery'; export { getTimelineFeature } from './src/timeline'; export { getNotesFeature } from './src/notes'; export { getSiemMigrationsFeature } from './src/siem_migrations'; +export { getRulesFeature } from './src/rules'; diff --git a/x-pack/solutions/security/packages/features/src/constants.ts b/x-pack/solutions/security/packages/features/src/constants.ts index ca940c9f92a2a..c81f3680d64b6 100644 --- a/x-pack/solutions/security/packages/features/src/constants.ts +++ b/x-pack/solutions/security/packages/features/src/constants.ts @@ -15,6 +15,14 @@ export const SECURITY_FEATURE_ID_V2 = 'siemV2' as const; export const SECURITY_FEATURE_ID_V3 = 'siemV3' as const; // New version for 9.2. export const SECURITY_FEATURE_ID_V4 = 'siemV4' as const; +// New version for 9.3. +export const SECURITY_FEATURE_ID_V5 = 'siemV5' as const; + +// Security UI privileges +export const SECURITY_UI_SHOW = 'show' as const; +export const SECURITY_UI_SHOW_PRIVILEGE = `${SECURITY_FEATURE_ID_V5}.${SECURITY_UI_SHOW}` as const; +export const SECURITY_UI_CRUD = 'crud' as const; +export const SECURITY_UI_CRUD_PRIVILEGE = `${SECURITY_FEATURE_ID_V5}.${SECURITY_UI_CRUD}` as const; /** * @deprecated deprecated in 8.17. Use CASE_FEATURE_ID_V2 instead @@ -35,6 +43,32 @@ export const TIMELINE_FEATURE_ID = 'securitySolutionTimeline' as const; export const NOTES_FEATURE_ID = 'securitySolutionNotes' as const; export const SIEM_MIGRATIONS_FEATURE_ID = 'securitySolutionSiemMigrations' as const; +export const RULES_FEATURE_ID = 'securitySolutionRulesV1' as const; + +// Rules API privileges +export const RULES_API_READ = 'rules-read' as const; +export const RULES_API_ALL = 'rules-all' as const; +export const ALERTS_API_READ = 'alerts-read' as const; +export const ALERTS_API_ALL = 'alerts-all' as const; +export const EXCEPTIONS_API_READ = 'exceptions-read' as const; +export const EXCEPTIONS_API_ALL = 'exceptions-all' as const; +export const LISTS_API_READ = 'lists-read' as const; +export const LISTS_API_ALL = 'lists-all' as const; +export const LISTS_API_SUMMARY = 'lists-summary' as const; +export const INITIALIZE_SECURITY_SOLUTION = 'initialize-security-solution' as const; +export const USERS_API_READ = 'users-read' as const; + +// Rules UI privileges +export const RULES_UI_READ = 'read_rules' as const; +export const RULES_UI_DETECTIONS = 'detections' as const; +export const RULES_UI_EXTERNAL_DETECTIONS = 'external_detections' as const; +export const RULES_UI_READ_PRIVILEGE = `${RULES_FEATURE_ID}.${RULES_UI_READ}` as const; +export const RULES_UI_EDIT = 'edit_rules' as const; +export const RULES_UI_EDIT_PRIVILEGE = `${RULES_FEATURE_ID}.${RULES_UI_EDIT}` as const; +export const RULES_UI_DETECTIONS_PRIVILEGE = `${RULES_FEATURE_ID}.${RULES_UI_DETECTIONS}` as const; +export const RULES_UI_EXTERNAL_DETECTIONS_PRIVILEGE = + `${RULES_FEATURE_ID}.${RULES_UI_EXTERNAL_DETECTIONS}` as const; + // Same as the plugin id defined by Cloud Security Posture export const CLOUD_POSTURE_APP_ID = 'csp' as const; diff --git a/x-pack/solutions/security/packages/features/src/product_features_keys.ts b/x-pack/solutions/security/packages/features/src/product_features_keys.ts index f0acfa04bb00a..8338f394a9551 100644 --- a/x-pack/solutions/security/packages/features/src/product_features_keys.ts +++ b/x-pack/solutions/security/packages/features/src/product_features_keys.ts @@ -15,11 +15,8 @@ export enum ProductFeatureSecurityKey { /** Enables AI Value Report access */ aiValueReport = 'ai_value_report', - /** Elastic endpoint detections, includes alerts, rules, investigations */ + /** Elastic endpoint detections, includes CSP rules which remain provisionally within siem */ detections = 'detections', - - /** Enables external detections for AI SOC, includes alerts_summary, basic_rules*/ - externalDetections = 'external_detections', /** * Enables Investigation guide in Timeline */ @@ -112,11 +109,6 @@ export enum ProductFeatureSecurityKey { /** Enables Endpoint Workflow Insights */ securityWorkflowInsights = 'security_workflow_insights', - - /** - * Enables customization of prebuilt Elastic rules - */ - prebuiltRuleCustomization = 'prebuilt_rule_customization', } export enum ProductFeatureCasesKey { @@ -160,6 +152,19 @@ export enum ProductFeatureSiemMigrationsKey { siemMigrations = 'siem_migrations', } +export enum ProductFeatureRulesKey { + /** Elastic endpoint detections, includes alerts, rules, investigations */ + detections = 'detections', + + /** Enables external detections for AI SOC, includes alerts_summary, basic_rules*/ + externalDetections = 'external_detections', + + /** + * Enables customization of prebuilt Elastic rules + */ + prebuiltRuleCustomization = 'prebuilt_rule_customization', +} + // Merges the two enums. export const ProductFeatureKey = { ...ProductFeatureSecurityKey, @@ -169,6 +174,7 @@ export const ProductFeatureKey = { ...ProductFeatureSiemMigrationsKey, ...ProductFeatureTimelineKey, ...ProductFeatureNotesKey, + ...ProductFeatureRulesKey, }; // We need to merge the value and the type and export both to replicate how enum works. export type ProductFeatureKeyType = @@ -178,7 +184,8 @@ export type ProductFeatureKeyType = | ProductFeatureAttackDiscoveryKey | ProductFeatureSiemMigrationsKey | ProductFeatureTimelineKey - | ProductFeatureNotesKey; + | ProductFeatureNotesKey + | ProductFeatureRulesKey; export const ALL_PRODUCT_FEATURE_KEYS = Object.freeze(Object.values(ProductFeatureKey)); diff --git a/x-pack/solutions/security/packages/features/src/rules/index.ts b/x-pack/solutions/security/packages/features/src/rules/index.ts new file mode 100644 index 0000000000000..9544ddd09d22c --- /dev/null +++ b/x-pack/solutions/security/packages/features/src/rules/index.ts @@ -0,0 +1,18 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getRulesBaseKibanaFeature } from './kibana_features'; +import type { ProductFeatureParams } from '../types'; +import type { SecurityFeatureParams } from '../security/types'; +import { rulesDefaultProductFeaturesConfig } from './product_feature_config'; + +export const getRulesFeature = (params: SecurityFeatureParams): ProductFeatureParams => ({ + baseKibanaFeature: getRulesBaseKibanaFeature(params), + baseKibanaSubFeatureIds: [], + subFeaturesMap: new Map(), + productFeatureConfig: rulesDefaultProductFeaturesConfig, +}); diff --git a/x-pack/solutions/security/packages/features/src/rules/kibana_features.ts b/x-pack/solutions/security/packages/features/src/rules/kibana_features.ts new file mode 100644 index 0000000000000..a9b25c38aa40d --- /dev/null +++ b/x-pack/solutions/security/packages/features/src/rules/kibana_features.ts @@ -0,0 +1,135 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common'; +import { i18n } from '@kbn/i18n'; + +import { + ESQL_RULE_TYPE_ID, + EQL_RULE_TYPE_ID, + INDICATOR_RULE_TYPE_ID, + ML_RULE_TYPE_ID, + QUERY_RULE_TYPE_ID, + SAVED_QUERY_RULE_TYPE_ID, + THRESHOLD_RULE_TYPE_ID, + NEW_TERMS_RULE_TYPE_ID, +} from '@kbn/securitysolution-rules'; +import { + ALERTS_API_ALL, + ALERTS_API_READ, + APP_ID, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + LEGACY_NOTIFICATIONS_ID, + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + RULES_API_ALL, + RULES_API_READ, + RULES_FEATURE_ID, + RULES_UI_EDIT, + RULES_UI_READ, + SERVER_APP_ID, + USERS_API_READ, +} from '../constants'; +import { type BaseKibanaFeatureConfig } from '../types'; +import type { SecurityFeatureParams } from '../security/types'; + +const SECURITY_RULE_TYPES = [ + LEGACY_NOTIFICATIONS_ID, + ESQL_RULE_TYPE_ID, + EQL_RULE_TYPE_ID, + INDICATOR_RULE_TYPE_ID, + ML_RULE_TYPE_ID, + QUERY_RULE_TYPE_ID, + SAVED_QUERY_RULE_TYPE_ID, + THRESHOLD_RULE_TYPE_ID, + NEW_TERMS_RULE_TYPE_ID, +]; + +const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({ + ruleTypeId, + consumers: [SERVER_APP_ID], +})); + +export const getRulesBaseKibanaFeature = ( + params: SecurityFeatureParams +): BaseKibanaFeatureConfig => ({ + id: RULES_FEATURE_ID, + name: i18n.translate( + 'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionRolesTitle', + { + defaultMessage: 'Rules', + } + ), + order: 1100, + category: DEFAULT_APP_CATEGORIES.security, + app: [RULES_FEATURE_ID, 'kibana'], + catalogue: [APP_ID], + alerting: alertingFeatures, + management: { + insightsAndAlerting: ['triggersActions'], // Access to the stack rules management UI + }, + privileges: { + all: { + app: [RULES_FEATURE_ID, 'kibana'], + catalogue: [APP_ID], + savedObject: { + all: params.savedObjects, + read: params.savedObjects, + }, + alerting: { + rule: { all: alertingFeatures }, + alert: { all: alertingFeatures }, + }, + management: { + insightsAndAlerting: ['triggersActions'], // Access to the stack rules management UI + }, + ui: [RULES_UI_READ, RULES_UI_EDIT], + api: [ + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + 'rac', + ], + }, + read: { + app: [RULES_FEATURE_ID, 'kibana'], + catalogue: [APP_ID], + savedObject: { + all: [], + read: params.savedObjects, + }, + alerting: { + rule: { read: alertingFeatures }, + alert: { all: alertingFeatures }, + }, + management: { + insightsAndAlerting: ['triggersActions'], // Access to the stack rules management UI + }, + ui: [RULES_UI_READ], + api: [ + RULES_API_READ, + ALERTS_API_READ, + EXCEPTIONS_API_READ, + LISTS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + 'rac', + ], + }, + }, +}); diff --git a/x-pack/solutions/security/packages/features/src/rules/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/rules/product_feature_config.ts new file mode 100644 index 0000000000000..b78ae93bfe48e --- /dev/null +++ b/x-pack/solutions/security/packages/features/src/rules/product_feature_config.ts @@ -0,0 +1,36 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ProductFeatureRulesKey } from '../product_features_keys'; +import type { RulesProductFeaturesConfig } from './types'; + +export const rulesDefaultProductFeaturesConfig: RulesProductFeaturesConfig = { + [ProductFeatureRulesKey.externalDetections]: { + privileges: { + all: { + ui: ['external_detections'], + api: [], + }, + read: { + ui: ['external_detections'], + api: [], + }, + }, + }, + [ProductFeatureRulesKey.detections]: { + privileges: { + all: { + ui: ['detections'], + api: ['cloud-security-posture-all', 'cloud-security-posture-read', 'bulkGetUserProfiles'], + }, + read: { + ui: ['detections'], + api: ['cloud-security-posture-read', 'bulkGetUserProfiles'], + }, + }, + }, +}; diff --git a/x-pack/solutions/security/packages/features/src/rules/types.ts b/x-pack/solutions/security/packages/features/src/rules/types.ts new file mode 100644 index 0000000000000..af9bf035239c9 --- /dev/null +++ b/x-pack/solutions/security/packages/features/src/rules/types.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ProductFeatureRulesKey } from '../product_features_keys'; +import type { ProductFeaturesConfig } from '../types'; + +export type RulesProductFeaturesConfig = ProductFeaturesConfig; diff --git a/x-pack/solutions/security/packages/features/src/security/index.ts b/x-pack/solutions/security/packages/features/src/security/index.ts index 90d72f4ef50a5..976fd4e92d2eb 100644 --- a/x-pack/solutions/security/packages/features/src/security/index.ts +++ b/x-pack/solutions/security/packages/features/src/security/index.ts @@ -30,6 +30,11 @@ import { getSecurityV4BaseKibanaSubFeatureIds, getSecurityV4SubFeaturesMap, } from './v4_features/kibana_sub_features'; +import { getSecurityV5BaseKibanaFeature } from './v5_features/kibana_features'; +import { + getSecurityV5BaseKibanaSubFeatureIds, + getSecurityV5SubFeaturesMap, +} from './v5_features/kibana_sub_features'; export const getSecurityFeature = ( params: SecurityFeatureParams @@ -66,3 +71,12 @@ export const getSecurityV4Feature = ( subFeaturesMap: getSecurityV4SubFeaturesMap(params), productFeatureConfig: securityDefaultProductFeaturesConfig, }); + +export const getSecurityV5Feature = ( + params: SecurityFeatureParams +): ProductFeatureParams => ({ + baseKibanaFeature: getSecurityV5BaseKibanaFeature(params), + baseKibanaSubFeatureIds: getSecurityV5BaseKibanaSubFeatureIds(params), + subFeaturesMap: getSecurityV5SubFeaturesMap(params), + productFeatureConfig: securityDefaultProductFeaturesConfig, +}); diff --git a/x-pack/solutions/security/packages/features/src/security/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/kibana_sub_features.ts index a2d8e67366171..c4475d4800d69 100644 --- a/x-pack/solutions/security/packages/features/src/security/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/kibana_sub_features.ts @@ -24,11 +24,6 @@ const TRANSLATIONS = Object.freeze({ }); export const endpointListSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointList.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Endpoint List access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointList', { defaultMessage: 'Endpoint List' } @@ -72,11 +67,6 @@ export const endpointListSubFeature = (): SubFeatureConfig => ({ }); export const trustedApplicationsSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Trusted Applications access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.trustedApplications', { defaultMessage: 'Trusted Applications' } @@ -126,13 +116,6 @@ export const trustedApplicationsSubFeature = (): SubFeatureConfig => ({ }); export const trustedDevicesSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.trustedDevices.privilegesTooltip', - { - defaultMessage: 'All Spaces is required for Trusted Devices access.', - } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.trustedDevices', { @@ -183,11 +166,6 @@ export const trustedDevicesSubFeature = (): SubFeatureConfig => ({ }); export const hostIsolationExceptionsBasicSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Host Isolation Exceptions access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolationExceptions', { defaultMessage: 'Host Isolation Exceptions' } @@ -236,11 +214,6 @@ export const hostIsolationExceptionsBasicSubFeature = (): SubFeatureConfig => ({ ], }); export const blocklistSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.blockList.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Blocklist access.' } - ), name: i18n.translate('securitySolutionPackages.features.featureRegistry.subFeatures.blockList', { defaultMessage: 'Blocklist', }), @@ -288,11 +261,6 @@ export const blocklistSubFeature = (): SubFeatureConfig => ({ ], }); export const eventFiltersSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Event Filters access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.eventFilters', { defaultMessage: 'Event Filters' } @@ -341,11 +309,6 @@ export const eventFiltersSubFeature = (): SubFeatureConfig => ({ ], }); export const policyManagementSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Policy Management access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.policyManagement', { defaultMessage: 'Elastic Defend Policy Management' } @@ -389,11 +352,6 @@ export const policyManagementSubFeature = (): SubFeatureConfig => ({ }); export const responseActionsHistorySubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Response Actions History access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.responseActionsHistory', { defaultMessage: 'Response Actions History' } @@ -433,11 +391,6 @@ export const responseActionsHistorySubFeature = (): SubFeatureConfig => ({ ], }); export const hostIsolationSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Host Isolation access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.hostIsolation', { defaultMessage: 'Host Isolation' } @@ -467,11 +420,6 @@ export const hostIsolationSubFeature = (): SubFeatureConfig => ({ }); export const processOperationsSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.processOperations.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Process Operations access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.processOperations', { defaultMessage: 'Process Operations' } @@ -500,11 +448,6 @@ export const processOperationsSubFeature = (): SubFeatureConfig => ({ ], }); export const fileOperationsSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations.privilegesTooltip', - { defaultMessage: 'All Spaces is required for File Operations access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.fileOperations', { defaultMessage: 'File Operations' } @@ -536,11 +479,6 @@ export const fileOperationsSubFeature = (): SubFeatureConfig => ({ // execute operations are not available in 8.7, // but will be available in 8.8 export const executeActionSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Execute Operations access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.executeOperations', { defaultMessage: 'Execute Operations' } @@ -571,11 +509,6 @@ export const executeActionSubFeature = (): SubFeatureConfig => ({ // 8.15 feature export const scanActionSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Scan Operations access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.scanOperations', { defaultMessage: 'Scan Operations' } @@ -605,11 +538,6 @@ export const scanActionSubFeature = (): SubFeatureConfig => ({ }); export const workflowInsightsSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Automatic Troubleshooting access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.workflowInsights', { defaultMessage: 'Automatic Troubleshooting' } @@ -651,11 +579,6 @@ export const workflowInsightsSubFeature = (): SubFeatureConfig => ({ }); export const endpointExceptionsSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: true, - privilegesTooltip: i18n.translate( - 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions.privilegesTooltip', - { defaultMessage: 'All Spaces is required for Endpoint Exceptions access.' } - ), name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.endpointExceptions', { defaultMessage: 'Endpoint Exceptions' } @@ -725,8 +648,6 @@ export const globalArtifactManagementSubFeature = ( ); return { - requireAllSpaces: false, - privilegesTooltip: undefined, name: GLOBAL_ARTIFACT_MANAGEMENT, description: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.globalArtifactManagement.description', @@ -759,8 +680,6 @@ export const globalArtifactManagementSubFeature = ( }; export const socManagementSubFeature = (): SubFeatureConfig => ({ - requireAllSpaces: false, - privilegesTooltip: undefined, name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.subFeatures.socManagement', { defaultMessage: 'SOC Management' } diff --git a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts index e79d41aa093d0..970b9ab72ded4 100644 --- a/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts +++ b/x-pack/solutions/security/packages/features/src/security/product_feature_config.ts @@ -22,34 +22,15 @@ export const securityDefaultProductFeaturesConfig: SecurityProductFeaturesConfig }, }, }, - - [ProductFeatureSecurityKey.externalDetections]: { - privileges: { - all: { - ui: ['external_detections'], - api: [], - }, - read: { - ui: ['external_detections'], - api: [], - }, - }, - }, [ProductFeatureSecurityKey.detections]: { privileges: { all: { ui: ['detections'], - api: [ - 'cloud-security-posture-all', - 'cloud-security-posture-read', - 'cloud-defend-all', - 'cloud-defend-read', - 'bulkGetUserProfiles', - ], + api: ['cloud-security-posture-all', 'cloud-security-posture-read', 'bulkGetUserProfiles'], }, read: { ui: ['detections'], - api: ['cloud-security-posture-read', 'cloud-defend-read', 'bulkGetUserProfiles'], + api: ['cloud-security-posture-read', 'bulkGetUserProfiles'], }, }, }, diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts index b96bc9fb55dc3..2a4b1cf45cc2e 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_features.ts @@ -22,11 +22,25 @@ import { APP_ID, SERVER_APP_ID, LEGACY_NOTIFICATIONS_ID, + CLOUD_DEFEND_APP_ID, CLOUD_POSTURE_APP_ID, - SECURITY_FEATURE_ID_V4, + SECURITY_FEATURE_ID_V5, TIMELINE_FEATURE_ID, NOTES_FEATURE_ID, - CLOUD_DEFEND_APP_ID, + LISTS_API_SUMMARY, + LISTS_API_READ, + LISTS_API_ALL, + RULES_FEATURE_ID, + SECURITY_UI_SHOW, + SECURITY_UI_CRUD, + INITIALIZE_SECURITY_SOLUTION, + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, } from '../../constants'; import type { SecurityFeatureParams } from '../types'; import type { BaseKibanaFeatureConfig } from '../../types'; @@ -58,7 +72,7 @@ export const getSecurityBaseKibanaFeature = ({ defaultMessage: 'The {currentId} permissions are deprecated, please see {latestId}.', values: { currentId: SERVER_APP_ID, - latestId: SECURITY_FEATURE_ID_V4, + latestId: SECURITY_FEATURE_ID_V5, }, } ), @@ -93,33 +107,40 @@ export const getSecurityBaseKibanaFeature = ({ default: [ { feature: TIMELINE_FEATURE_ID, privileges: ['all'] }, { feature: NOTES_FEATURE_ID, privileges: ['all'] }, - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - { feature: SECURITY_FEATURE_ID_V4, privileges: ['all'] }, + // note: overriden by product feature endpointArtifactManagement when enabled + { feature: SECURITY_FEATURE_ID_V5, privileges: ['all'] }, + { feature: RULES_FEATURE_ID, privileges: ['all'] }, ], minimal: [ { feature: TIMELINE_FEATURE_ID, privileges: ['all'] }, { feature: NOTES_FEATURE_ID, privileges: ['all'] }, - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - { feature: SECURITY_FEATURE_ID_V4, privileges: ['minimal_all'] }, + // note: overriden by product feature endpointArtifactManagement when enabled + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_all'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_all'] }, ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], api: [ APP_ID, - 'lists-all', - 'lists-read', - 'lists-summary', + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, 'rac', 'cloud-security-posture-all', 'cloud-security-posture-read', - 'cloud-defend-all', - 'cloud-defend-read', 'timeline_write', 'timeline_read', 'notes_write', 'notes_read', - 'bulkGetUserProfiles', ], savedObject: { all: ['alert', ...savedObjects], @@ -136,34 +157,37 @@ export const getSecurityBaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show', 'crud'], + ui: [SECURITY_UI_SHOW, SECURITY_UI_CRUD], }, read: { replacedBy: { default: [ { feature: TIMELINE_FEATURE_ID, privileges: ['read'] }, { feature: NOTES_FEATURE_ID, privileges: ['read'] }, - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - { feature: SECURITY_FEATURE_ID_V4, privileges: ['read'] }, + { feature: SECURITY_FEATURE_ID_V5, privileges: ['read'] }, + { feature: RULES_FEATURE_ID, privileges: ['read'] }, ], minimal: [ { feature: TIMELINE_FEATURE_ID, privileges: ['read'] }, { feature: NOTES_FEATURE_ID, privileges: ['read'] }, - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - { feature: SECURITY_FEATURE_ID_V4, privileges: ['minimal_read'] }, + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_read'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_read'] }, ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], api: [ APP_ID, - 'lists-read', + LISTS_API_READ, + RULES_API_READ, + ALERTS_API_READ, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, 'rac', 'cloud-security-posture-read', - 'cloud-defend-read', 'timeline_read', 'notes_read', - 'bulkGetUserProfiles', ], savedObject: { all: [], @@ -180,7 +204,7 @@ export const getSecurityBaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show'], + ui: [SECURITY_UI_SHOW], }, }, }); diff --git a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts index e369027a721d8..13f4b35e6d3e1 100644 --- a/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v1_features/kibana_sub_features.ts @@ -6,7 +6,7 @@ */ import type { SubFeatureConfig } from '@kbn/features-plugin/common'; -import { SECURITY_FEATURE_ID_V4 } from '../../../constants'; +import { SECURITY_FEATURE_ID_V5 } from '../../../constants'; import { SecuritySubFeatureId } from '../../product_features_keys'; import type { SecurityFeatureParams } from '../types'; import type { SubFeatureReplacements } from '../../types'; @@ -29,45 +29,45 @@ import { } from '../kibana_sub_features'; const replacements: Partial> = { - [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V4 }], + [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V5 }], [SecuritySubFeatureId.trustedApplications]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { trusted_applications_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.hostIsolationExceptionsBasic]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { host_isolation_exceptions_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.blocklist]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { blocklist_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.eventFilters]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { event_filters_all: ['global_artifact_management_all'] }, }, ], + [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], [SecuritySubFeatureId.endpointExceptions]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { endpoint_exceptions_all: ['global_artifact_management_all'] }, }, ], - [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], }; /** @@ -111,9 +111,6 @@ export const getSecuritySubFeaturesMap = ({ subFeature = addSubFeatureReplacements(subFeature, featureReplacements); } - // Space awareness is now always enabled - set requireAllSpaces to false and remove privilegesTooltip - subFeature = { ...subFeature, requireAllSpaces: false, privilegesTooltip: undefined }; - return [id, subFeature]; }) ); diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts index 3bff56af0e29b..bd43a6ede1ad3 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_features.ts @@ -25,7 +25,21 @@ import { CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, SERVER_APP_ID, - SECURITY_FEATURE_ID_V4, + SECURITY_FEATURE_ID_V5, + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + RULES_FEATURE_ID, + SECURITY_UI_SHOW, + SECURITY_UI_CRUD, + INITIALIZE_SECURITY_SOLUTION, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, + RULES_API_ALL, } from '../../constants'; import type { SecurityFeatureParams } from '../types'; import type { BaseKibanaFeatureConfig } from '../../types'; @@ -57,7 +71,7 @@ export const getSecurityV2BaseKibanaFeature = ({ defaultMessage: 'The {currentId} permissions are deprecated, please see {latestId}.', values: { currentId: SECURITY_FEATURE_ID_V2, - latestId: SECURITY_FEATURE_ID_V4, + latestId: SECURITY_FEATURE_ID_V5, }, } ), @@ -89,14 +103,34 @@ export const getSecurityV2BaseKibanaFeature = ({ privileges: { all: { replacedBy: { - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - default: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['all'] }], - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - minimal: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['minimal_all'] }], + default: [ + // note: overriden by product feature endpointArtifactManagement when enabled + { feature: SECURITY_FEATURE_ID_V5, privileges: ['all'] }, + { feature: RULES_FEATURE_ID, privileges: ['all'] }, + ], + minimal: [ + // note: overriden by product feature endpointArtifactManagement when enabled + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_all'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_all'] }, + ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'rac', 'lists-all', 'lists-read', 'lists-summary'], + api: [ + APP_ID, + 'rac', + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], savedObject: { all: ['alert', ...savedObjects], read: [], @@ -108,18 +142,31 @@ export const getSecurityV2BaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show', 'crud'], + ui: [SECURITY_UI_SHOW, SECURITY_UI_CRUD], }, read: { replacedBy: { - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - default: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['read'] }], - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - minimal: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['minimal_read'] }], + default: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['read'] }, + { feature: RULES_FEATURE_ID, privileges: ['read'] }, + ], + minimal: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_read'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_read'] }, + ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'rac', 'lists-read'], + api: [ + APP_ID, + 'rac', + LISTS_API_READ, + RULES_API_READ, + ALERTS_API_READ, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], savedObject: { all: [], read: [...savedObjects], @@ -135,7 +182,7 @@ export const getSecurityV2BaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show'], + ui: [SECURITY_UI_SHOW], }, }, }); diff --git a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts index 88b4634d277f3..61c1ec3900abe 100644 --- a/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v2_features/kibana_sub_features.ts @@ -8,7 +8,7 @@ import type { SubFeatureConfig } from '@kbn/features-plugin/common'; import { SecuritySubFeatureId } from '../../product_features_keys'; -import { SECURITY_FEATURE_ID_V4 } from '../../constants'; +import { SECURITY_FEATURE_ID_V5 } from '../../constants'; import type { SecurityFeatureParams } from '../types'; import { endpointListSubFeature, @@ -32,47 +32,47 @@ import type { SubFeatureReplacements } from '../../types'; import { addSubFeatureReplacements } from '../../utils'; const replacements: Partial> = { - [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.workflowInsights]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.globalArtifactManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], + [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.workflowInsights]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.globalArtifactManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], [SecuritySubFeatureId.trustedApplications]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { trusted_applications_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.hostIsolationExceptionsBasic]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { host_isolation_exceptions_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.blocklist]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { blocklist_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.eventFilters]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { event_filters_all: ['global_artifact_management_all'] }, }, ], [SecuritySubFeatureId.endpointExceptions]: [ { - feature: SECURITY_FEATURE_ID_V4, + feature: SECURITY_FEATURE_ID_V5, additionalPrivileges: { endpoint_exceptions_all: ['global_artifact_management_all'] }, }, ], - [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], + [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], }; /** @@ -121,9 +121,6 @@ export const getSecurityV2SubFeaturesMap = ({ subFeature = addSubFeatureReplacements(subFeature, featureReplacements); } - // Space awareness is now always enabled - set requireAllSpaces to false and remove privilegesTooltip - subFeature = { ...subFeature, requireAllSpaces: false, privilegesTooltip: undefined }; - return [id, subFeature]; }) ); diff --git a/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_features.ts index cfd69bc230411..c00578819438d 100644 --- a/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_features.ts @@ -24,7 +24,21 @@ import { LEGACY_NOTIFICATIONS_ID, CLOUD_POSTURE_APP_ID, SERVER_APP_ID, - SECURITY_FEATURE_ID_V4, + SECURITY_FEATURE_ID_V5, + RULES_FEATURE_ID, + LISTS_API_SUMMARY, + LISTS_API_READ, + LISTS_API_ALL, + SECURITY_UI_SHOW, + SECURITY_UI_CRUD, + INITIALIZE_SECURITY_SOLUTION, + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, } from '../../constants'; import type { SecurityFeatureParams } from '../types'; import type { BaseKibanaFeatureConfig } from '../../types'; @@ -56,12 +70,11 @@ export const getSecurityV3BaseKibanaFeature = ({ defaultMessage: 'The {currentId} permissions are deprecated, please see {latestId}.', values: { currentId: SECURITY_FEATURE_ID_V3, - latestId: SECURITY_FEATURE_ID_V4, + latestId: SECURITY_FEATURE_ID_V5, }, } ), }, - id: SECURITY_FEATURE_ID_V3, name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionTitle', @@ -87,14 +100,32 @@ export const getSecurityV3BaseKibanaFeature = ({ privileges: { all: { replacedBy: { - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - default: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['all'] }], - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - minimal: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['minimal_all'] }], + default: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['all'] }, + { feature: RULES_FEATURE_ID, privileges: ['all'] }, + ], + minimal: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_all'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_all'] }, + ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'rac', 'lists-all', 'lists-read', 'lists-summary'], + api: [ + APP_ID, + 'rac', + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], savedObject: { all: ['alert', ...savedObjects], read: [], @@ -106,18 +137,31 @@ export const getSecurityV3BaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show', 'crud'], + ui: [SECURITY_UI_SHOW, SECURITY_UI_CRUD], }, read: { replacedBy: { - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - default: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['read'] }], - // note: ESS/serverless specific productFeaturesExtensions modify this privilege array - minimal: [{ feature: SECURITY_FEATURE_ID_V4, privileges: ['minimal_read'] }], + default: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['read'] }, + { feature: RULES_FEATURE_ID, privileges: ['read'] }, + ], + minimal: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_read'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_read'] }, + ], }, app: [APP_ID, CLOUD_POSTURE_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'rac', 'lists-read'], + api: [ + APP_ID, + 'rac', + LISTS_API_READ, + RULES_API_READ, + ALERTS_API_READ, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], savedObject: { all: [], read: [...savedObjects], @@ -133,7 +177,7 @@ export const getSecurityV3BaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show'], + ui: [SECURITY_UI_SHOW], }, }, }); diff --git a/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts index ad41a12cd2cc2..cf73c98676132 100644 --- a/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v3_features/kibana_sub_features.ts @@ -28,27 +28,27 @@ import { socManagementSubFeature, } from '../kibana_sub_features'; import type { SubFeatureReplacements } from '../../types'; -import { SECURITY_FEATURE_ID_V4 } from '../../constants'; +import { SECURITY_FEATURE_ID_V5 } from '../../constants'; import { addSubFeatureReplacements } from '../../utils'; const replacements: Partial> = { - [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.workflowInsights]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.globalArtifactManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.trustedApplications]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.trustedDevices]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.hostIsolationExceptionsBasic]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.blocklist]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.eventFilters]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.endpointExceptions]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V4 }], - [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V4 }], + [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.workflowInsights]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.globalArtifactManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.trustedApplications]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.trustedDevices]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.hostIsolationExceptionsBasic]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.blocklist]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.eventFilters]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.endpointExceptions]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], }; /** @@ -98,9 +98,6 @@ export const getSecurityV3SubFeaturesMap = ({ subFeature = addSubFeatureReplacements(subFeature, featureReplacements); } - // Space awareness is now always enabled - set requireAllSpaces to false and remove privilegesTooltip - subFeature = { ...subFeature, requireAllSpaces: false, privilegesTooltip: undefined }; - return [id, subFeature]; }) ); diff --git a/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_features.ts index fcd6c2b7059eb..626e8b08f9086 100644 --- a/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_features.ts @@ -24,6 +24,21 @@ import { LEGACY_NOTIFICATIONS_ID, CLOUD_POSTURE_APP_ID, SERVER_APP_ID, + SECURITY_FEATURE_ID_V5, + RULES_FEATURE_ID, + LISTS_API_READ, + RULES_API_READ, + ALERTS_API_READ, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + LISTS_API_ALL, + LISTS_API_SUMMARY, + RULES_API_ALL, + ALERTS_API_ALL, + EXCEPTIONS_API_ALL, + SECURITY_UI_CRUD, + SECURITY_UI_SHOW, CLOUD_DEFEND_APP_ID, } from '../../constants'; import type { SecurityFeatureParams } from '../types'; @@ -49,6 +64,18 @@ const alertingFeatures = SECURITY_RULE_TYPES.map((ruleTypeId) => ({ export const getSecurityV4BaseKibanaFeature = ({ savedObjects, }: SecurityFeatureParams): BaseKibanaFeatureConfig => ({ + deprecated: { + notice: i18n.translate( + 'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionSecurity.deprecationMessage', + { + defaultMessage: 'The {currentId} permissions are deprecated, please see {latestId}.', + values: { + currentId: SECURITY_FEATURE_ID_V4, + latestId: SECURITY_FEATURE_ID_V5, + }, + } + ), + }, id: SECURITY_FEATURE_ID_V4, name: i18n.translate( 'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionTitle', @@ -73,9 +100,33 @@ export const getSecurityV4BaseKibanaFeature = ({ ), privileges: { all: { + replacedBy: { + default: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['all'] }, + { feature: RULES_FEATURE_ID, privileges: ['all'] }, + ], + minimal: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_all'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_all'] }, + ], + }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'rac', 'lists-all', 'lists-read', 'lists-summary'], + api: [ + APP_ID, + 'rac', + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + RULES_API_ALL, + RULES_API_READ, + ALERTS_API_ALL, + ALERTS_API_READ, + EXCEPTIONS_API_ALL, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], savedObject: { all: ['alert', ...savedObjects], read: [], @@ -87,12 +138,31 @@ export const getSecurityV4BaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show', 'crud'], + ui: [SECURITY_UI_SHOW, SECURITY_UI_CRUD], }, read: { + replacedBy: { + default: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['read'] }, + { feature: RULES_FEATURE_ID, privileges: ['read'] }, + ], + minimal: [ + { feature: SECURITY_FEATURE_ID_V5, privileges: ['minimal_read'] }, + { feature: RULES_FEATURE_ID, privileges: ['minimal_read'] }, + ], + }, app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], catalogue: [APP_ID], - api: [APP_ID, 'rac', 'lists-read'], + api: [ + APP_ID, + 'rac', + LISTS_API_READ, + RULES_API_READ, + ALERTS_API_READ, + EXCEPTIONS_API_READ, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], savedObject: { all: [], read: [...savedObjects], @@ -108,7 +178,7 @@ export const getSecurityV4BaseKibanaFeature = ({ management: { insightsAndAlerting: ['triggersActions'], }, - ui: ['show'], + ui: [SECURITY_UI_SHOW], }, }, }); diff --git a/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_sub_features.ts index bc58392a36e51..d463b81ab6205 100644 --- a/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_sub_features.ts +++ b/x-pack/solutions/security/packages/features/src/security/v4_features/kibana_sub_features.ts @@ -27,6 +27,29 @@ import { trustedDevicesSubFeature, socManagementSubFeature, } from '../kibana_sub_features'; +import type { SubFeatureReplacements } from '../../types'; +import { SECURITY_FEATURE_ID_V5 } from '../../constants'; +import { addSubFeatureReplacements } from '../../utils'; + +const replacements: Partial> = { + [SecuritySubFeatureId.endpointList]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.workflowInsights]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.globalArtifactManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.trustedApplications]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.trustedDevices]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.hostIsolationExceptionsBasic]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.blocklist]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.eventFilters]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.endpointExceptions]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.policyManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.responseActionsHistory]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.hostIsolation]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.processOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.fileOperations]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.executeAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.scanAction]: [{ feature: SECURITY_FEATURE_ID_V5 }], + [SecuritySubFeatureId.socManagement]: [{ feature: SECURITY_FEATURE_ID_V5 }], +}; /** * Sub-features that will always be available for Security @@ -70,8 +93,10 @@ export const getSecurityV4SubFeaturesMap = ({ securitySubFeaturesList.map(([id, originalSubFeature]) => { let subFeature = originalSubFeature; - // Space awareness is now always enabled - set requireAllSpaces to false and remove privilegesTooltip - subFeature = { ...subFeature, requireAllSpaces: false, privilegesTooltip: undefined }; + const featureReplacements = replacements[id]; + if (featureReplacements) { + subFeature = addSubFeatureReplacements(subFeature, featureReplacements); + } return [id, subFeature]; }) diff --git a/x-pack/solutions/security/packages/features/src/security/v5_features/kibana_features.ts b/x-pack/solutions/security/packages/features/src/security/v5_features/kibana_features.ts new file mode 100644 index 0000000000000..1d6a11166e6c7 --- /dev/null +++ b/x-pack/solutions/security/packages/features/src/security/v5_features/kibana_features.ts @@ -0,0 +1,78 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { i18n } from '@kbn/i18n'; + +import { DEFAULT_APP_CATEGORIES } from '@kbn/core-application-common'; +import { + APP_ID, + CLOUD_DEFEND_APP_ID, + CLOUD_POSTURE_APP_ID, + INITIALIZE_SECURITY_SOLUTION, + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + SECURITY_FEATURE_ID_V5, + SECURITY_UI_CRUD, + SECURITY_UI_SHOW, + USERS_API_READ, +} from '../../constants'; +import type { BaseKibanaFeatureConfig } from '../../types'; +import type { SecurityFeatureParams } from '../types'; + +export const getSecurityV5BaseKibanaFeature = ({ + savedObjects, +}: SecurityFeatureParams): BaseKibanaFeatureConfig => ({ + id: SECURITY_FEATURE_ID_V5, + name: i18n.translate( + 'securitySolutionPackages.features.featureRegistry.linkSecuritySolutionTitle', + { + defaultMessage: 'Security', + } + ), + order: 1100, + category: DEFAULT_APP_CATEGORIES.security, + app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], + catalogue: [APP_ID], + description: i18n.translate( + 'securitySolutionPackages.features.featureRegistry.securityGroupDescription', + { + defaultMessage: + "Each sub-feature privilege in this group must be assigned individually. Global assignment is only supported if your pricing plan doesn't allow individual feature privileges.", + } + ), + privileges: { + all: { + app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], + catalogue: [APP_ID], + api: [ + APP_ID, + 'rac', + LISTS_API_ALL, + LISTS_API_READ, + LISTS_API_SUMMARY, + USERS_API_READ, + INITIALIZE_SECURITY_SOLUTION, + ], + savedObject: { + all: ['alert', ...savedObjects], + read: [], + }, + ui: [SECURITY_UI_SHOW, SECURITY_UI_CRUD], + }, + read: { + app: [APP_ID, CLOUD_POSTURE_APP_ID, CLOUD_DEFEND_APP_ID, 'kibana'], + catalogue: [APP_ID], + api: [APP_ID, 'rac', LISTS_API_READ, USERS_API_READ, INITIALIZE_SECURITY_SOLUTION], + savedObject: { + all: [], + read: [...savedObjects], + }, + ui: [SECURITY_UI_SHOW], + }, + }, +}); diff --git a/x-pack/solutions/security/packages/features/src/security/v5_features/kibana_sub_features.ts b/x-pack/solutions/security/packages/features/src/security/v5_features/kibana_sub_features.ts new file mode 100644 index 0000000000000..1117b4db745e7 --- /dev/null +++ b/x-pack/solutions/security/packages/features/src/security/v5_features/kibana_sub_features.ts @@ -0,0 +1,79 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { SubFeatureConfig } from '@kbn/features-plugin/common'; +import { SecuritySubFeatureId } from '../../product_features_keys'; +import type { SecurityFeatureParams } from '../types'; +import { + endpointListSubFeature, + endpointExceptionsSubFeature, + globalArtifactManagementSubFeature, + trustedApplicationsSubFeature, + hostIsolationExceptionsBasicSubFeature, + blocklistSubFeature, + eventFiltersSubFeature, + policyManagementSubFeature, + responseActionsHistorySubFeature, + hostIsolationSubFeature, + processOperationsSubFeature, + fileOperationsSubFeature, + executeActionSubFeature, + scanActionSubFeature, + workflowInsightsSubFeature, + trustedDevicesSubFeature, + socManagementSubFeature, +} from '../kibana_sub_features'; + +/** + * Sub-features that will always be available for Security + * regardless of the product type. + */ +export const getSecurityV5BaseKibanaSubFeatureIds = ( + { experimentalFeatures }: SecurityFeatureParams // currently un-used, but left here as a convenience for possible future use +): SecuritySubFeatureId[] => []; + +/** + * Defines all the Security Assistant subFeatures available. + * The order of the subFeatures is the order they will be displayed + */ +export const getSecurityV5SubFeaturesMap = ({ + experimentalFeatures, +}: SecurityFeatureParams): Map => { + const securitySubFeaturesList: Array<[SecuritySubFeatureId, SubFeatureConfig]> = [ + [SecuritySubFeatureId.endpointList, endpointListSubFeature()], + [SecuritySubFeatureId.workflowInsights, workflowInsightsSubFeature()], + [SecuritySubFeatureId.socManagement, socManagementSubFeature()], + [ + SecuritySubFeatureId.globalArtifactManagement, + globalArtifactManagementSubFeature(experimentalFeatures), + ], + [SecuritySubFeatureId.trustedApplications, trustedApplicationsSubFeature()], + [SecuritySubFeatureId.trustedDevices, trustedDevicesSubFeature()], + [SecuritySubFeatureId.hostIsolationExceptionsBasic, hostIsolationExceptionsBasicSubFeature()], + [SecuritySubFeatureId.blocklist, blocklistSubFeature()], + [SecuritySubFeatureId.eventFilters, eventFiltersSubFeature()], + [SecuritySubFeatureId.endpointExceptions, endpointExceptionsSubFeature()], + [SecuritySubFeatureId.policyManagement, policyManagementSubFeature()], + [SecuritySubFeatureId.responseActionsHistory, responseActionsHistorySubFeature()], + [SecuritySubFeatureId.hostIsolation, hostIsolationSubFeature()], + [SecuritySubFeatureId.processOperations, processOperationsSubFeature()], + [SecuritySubFeatureId.fileOperations, fileOperationsSubFeature()], + [SecuritySubFeatureId.executeAction, executeActionSubFeature()], + [SecuritySubFeatureId.scanAction, scanActionSubFeature()], + ]; + + const securitySubFeaturesMap = new Map( + securitySubFeaturesList + ); + + // Remove disabled experimental features + if (!experimentalFeatures.trustedDevices) { + securitySubFeaturesMap.delete(SecuritySubFeatureId.trustedDevices); + } + + return Object.freeze(securitySubFeaturesMap); +}; diff --git a/x-pack/solutions/security/packages/features/src/types.ts b/x-pack/solutions/security/packages/features/src/types.ts index 959528dd5361a..2a0b6ad2c2fe5 100644 --- a/x-pack/solutions/security/packages/features/src/types.ts +++ b/x-pack/solutions/security/packages/features/src/types.ts @@ -23,6 +23,7 @@ import type { ProductFeatureSiemMigrationsKey, ProductFeatureTimelineKey, ProductFeatureNotesKey, + ProductFeatureRulesKey, } from './product_features_keys'; export type { ProductFeatureKeyType }; @@ -94,6 +95,7 @@ export type TimelineProductFeaturesConfig = ProductFeaturesConfig; export type SiemMigrationsProductFeaturesConfig = ProductFeaturesConfig; +export type RulesProductFeaturesConfig = ProductFeaturesConfig; export type AppSubFeaturesMap = Map; @@ -122,6 +124,7 @@ interface ProductFeatureConfigExtensions { timeline: ConfigExtensions; notes: ConfigExtensions; siemMigrations: ConfigExtensions; + rules: ConfigExtensions; } export type ProductFeaturesConfiguratorExtensions = Partial; diff --git a/x-pack/solutions/security/packages/kbn-securitysolution-exception-list-components/src/exception_item_card/meta/index.tsx b/x-pack/solutions/security/packages/kbn-securitysolution-exception-list-components/src/exception_item_card/meta/index.tsx index f076d18f24217..8cf8343a2d271 100644 --- a/x-pack/solutions/security/packages/kbn-securitysolution-exception-list-components/src/exception_item_card/meta/index.tsx +++ b/x-pack/solutions/security/packages/kbn-securitysolution-exception-list-components/src/exception_item_card/meta/index.tsx @@ -104,17 +104,19 @@ export const ExceptionItemCardMetaInfo = memo( )} )} - - - + {referencedLinks != null && ( + + + + )} ); } diff --git a/x-pack/solutions/security/plugins/cloud_security_posture/public/test/constants.ts b/x-pack/solutions/security/plugins/cloud_security_posture/public/test/constants.ts index 9178df8e5b867..3ec601ce0b177 100644 --- a/x-pack/solutions/security/plugins/cloud_security_posture/public/test/constants.ts +++ b/x-pack/solutions/security/plugins/cloud_security_posture/public/test/constants.ts @@ -5,4 +5,4 @@ * 2.0. */ -export const SECURITY_FEATURE_ID = 'siemV4'; +export const SECURITY_FEATURE_ID = 'siemV5'; diff --git a/x-pack/solutions/security/plugins/elastic_assistant/common/constants.ts b/x-pack/solutions/security/plugins/elastic_assistant/common/constants.ts index 66081eec3c2fa..6165a1f76d542 100755 --- a/x-pack/solutions/security/plugins/elastic_assistant/common/constants.ts +++ b/x-pack/solutions/security/plugins/elastic_assistant/common/constants.ts @@ -6,7 +6,7 @@ */ export { - SECURITY_FEATURE_ID_V4 as SECURITY_FEATURE_ID, + SECURITY_FEATURE_ID_V5 as SECURITY_FEATURE_ID, CASES_FEATURE_ID_V3 as CASES_FEATURE_ID, } from '@kbn/security-solution-features/constants'; diff --git a/x-pack/solutions/security/plugins/elastic_assistant/scripts/create_and_login_users.js b/x-pack/solutions/security/plugins/elastic_assistant/scripts/create_and_login_users.js index ba9d479c66111..ff6c7a6cba14b 100644 --- a/x-pack/solutions/security/plugins/elastic_assistant/scripts/create_and_login_users.js +++ b/x-pack/solutions/security/plugins/elastic_assistant/scripts/create_and_login_users.js @@ -98,6 +98,7 @@ const createRestrictedRole = async (roleName) => { uptime: ['all'], observabilityCasesV3: ['all'], [SECURITY_FEATURE_ID]: ['all'], + rules: ['all'], securitySolutionCasesV3: ['all'], securitySolutionTimeline: ['all'], securitySolutionNotes: ['all'], diff --git a/x-pack/solutions/security/plugins/lists/moon.yml b/x-pack/solutions/security/plugins/lists/moon.yml index 8ed78ffe9a96f..a277c14b8d891 100644 --- a/x-pack/solutions/security/plugins/lists/moon.yml +++ b/x-pack/solutions/security/plugins/lists/moon.yml @@ -53,6 +53,7 @@ dependsOn: - '@kbn/core-http-server-mocks' - '@kbn/core-http-server-utils' - '@kbn/react-query' + - '@kbn/security-solution-features' tags: - plugin - prod diff --git a/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_item_route.ts index 1ee178e9bc646..d4fb35dfec058 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_item_route.ts @@ -13,6 +13,7 @@ import { CreateEndpointListItemRequestBody, CreateEndpointListItemResponse, } from '@kbn/securitysolution-endpoint-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -26,7 +27,7 @@ export const createEndpointListItemRoute = (router: ListsPluginRouter): void => path: ENDPOINT_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_route.ts index 54887adba7df4..70092c8bc6835 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/create_endpoint_list_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { ENDPOINT_LIST_URL } from '@kbn/securitysolution-list-constants'; import { CreateEndpointListResponse } from '@kbn/securitysolution-endpoint-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -30,7 +31,7 @@ export const createEndpointListRoute = (router: ListsPluginRouter): void => { path: ENDPOINT_LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_item_route.ts index e5c6bfd09dfc5..a3c17034d8247 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_item_route.ts @@ -13,6 +13,7 @@ import { CreateExceptionListItemRequestBody, CreateExceptionListItemResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -28,7 +29,7 @@ export const createExceptionListItemRoute = (router: ListsPluginRouter): void => path: EXCEPTION_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_route.ts index c7e0a952743c3..fcc089dc4d566 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/create_exception_list_route.ts @@ -13,6 +13,7 @@ import { CreateExceptionListRequestBody, CreateExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -25,7 +26,7 @@ export const createExceptionListRoute = (router: ListsPluginRouter): void => { path: EXCEPTION_LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/delete_endpoint_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/delete_endpoint_list_item_route.ts index ee7093bcc1c50..aebc0f772dc6b 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/delete_endpoint_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/delete_endpoint_list_item_route.ts @@ -12,6 +12,7 @@ import { DeleteEndpointListItemRequestQuery, DeleteEndpointListItemResponse, } from '@kbn/securitysolution-endpoint-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -28,7 +29,7 @@ export const deleteEndpointListItemRoute = (router: ListsPluginRouter): void => path: ENDPOINT_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_item_route.ts index d8eb32e9eeaf3..fae33f8fdcf90 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_item_route.ts @@ -12,6 +12,7 @@ import { DeleteExceptionListItemRequestQuery, DeleteExceptionListItemResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -28,7 +29,7 @@ export const deleteExceptionListItemRoute = (router: ListsPluginRouter): void => path: EXCEPTION_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_route.ts index db6bb460cbd37..0b7e746182be0 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/delete_exception_list_route.ts @@ -12,6 +12,7 @@ import { DeleteExceptionListRequestQuery, DeleteExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const deleteExceptionListRoute = (router: ListsPluginRouter): void => { path: EXCEPTION_LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/duplicate_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/duplicate_exception_list_route.ts index 308a2e4cd3a4c..c8ed978b65940 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/duplicate_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/duplicate_exception_list_route.ts @@ -12,6 +12,7 @@ import { DuplicateExceptionListRequestQuery, DuplicateExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const duplicateExceptionsRoute = (router: ListsPluginRouter): void => { path: `${EXCEPTION_LIST_URL}/_duplicate`, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/export_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/export_exception_list_route.ts index 8fdd7dbc5e392..de27a9778be3c 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/export_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/export_exception_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { EXCEPTION_LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { ExportExceptionListRequestQuery } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -21,7 +22,7 @@ export const exportExceptionsRoute = (router: ListsPluginRouter): void => { path: `${EXCEPTION_LIST_URL}/_export`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/find_endpoint_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/find_endpoint_list_item_route.ts index d54560fb6c929..c19701b62d035 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/find_endpoint_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/find_endpoint_list_item_route.ts @@ -12,6 +12,7 @@ import { FindEndpointListItemsRequestQuery, FindEndpointListItemsResponse, } from '@kbn/securitysolution-endpoint-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const findEndpointListItemRoute = (router: ListsPluginRouter): void => { path: `${ENDPOINT_LIST_ITEM_URL}/_find`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_item_route.ts index 964a13296c804..bd5a0465bae34 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_item_route.ts @@ -12,6 +12,7 @@ import { FindExceptionListItemsRequestQuery, FindExceptionListItemsResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const findExceptionListItemRoute = (router: ListsPluginRouter): void => { path: `${EXCEPTION_LIST_ITEM_URL}/_find`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_route.ts index 43a890780013b..85e2ff63eea18 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/find_exception_list_route.ts @@ -12,6 +12,7 @@ import { FindExceptionListsRequestQuery, FindExceptionListsResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const findExceptionListRoute = (router: ListsPluginRouter): void => { path: `${EXCEPTION_LIST_URL}/_find`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/import_exceptions_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/import_exceptions_route.ts index 4dc6ddc7a30a4..a35efffde1c9f 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/import_exceptions_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/import_exceptions_route.ts @@ -15,6 +15,7 @@ import { ImportExceptionListRequestQuery, ImportExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; import type { ConfigType } from '../config'; @@ -39,7 +40,7 @@ export const importExceptionsRoute = (router: ListsPluginRouter, config: ConfigT path: `${EXCEPTION_LIST_URL}/_import`, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/internal/create_exceptions_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/internal/create_exceptions_list_route.ts index 78187e5427eb1..d22cf64c03f42 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/internal/create_exceptions_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/internal/create_exceptions_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import type { InternalCreateExceptionListSchemaDecoded } from '@kbn/securitysolution-io-ts-list-types'; import { internalCreateExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types'; import { INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL } from '@kbn/securitysolution-list-constants'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import { createExceptionListHandler } from '../../handlers/create_exception_list_handler'; import type { ListsPluginRouter } from '../../types'; @@ -21,7 +22,7 @@ export const internalCreateExceptionListRoute = (router: ListsPluginRouter): voi path: INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/internal/find_lists_by_size_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/internal/find_lists_by_size_route.ts index f8e5fc23e2e15..cb63dd37f2de2 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/internal/find_lists_by_size_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/internal/find_lists_by_size_route.ts @@ -13,6 +13,7 @@ import { MAXIMUM_SMALL_VALUE_LIST_SIZE, } from '@kbn/securitysolution-list-constants'; import { chunk } from 'lodash'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { decodeCursor } from '../../services/utils'; @@ -26,7 +27,7 @@ export const findListsBySizeRoute = (router: ListsPluginRouter): void => { path: INTERNAL_FIND_LISTS_BY_SIZE, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list/create_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list/create_list_route.ts index 23934bdfc792f..58be1c9611464 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list/create_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list/create_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { CreateListRequestBody, CreateListResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -21,7 +22,7 @@ export const createListRoute = (router: ListsPluginRouter): void => { path: LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list/delete_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list/delete_list_route.ts index a2f53918f12d5..918b568de020d 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list/delete_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list/delete_list_route.ts @@ -19,6 +19,7 @@ import { getSavedObjectType } from '@kbn/securitysolution-list-utils'; import { LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { DeleteListRequestQuery, DeleteListResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import type { ExceptionListClient } from '../../services/exception_lists/exception_list_client'; @@ -33,7 +34,7 @@ export const deleteListRoute = (router: ListsPluginRouter): void => { path: LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list/import_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list/import_list_item_route.ts index 36996cc8e6da9..238023d355653 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list/import_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list/import_list_item_route.ts @@ -15,6 +15,7 @@ import { ImportListItemsRequestQuery, ImportListItemsResponse, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import type { ConfigType } from '../../config'; @@ -41,7 +42,7 @@ export const importListItemRoute = (router: ListsPluginRouter, config: ConfigTyp path: `${LIST_ITEM_URL}/_import`, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list/patch_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list/patch_list_route.ts index 369084cc21a2d..dfe5a41ee1673 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list/patch_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list/patch_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { PatchListRequestBody, PatchListResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -21,7 +22,7 @@ export const patchListRoute = (router: ListsPluginRouter): void => { path: LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list/read_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list/read_list_route.ts index 7fa6d20867bec..24b0aa2ca5417 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list/read_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list/read_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { ReadListRequestQuery, ReadListResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -21,7 +22,7 @@ export const readListRoute = (router: ListsPluginRouter): void => { path: LIST_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list/update_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list/update_list_route.ts index a09c91b869372..b85d0dd908551 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list/update_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list/update_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { UpdateListRequestBody, UpdateListResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -21,7 +22,7 @@ export const updateListRoute = (router: ListsPluginRouter): void => { path: LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_index/create_list_index_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_index/create_list_index_route.ts index e91df6490547e..dc3d47d9dedd0 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_index/create_list_index_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_index/create_list_index_route.ts @@ -11,6 +11,7 @@ import { type CreateListIndexResponse, CreateListIndexResponse as ResponseSchema, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -39,7 +40,7 @@ export const createListIndexRoute = (router: ListsPluginRouter): void => { path: LIST_INDEX, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_index/delete_list_index_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_index/delete_list_index_route.ts index e880b96c868a9..4930e85090890 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_index/delete_list_index_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_index/delete_list_index_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_INDEX } from '@kbn/securitysolution-list-constants'; import { DeleteListIndexResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListClient } from '../../services/lists/list_client'; import type { ListsPluginRouter } from '../../types'; @@ -37,7 +38,7 @@ export const deleteListIndexRoute = (router: ListsPluginRouter): void => { path: LIST_INDEX, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_index/export_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_index/export_list_item_route.ts index 0c66787b80739..ea50192251909 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_index/export_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_index/export_list_item_route.ts @@ -11,6 +11,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_ITEM_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { ExportListItemsRequestQuery } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -23,7 +24,7 @@ export const exportListItemRoute = (router: ListsPluginRouter): void => { path: `${LIST_ITEM_URL}/_export`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_index/find_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_index/find_list_route.ts index 13dd137a3d84f..c8f92970a95ca 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_index/find_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_index/find_list_route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_URL } from '@kbn/securitysolution-list-constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { FindListsRequestQuery, FindListsResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { decodeCursor } from '../../services/utils'; @@ -21,7 +22,7 @@ export const findListRoute = (router: ListsPluginRouter): void => { path: `${LIST_URL}/_find`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_index/read_list_index_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_index/read_list_index_route.ts index 2cbe90aa3c81e..88bfd360c00ca 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_index/read_list_index_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_index/read_list_index_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_INDEX } from '@kbn/securitysolution-list-constants'; import { ReadListIndexResponse } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -20,7 +21,7 @@ export const readListIndexRoute = (router: ListsPluginRouter): void => { path: LIST_INDEX, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_item/create_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_item/create_list_item_route.ts index b43b5e258d42a..ff55b8d816b2a 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_item/create_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_item/create_list_item_route.ts @@ -12,6 +12,7 @@ import { CreateListItemRequestBody, CreateListItemResponse, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -24,7 +25,7 @@ export const createListItemRoute = (router: ListsPluginRouter): void => { path: LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_item/delete_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_item/delete_list_item_route.ts index 94c6b17f28d4d..1817be3399301 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_item/delete_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_item/delete_list_item_route.ts @@ -12,6 +12,7 @@ import { DeleteListItemRequestQuery, DeleteListItemResponse, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -24,7 +25,7 @@ export const deleteListItemRoute = (router: ListsPluginRouter): void => { path: LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_item/find_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_item/find_list_item_route.ts index 5ed305de7ec8a..e8d17d4a7434b 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_item/find_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_item/find_list_item_route.ts @@ -12,6 +12,7 @@ import { FindListItemsRequestQuery, FindListItemsResponse, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { decodeCursor } from '../../services/utils'; @@ -24,7 +25,7 @@ export const findListItemRoute = (router: ListsPluginRouter): void => { path: `${LIST_ITEM_URL}/_find`, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_item/patch_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_item/patch_list_item_route.ts index ef9290bc2ef32..37808784869c9 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_item/patch_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_item/patch_list_item_route.ts @@ -12,6 +12,7 @@ import { PatchListItemRequestBody, PatchListItemResponse, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -24,7 +25,7 @@ export const patchListItemRoute = (router: ListsPluginRouter): void => { path: LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_item/read_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_item/read_list_item_route.ts index 421108552b7bd..dd88b489801cf 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_item/read_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_item/read_list_item_route.ts @@ -12,6 +12,7 @@ import { ReadListItemRequestQuery, ReadListItemResponse, } from '@kbn/securitysolution-lists-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse } from '../utils'; @@ -24,7 +25,7 @@ export const readListItemRoute = (router: ListsPluginRouter): void => { path: LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_item/update_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_item/update_list_item_route.ts index 14c992870e921..b99d79dfe4e42 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_item/update_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_item/update_list_item_route.ts @@ -7,6 +7,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { LIST_ITEM_URL } from '@kbn/securitysolution-list-constants'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { UpdateListItemRequestBody, @@ -24,7 +25,7 @@ export const updateListItemRoute = (router: ListsPluginRouter): void => { path: LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts index bf322d10cfc85..d7758cdeab850 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts @@ -8,6 +8,7 @@ import { readPrivileges, transformError } from '@kbn/securitysolution-es-utils'; import { merge } from 'lodash/fp'; import { LIST_PRIVILEGES_URL } from '@kbn/securitysolution-list-constants'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../../types'; import { buildSiemResponse, getListClient } from '../utils'; @@ -19,7 +20,7 @@ export const readPrivilegesRoute = (router: ListsPluginRouter): void => { path: LIST_PRIVILEGES_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/read_endpoint_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/read_endpoint_list_item_route.ts index 2f607d4c4c334..4a6b1aabd8685 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/read_endpoint_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/read_endpoint_list_item_route.ts @@ -12,6 +12,7 @@ import { ReadEndpointListItemRequestQuery, ReadEndpointListItemResponse, } from '@kbn/securitysolution-endpoint-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -28,7 +29,7 @@ export const readEndpointListItemRoute = (router: ListsPluginRouter): void => { path: ENDPOINT_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_item_route.ts index ceb0195c390ab..55f875388310a 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_item_route.ts @@ -12,6 +12,7 @@ import { ReadExceptionListItemRequestQuery, ReadExceptionListItemResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -28,7 +29,7 @@ export const readExceptionListItemRoute = (router: ListsPluginRouter): void => { path: EXCEPTION_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_route.ts index 2ff46ffba56f4..3f89d3feceba9 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/read_exception_list_route.ts @@ -12,6 +12,7 @@ import { ReadExceptionListRequestQuery, ReadExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_READ } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const readExceptionListRoute = (router: ListsPluginRouter): void => { path: EXCEPTION_LIST_URL, security: { authz: { - requiredPrivileges: ['lists-read'], + requiredPrivileges: [LISTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/summary_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/summary_exception_list_route.ts index bf5fe000a7fb6..231d9ca622d94 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/summary_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/summary_exception_list_route.ts @@ -12,6 +12,7 @@ import { ReadExceptionListSummaryRequestQuery, ReadExceptionListSummaryResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_SUMMARY } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const summaryExceptionListRoute = (router: ListsPluginRouter): void => { path: `${EXCEPTION_LIST_URL}/summary`, security: { authz: { - requiredPrivileges: ['lists-summary'], + requiredPrivileges: [LISTS_API_SUMMARY], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/update_endpoint_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/update_endpoint_list_item_route.ts index a6c633ab57c3a..e5350ec0268d1 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/update_endpoint_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/update_endpoint_list_item_route.ts @@ -12,6 +12,7 @@ import { UpdateEndpointListItemRequestBody, UpdateEndpointListItemResponse, } from '@kbn/securitysolution-endpoint-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -26,7 +27,7 @@ export const updateEndpointListItemRoute = (router: ListsPluginRouter): void => path: ENDPOINT_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_item_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_item_route.ts index da1541bb86178..b0fd92e52e732 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_item_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_item_route.ts @@ -12,6 +12,7 @@ import { UpdateExceptionListItemRequestBody, UpdateExceptionListItemResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -27,7 +28,7 @@ export const updateExceptionListItemRoute = (router: ListsPluginRouter): void => path: EXCEPTION_LIST_ITEM_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_route.ts b/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_route.ts index 36d65d9b1ac5e..dda81dcf1e54f 100644 --- a/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_route.ts +++ b/x-pack/solutions/security/plugins/lists/server/routes/update_exception_list_route.ts @@ -12,6 +12,7 @@ import { UpdateExceptionListRequestBody, UpdateExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { LISTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { ListsPluginRouter } from '../types'; @@ -24,7 +25,7 @@ export const updateExceptionListRoute = (router: ListsPluginRouter): void => { path: EXCEPTION_LIST_URL, security: { authz: { - requiredPrivileges: ['lists-all'], + requiredPrivileges: [LISTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/lists/tsconfig.json b/x-pack/solutions/security/plugins/lists/tsconfig.json index 338cab6e0f12f..ee588d1d40e1e 100644 --- a/x-pack/solutions/security/plugins/lists/tsconfig.json +++ b/x-pack/solutions/security/plugins/lists/tsconfig.json @@ -45,7 +45,8 @@ "@kbn/core-security-server", "@kbn/core-http-server-mocks", "@kbn/core-http-server-utils", - "@kbn/react-query" + "@kbn/react-query", + "@kbn/security-solution-features" ], "exclude": ["target/**/*"] } diff --git a/x-pack/solutions/security/plugins/security_solution/common/constants.ts b/x-pack/solutions/security/plugins/security_solution/common/constants.ts index 137eab8c376a5..5a4ccdad7d165 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/constants.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/constants.ts @@ -7,6 +7,7 @@ import { RuleNotifyWhen } from '@kbn/alerting-plugin/common'; import type { FilterControlConfig } from '@kbn/alerts-ui-shared'; +import { SECURITY_FEATURE_ID_V5 } from '@kbn/security-solution-features/constants'; import * as i18n from './translations'; export { @@ -28,7 +29,8 @@ export const CASES_FEATURE_ID = 'securitySolutionCasesV3' as const; export const TIMELINE_FEATURE_ID = 'securitySolutionTimeline' as const; export const NOTES_FEATURE_ID = 'securitySolutionNotes' as const; export const SERVER_APP_ID = 'siem' as const; -export const SECURITY_FEATURE_ID = 'siemV4' as const; +export const SECURITY_FEATURE_ID = SECURITY_FEATURE_ID_V5; +export { RULES_FEATURE_ID } from '@kbn/security-solution-features/constants'; export const APP_NAME = 'Security' as const; export const APP_ICON_SOLUTION = 'logoSecurity' as const; export const APP_PATH = `/app/security` as const; diff --git a/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.test.tsx index b0c17049d1d8a..80855a7b8f1d3 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.test.tsx @@ -49,6 +49,7 @@ describe('global header', () => { }, }; const store = createMockStore(state); + // mock capabilities to exclude Search AI Lake configurations beforeEach(() => { jest.clearAllMocks(); (useKibana as jest.Mock).mockReturnValue({ @@ -57,6 +58,7 @@ describe('global header', () => { ...mockUseKibana().services, application: { capabilities: { + ...mockUseKibana().services.application.capabilities, [SECURITY_FEATURE_ID]: { configurations: false, }, @@ -65,6 +67,7 @@ describe('global header', () => { }, }); }); + it('has add data link', () => { const { getByText } = render( @@ -94,6 +97,7 @@ describe('global header', () => { [SECURITY_FEATURE_ID]: { configurations: true, }, + fleet: { read: true }, }, }, }, diff --git a/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.tsx index e6d32d9a15154..c998688a04cad 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/app/home/global_header/index.tsx @@ -52,6 +52,8 @@ export const GlobalHeader = React.memo(() => { application: { capabilities }, } = useKibana().services; const hasSearchAILakeConfigurations = capabilities[SECURITY_FEATURE_ID]?.configurations === true; + const canReadFleet = capabilities.fleet.read === true; + const canAddData = canReadFleet && !hasSearchAILakeConfigurations; const { pathname } = useLocation(); const getTimeline = useMemo(() => timelineSelectors.getTimelineByIdSelector(), []); @@ -103,7 +105,7 @@ export const GlobalHeader = React.memo(() => { - {!hasSearchAILakeConfigurations && ( + {canAddData && ( { it('for serverless, it specifies capabilities as an AND condition, via a nested array', () => { expect(links.capabilities).toEqual([ - [`${SECURITY_FEATURE_ID}.show`, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`], + [RULES_UI_READ_PRIVILEGE, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`], ]); }); diff --git a/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/links.ts b/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/links.ts index bab8fec37b6de..69e06e41bca36 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/links.ts @@ -7,19 +7,17 @@ import { i18n } from '@kbn/i18n'; +import { RULES_UI_READ_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { ATTACK_DISCOVERY } from '../app/translations'; import { ATTACK_DISCOVERY_FEATURE_ID, ATTACK_DISCOVERY_PATH, SecurityPageName, - SECURITY_FEATURE_ID, } from '../../common/constants'; import type { LinkItem } from '../common/links/types'; export const links: LinkItem = { - capabilities: [ - [`${SECURITY_FEATURE_ID}.show`, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`], - ], // This is an AND condition via the nested array + capabilities: [[RULES_UI_READ_PRIVILEGE, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`]], // This is an AND condition via the nested array globalNavPosition: 4, globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.attackDiscovery', { diff --git a/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.test.tsx index dce6e97d7741c..f29740ab8408a 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/index.test.tsx @@ -24,6 +24,7 @@ import { mockFindAnonymizationFieldsResponse } from './mock/mock_find_anonymizat import { ATTACK_DISCOVERY_PAGE_TITLE } from './page_title/translations'; import { useAttackDiscovery } from './use_attack_discovery'; import { useLoadConnectors } from '@kbn/elastic-assistant/impl/connectorland/use_load_connectors'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { CALLOUT_TEST_DATA_ID } from './moving_attacks_callout'; import { useMovingAttacksCallout } from './moving_attacks_callout/use_moving_attacks_callout'; import { mockUseMovingAttacksCallout } from './moving_attacks_callout/use_moving_attacks_callout.mock'; @@ -78,7 +79,7 @@ jest.mock( }) ); -const mockSecurityCapabilities = [`${SECURITY_FEATURE_ID}.show`]; +const mockSecurityCapabilities = [SECURITY_UI_SHOW_PRIVILEGE]; jest.mock('../../common/links', () => ({ useLinkInfo: () => diff --git a/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/results/history/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/results/history/index.test.tsx index 580568ca94d63..b9fa376ea8689 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/results/history/index.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/attack_discovery/pages/results/history/index.test.tsx @@ -35,7 +35,42 @@ jest.mock('react-router-dom-v5-compat', () => ({ jest.mock('../../../../common/lib/kibana', () => ({ useDateFormat: jest.fn(), - useKibana: jest.fn(), + useKibana: jest.fn(() => ({ + services: { + application: { + capabilities: { + siemV2: { crud_alerts: true, read_alerts: true }, + siemV3: { configurations: true }, + siemV4: { configurations: true }, + siemV5: { configurations: true }, + }, + navigateToUrl: jest.fn(), + }, + cases: { + helpers: { + canUseCases: jest.fn().mockReturnValue({ + all: true, + connectors: true, + create: true, + delete: true, + push: true, + read: true, + settings: true, + update: true, + }), + }, + hooks: { + useCasesAddToExistingCase: jest.fn(), + useCasesAddToExistingCaseModal: jest.fn().mockReturnValue({ open: jest.fn() }), + useCasesAddToNewCaseFlyout: jest.fn(), + }, + ui: { getCasesContext: mockCasesContext }, + }, + theme: { + getTheme: jest.fn().mockReturnValue({ darkMode: false }), + }, + }, + })), useToasts: jest.fn(() => ({ addError: jest.fn(), addSuccess: jest.fn(), diff --git a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/links.ts b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/links.ts index d22284258680d..d2a210f394e3e 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/cloud_security_posture/links.ts @@ -6,8 +6,8 @@ */ import { getSecuritySolutionLink } from '@kbn/cloud-security-posture-plugin/public'; import { i18n } from '@kbn/i18n'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; import type { SecurityPageName } from '../../common/constants'; -import { SECURITY_FEATURE_ID } from '../../common/constants'; import cloudSecurityPostureDashboardImage from '../common/images/cloud_security_posture_dashboard_page.png'; import cloudNativeVulnerabilityManagementDashboardImage from '../common/images/cloud_native_vulnerability_management_dashboard_page.png'; import type { LinkItem } from '../common/links/types'; @@ -15,7 +15,7 @@ import { IconEndpoints } from '../common/icons/endpoints'; const commonLinkProperties: Partial = { hideTimeline: true, - capabilities: [`${SECURITY_FEATURE_ID}.show`], + capabilities: [SECURITY_UI_SHOW_PRIVILEGE], }; export const findingsLinks: LinkItem = { diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/__mocks__/index.ts b/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/__mocks__/index.ts index a5238afacf13d..b2db7c5d3d29c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/__mocks__/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/__mocks__/index.ts @@ -9,10 +9,11 @@ import type { UserPrivilegesState } from '../user_privileges_context'; import { initialUserPrivilegesState } from '../user_privileges_context'; import { getEndpointPrivilegesInitialStateMock } from '../endpoint/mocks'; -export const getUserPrivilegesMockDefaultValue = () => { +export const getUserPrivilegesMockDefaultValue = (overrides: Partial = {}) => { const mockedPrivileges: UserPrivilegesState = { ...initialUserPrivilegesState(), - endpointPrivileges: getEndpointPrivilegesInitialStateMock(), + ...overrides, + endpointPrivileges: getEndpointPrivilegesInitialStateMock(overrides.endpointPrivileges), }; return mockedPrivileges; diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/user_privileges_context.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/user_privileges_context.tsx index 435e5005451de..ac89eaa438ed9 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/user_privileges_context.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/common/components/user_privileges/user_privileges_context.tsx @@ -7,7 +7,8 @@ import React, { createContext, useMemo } from 'react'; import type { Capabilities } from '@kbn/core/types'; -import { SECURITY_FEATURE_ID } from '../../../../common/constants'; +import { RULES_UI_EDIT, RULES_UI_READ } from '@kbn/security-solution-features/constants'; +import { SECURITY_FEATURE_ID, RULES_FEATURE_ID } from '../../../../common/constants'; import { useFetchListPrivileges } from '../../../detections/components/user_privileges/use_fetch_list_privileges'; import { useFetchDetectionEnginePrivileges } from '../../../detections/components/user_privileges/use_fetch_detection_engine_privileges'; import { getEndpointPrivilegesInitialState, useEndpointPrivileges } from './endpoint'; @@ -19,18 +20,20 @@ export interface UserPrivilegesState { listPrivileges: ReturnType; detectionEnginePrivileges: ReturnType; endpointPrivileges: EndpointPrivileges; - kibanaSecuritySolutionsPrivileges: { crud: boolean; read: boolean }; + siemPrivileges: { crud: boolean; read: boolean }; timelinePrivileges: { crud: boolean; read: boolean }; notesPrivileges: { crud: boolean; read: boolean }; + rulesPrivileges: { read: boolean; edit: boolean }; } export const initialUserPrivilegesState = (): UserPrivilegesState => ({ listPrivileges: { loading: false, error: undefined, result: undefined }, detectionEnginePrivileges: { loading: false, error: undefined, result: undefined }, endpointPrivileges: getEndpointPrivilegesInitialState(), - kibanaSecuritySolutionsPrivileges: { crud: false, read: false }, + siemPrivileges: { crud: false, read: false }, timelinePrivileges: { crud: false, read: false }, notesPrivileges: { crud: false, read: false }, + rulesPrivileges: { read: false, edit: false }, }); export const UserPrivilegesContext = createContext( initialUserPrivilegesState() @@ -48,11 +51,17 @@ export const UserPrivilegesProvider = ({ const crud: boolean = kibanaCapabilities[SECURITY_FEATURE_ID].crud === true; const read: boolean = kibanaCapabilities[SECURITY_FEATURE_ID].show === true; - const listPrivileges = useFetchListPrivileges(read); - const detectionEnginePrivileges = useFetchDetectionEnginePrivileges(read); + const rulesCapabilities = kibanaCapabilities[RULES_FEATURE_ID]; + const readRules = rulesCapabilities?.[RULES_UI_READ] === true; + const editRules = rulesCapabilities?.[RULES_UI_EDIT] === true; + + const shouldFetchListPrivileges = read || readRules; + + const listPrivileges = useFetchListPrivileges(shouldFetchListPrivileges); + const detectionEnginePrivileges = useFetchDetectionEnginePrivileges(); const endpointPrivileges = useEndpointPrivileges(); - const kibanaSecuritySolutionsPrivileges = useMemo( + const siemPrivileges = useMemo( () => ({ crud, read, @@ -70,22 +79,31 @@ export const UserPrivilegesProvider = ({ [kibanaCapabilities] ); + const rulesPrivileges = useMemo(() => { + return { + read: readRules, + edit: editRules, + }; + }, [readRules, editRules]); + const contextValue = useMemo( () => ({ listPrivileges, detectionEnginePrivileges, endpointPrivileges, - kibanaSecuritySolutionsPrivileges, + siemPrivileges, timelinePrivileges, notesPrivileges, + rulesPrivileges, }), [ listPrivileges, detectionEnginePrivileges, endpointPrivileges, - kibanaSecuritySolutionsPrivileges, + siemPrivileges, timelinePrivileges, notesPrivileges, + rulesPrivileges, ] ); diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.test.tsx index 6ef2b022f0e77..789564eea1646 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.test.tsx @@ -8,8 +8,8 @@ import { renderHook } from '@testing-library/react'; import { useMissingPrivileges } from './use_missing_privileges'; import { useUserPrivileges } from '../components/user_privileges'; -import { useUserData } from '../../detections/components/user_info'; -import { SECURITY_FEATURE_ID } from '../../../common'; +import { getUserPrivilegesMockDefaultValue } from '../components/user_privileges/__mocks__'; +import { RULES_FEATURE_ID } from '../../../common/constants'; jest.mock('../components/user_privileges'); jest.mock('../../detections/components/user_info'); @@ -32,6 +32,7 @@ const detectionEnginePrivileges = { is_authenticated: true, has_encryption_key: true, }; + const listPrivileges = { is_authenticated: true, lists: { @@ -68,99 +69,105 @@ const listPrivileges = { }, }; +type UseUserPrivilegesReturn = ReturnType; + +const buildUseUserPrivilegesMockReturn = ( + overrides: Partial = {} +): UseUserPrivilegesReturn => ({ + ...getUserPrivilegesMockDefaultValue(), + detectionEnginePrivileges: { + // @ts-expect-error partial mock + result: detectionEnginePrivileges, + }, + listPrivileges: { + // @ts-expect-error partial mock + result: listPrivileges, + }, + ...overrides, +}); + describe('useMissingPrivileges', () => { beforeEach(() => { jest.clearAllMocks(); + + (useUserPrivileges as jest.Mock).mockReturnValue(buildUseUserPrivilegesMockReturn()); }); - it('should return empty arrays if canUserCRUD is null', () => { - (useUserPrivileges as jest.Mock).mockReturnValue({ - detectionEnginePrivileges: { - result: detectionEnginePrivileges, - }, - listPrivileges: { - result: listPrivileges, - }, - }); - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: null }]); + it('reports no privileges missing while detectionEnginePrivileges result is null', () => { + (useUserPrivileges as jest.Mock).mockReturnValue( + buildUseUserPrivilegesMockReturn({ + detectionEnginePrivileges: { + // @ts-expect-error partial mock + result: null, + }, + }) + ); const hookResult = renderHook(() => useMissingPrivileges()); - expect(hookResult.result.current).toEqual({ featurePrivileges: [], indexPrivileges: [], }); }); - it('should return empty arrays if detectionEnginePrivileges result is null', () => { - (useUserPrivileges as jest.Mock).mockReturnValue({ - detectionEnginePrivileges: { - result: null, - }, - listPrivileges: { - result: listPrivileges, - }, - }); - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: true }]); + it('reports missing rulesPrivileges if user cannot edit rules', () => { + (useUserPrivileges as jest.Mock).mockReturnValue( + buildUseUserPrivilegesMockReturn({ + rulesPrivileges: { edit: false, read: true }, + }) + ); const hookResult = renderHook(() => useMissingPrivileges()); - expect(hookResult.result.current).toEqual({ - featurePrivileges: [], - indexPrivileges: [], - }); + expect(hookResult.result.current).toEqual( + expect.objectContaining({ + featurePrivileges: expect.arrayContaining([[RULES_FEATURE_ID, ['all']]]), + }) + ); }); - it('should return empty arrays if listPrivileges result is null', () => { - (useUserPrivileges as jest.Mock).mockReturnValue({ - detectionEnginePrivileges: { - result: detectionEnginePrivileges, - }, - listPrivileges: { - result: null, - }, - }); - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: true }]); + it('reports no privileges missing while listPrivileges result is null', () => { + (useUserPrivileges as jest.Mock).mockReturnValue( + buildUseUserPrivilegesMockReturn({ + listPrivileges: { + // @ts-expect-error partial mock + result: null, + }, + }) + ); const hookResult = renderHook(() => useMissingPrivileges()); - expect(hookResult.result.current).toEqual({ featurePrivileges: [], indexPrivileges: [], }); }); - it('should return featurePrivileges security feature all if user does not have CRUD', () => { - (useUserPrivileges as jest.Mock).mockReturnValue({ - detectionEnginePrivileges: { - result: detectionEnginePrivileges, - }, - listPrivileges: { - result: listPrivileges, - }, - }); - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: false }]); - + it('reports missing "all" privilege for security if user does not have CRUD', () => { const hookResult = renderHook(() => useMissingPrivileges()); - expect(hookResult.result.current.featurePrivileges).toEqual([[SECURITY_FEATURE_ID, ['all']]]); + expect(hookResult.result.current.featurePrivileges).toEqual( + expect.arrayContaining([[RULES_FEATURE_ID, ['all']]]) + ); }); - it('should return featurePrivileges and indexPrivileges', () => { - (useUserPrivileges as jest.Mock).mockReturnValue({ - detectionEnginePrivileges: { - result: detectionEnginePrivileges, - }, - listPrivileges: { - result: listPrivileges, - }, - }); - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: true }]); + it('reports no missing rule privileges if user can edit rules', () => { + (useUserPrivileges as jest.Mock).mockReturnValue( + buildUseUserPrivilegesMockReturn({ + rulesPrivileges: { edit: true, read: true }, + }) + ); + + const hookResult = renderHook(() => useMissingPrivileges()); + + expect(hookResult.result.current.featurePrivileges).toEqual([]); + }); + it('reports complex index privileges when all data is available', () => { const hookResult = renderHook(() => useMissingPrivileges()); expect(hookResult.result.current).toEqual({ - featurePrivileges: [], + featurePrivileges: [[RULES_FEATURE_ID, ['all']]], indexPrivileges: [ ['.items-default', ['view_index_metadata', 'manage']], ['.lists-default', ['view_index_metadata', 'manage']], diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.ts b/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.ts index f8f24cc67c914..1e94846a1e557 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/common/hooks/use_missing_privileges.ts @@ -5,10 +5,9 @@ * 2.0. */ +import { RULES_FEATURE_ID } from '@kbn/security-solution-features/constants'; import { useMemo } from 'react'; -import { SECURITY_FEATURE_ID } from '../../../common/constants'; import type { Privilege } from '../../detections/containers/detection_engine/alerts/types'; -import { useUserData } from '../../detections/components/user_info'; import { useUserPrivileges } from '../components/user_privileges'; const REQUIRED_INDEX_PRIVILEGES = ['read', 'write', 'view_index_metadata', 'manage'] as const; @@ -49,18 +48,13 @@ export interface MissingPrivileges { * Hook that returns index and feature privileges that are missing for the user. */ export const useMissingPrivileges = (): MissingPrivileges => { - const { detectionEnginePrivileges, listPrivileges } = useUserPrivileges(); - const [{ canUserCRUD }] = useUserData(); + const { detectionEnginePrivileges, listPrivileges, rulesPrivileges } = useUserPrivileges(); return useMemo(() => { const featurePrivileges: MissingFeaturePrivileges[] = []; const indexPrivileges: MissingIndexPrivileges[] = []; - if ( - canUserCRUD == null || - listPrivileges.result == null || - detectionEnginePrivileges.result == null - ) { + if (listPrivileges.result == null || detectionEnginePrivileges.result == null) { /** * Do not check privileges till we get all the data. That helps to reduce * subsequent layout shift while loading and skip unneeded re-renders. @@ -71,8 +65,8 @@ export const useMissingPrivileges = (): MissingPrivileges => { }; } - if (!canUserCRUD) { - featurePrivileges.push([SECURITY_FEATURE_ID, ['all']]); + if (rulesPrivileges.edit === false) { + featurePrivileges.push([RULES_FEATURE_ID, ['all']]); } const missingItemsPrivileges = getMissingIndexPrivileges(listPrivileges.result.listItems.index); @@ -96,5 +90,5 @@ export const useMissingPrivileges = (): MissingPrivileges => { featurePrivileges, indexPrivileges, }; - }, [canUserCRUD, listPrivileges, detectionEnginePrivileges]); + }, [listPrivileges.result, detectionEnginePrivileges.result, rulesPrivileges.edit]); }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/lib/kibana/kibana_react.mock.ts b/x-pack/solutions/security/plugins/security_solution/public/common/lib/kibana/kibana_react.mock.ts index 72261d61ba7ee..35d46a40ce197 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/common/lib/kibana/kibana_react.mock.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/common/lib/kibana/kibana_react.mock.ts @@ -222,6 +222,10 @@ export const createStartServicesMock = ( actions: { show: true, }, + fleet: { + crud: true, + read: true, + }, }, }, security, diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.test.ts b/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.test.ts deleted file mode 100644 index 34abe0dd52c9a..0000000000000 --- a/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.test.ts +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { hasUserCRUDPermission } from '.'; - -describe('privileges utils', () => { - describe('hasUserCRUDPermission', () => { - test("returns true when user's CRUD operations are null", () => { - const result = hasUserCRUDPermission(null); - - expect(result).toBeTruthy(); - }); - - test('returns false when user cannot CRUD', () => { - const result = hasUserCRUDPermission(false); - - expect(result).toBeFalsy(); - }); - - test('returns true when user can CRUD', () => { - const result = hasUserCRUDPermission(true); - - expect(result).toBeTruthy(); - }); - }); -}); diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.ts b/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.ts index 91b60c07d3f75..af998e97ebe34 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/common/utils/privileges/index.ts @@ -28,10 +28,6 @@ export const canEditRuleWithActions = ( return true; }; -// typed as null not undefined as the initial state for this value is null. -export const hasUserCRUDPermission = (canUserCRUD: boolean | null): boolean => - canUserCRUD != null ? canUserCRUD : true; - export const explainLackOfPermission = ( rule: Rule | null | undefined, hasMlPermissions: boolean, @@ -40,7 +36,7 @@ export const explainLackOfPermission = ( | Readonly<{ [x: string]: boolean; }>, - canUserCRUD: boolean | null + canEditRules: boolean ): string | undefined => { if (rule == null) { return undefined; @@ -48,8 +44,8 @@ export const explainLackOfPermission = ( return i18nActions.ML_RULES_DISABLED_MESSAGE; } else if (!canEditRuleWithActions(rule, hasReadActionsPrivileges)) { return i18nActions.LACK_OF_KIBANA_ACTIONS_FEATURE_PRIVILEGES; - } else if (!hasUserCRUDPermission(canUserCRUD)) { - return i18nActions.LACK_OF_KIBANA_SECURITY_PRIVILEGES; + } else if (!canEditRules) { + return i18nActions.LACK_OF_KIBANA_RULES_FEATURE_PRIVILEGES; } else { return undefined; } diff --git a/x-pack/solutions/security/plugins/security_solution/public/configurations/links.ts b/x-pack/solutions/security/plugins/security_solution/public/configurations/links.ts index bf230082f623d..4f4053bafc207 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/configurations/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/configurations/links.ts @@ -5,6 +5,10 @@ * 2.0. */ +import { + RULES_UI_READ_PRIVILEGE, + SECURITY_UI_SHOW_PRIVILEGE, +} from '@kbn/security-solution-features/constants'; import { ConfigurationTabs } from './constants'; import * as i18n from './translations'; import type { LinkItem } from '..'; @@ -12,7 +16,7 @@ import { CONFIGURATIONS_PATH, SECURITY_FEATURE_ID, SecurityPageName } from '../. import { CONFIGURATIONS } from '../app/translations'; export const configurationsLinks: LinkItem = { - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.configurations`]], + capabilities: [[SECURITY_UI_SHOW_PRIVILEGE, `${SECURITY_FEATURE_ID}.configurations`]], globalNavPosition: 3, globalSearchKeywords: [i18n.CONFIGURATIONS], hideTimeline: true, @@ -34,6 +38,7 @@ export const configurationsLinks: LinkItem = { path: `${CONFIGURATIONS_PATH}/${ConfigurationTabs.basicRules}`, skipUrlState: true, hideTimeline: true, + capabilities: [RULES_UI_READ_PRIVILEGE], }, { id: SecurityPageName.configurationsAiSettings, diff --git a/x-pack/solutions/security/plugins/security_solution/public/configurations/tabs/promotion_rules/promotion_rules_table.tsx b/x-pack/solutions/security/plugins/security_solution/public/configurations/tabs/promotion_rules/promotion_rules_table.tsx index 6eb4a7caad6a6..fe56f9649c0fc 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/configurations/tabs/promotion_rules/promotion_rules_table.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/configurations/tabs/promotion_rules/promotion_rules_table.tsx @@ -19,7 +19,6 @@ import { import React, { useCallback, useMemo, useState } from 'react'; import type { FindRulesSortField } from '../../../../common/api/detection_engine'; import { Loader } from '../../../common/components/loader'; -import { hasUserCRUDPermission } from '../../../common/utils/privileges'; import type { EuiBasicTableOnChange } from '../../../detection_engine/common/types'; import type { Rule } from '../../../detection_engine/rule_management/logic'; import { useRuleManagementFilters } from '../../../detection_engine/rule_management/logic/use_rule_management_filters'; @@ -34,8 +33,8 @@ import { useEnabledColumn, useRuleExecutionStatusColumn, } from '../../../detection_engine/rule_management_ui/components/rules_table/use_columns'; -import { useUserData } from '../../../detections/components/user_info'; import * as i18n from './translations'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; const INITIAL_SORT_FIELD = 'name'; @@ -177,11 +176,10 @@ interface ColumnsProps { } const useRulesColumns = ({ currentTab }: ColumnsProps): Array> => { - const [{ canUserCRUD }] = useUserData(); - const hasPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const enabledColumn = useEnabledColumn({ - hasCRUDPermissions: hasPermissions, + hasCRUDPermissions: canEditRules, isLoadingJobs: false, mlJobs: [], startMlJobs: async (jobIds: string[] | undefined) => {}, diff --git a/x-pack/solutions/security/plugins/security_solution/public/dashboards/links.ts b/x-pack/solutions/security/plugins/security_solution/public/dashboards/links.ts index 1eb8d5d74ddf5..625ec3bf0b113 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/dashboards/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/dashboards/links.ts @@ -5,6 +5,7 @@ * 2.0. */ import { i18n } from '@kbn/i18n'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { DASHBOARDS_PATH, SecurityPageName, SECURITY_FEATURE_ID } from '../../common/constants'; import { DASHBOARDS } from '../app/translations'; import type { LinkItem } from '../common/links/types'; @@ -33,7 +34,7 @@ export const dashboardsLinks: LinkItem = { title: DASHBOARDS, path: DASHBOARDS_PATH, globalNavPosition: 1, - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`]], + capabilities: [[SECURITY_UI_SHOW_PRIVILEGE, `${SECURITY_FEATURE_ID}.detections`]], globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.dashboards', { defaultMessage: 'Dashboards', diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/common/translations.ts b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/common/translations.ts index bf5f8d9616aaf..0b72b364de446 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/common/translations.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/common/translations.ts @@ -682,10 +682,10 @@ export const LACK_OF_KIBANA_ACTIONS_FEATURE_PRIVILEGES = i18n.translate( } ); -export const LACK_OF_KIBANA_SECURITY_PRIVILEGES = i18n.translate( - 'xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaSecurityPrivileges', +export const LACK_OF_KIBANA_RULES_FEATURE_PRIVILEGES = i18n.translate( + 'xpack.securitySolution.detectionEngine.rules.allRules.actions.lackOfKibanaRulesFeaturePrivileges', { - defaultMessage: 'You do not have Kibana Security privileges', + defaultMessage: 'You do not have Kibana Rules privileges', } ); diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx index 4fa031a492323..dc8fbca698ab1 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_creation/index.tsx @@ -29,7 +29,6 @@ import { import { useCreateRule } from '../../../rule_management/logic'; import type { RuleCreateProps } from '../../../../../common/api/detection_engine/model/rule_schema'; import { useListsConfig } from '../../../../detections/containers/detection_engine/lists/use_lists_config'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; import { getDetectionEngineUrl, @@ -84,6 +83,7 @@ import { extractValidationMessages } from '../../../rule_creation/logic/extract_ import { NextStep } from '../../components/next_step'; import { useRuleForms, useRuleIndexPattern } from '../form'; import { CustomHeaderPageMemo } from '..'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const MyEuiPanel = styled(EuiPanel)<{ zindex?: number; @@ -111,15 +111,9 @@ const MyEuiPanel = styled(EuiPanel)<{ MyEuiPanel.displayName = 'MyEuiPanel'; const CreateRulePageComponent: React.FC = () => { - const [ - { - loading: userInfoLoading, - isSignalIndexExists, - isAuthenticated, - hasEncryptionKey, - canUserCRUD, - }, - ] = useUserData(); + const [{ loading: userInfoLoading, isSignalIndexExists, isAuthenticated, hasEncryptionKey }] = + useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } = useListsConfig(); const { addSuccess } = useAppToasts(); @@ -815,7 +809,7 @@ const CreateRulePageComponent: React.FC = () => { path: getDetectionEngineUrl(), }); return null; - } else if (!hasUserCRUDPermission(canUserCRUD)) { + } else if (!canEditRules) { navigateToApp(APP_UI_ID, { deepLinkId: SecurityPageName.rules, path: getRulesUrl(), diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx index 7673ba4825592..d008012202c07 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_creation_ui/pages/rule_editing/index.tsx @@ -35,7 +35,6 @@ import type { import { useRule, useUpdateRule } from '../../../rule_management/logic'; import { useListsConfig } from '../../../../detections/containers/detection_engine/lists/use_lists_config'; import { SecuritySolutionPageWrapper } from '../../../../common/components/page_wrapper'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; import { getDetectionEngineUrl, getRuleDetailsUrl, @@ -75,20 +74,15 @@ import { usePrebuiltRulesCustomizationStatus } from '../../../rule_management/lo import { ALERT_SUPPRESSION_FIELDS_FIELD_NAME } from '../../../rule_creation/components/alert_suppression_edit'; import { usePrebuiltRuleCustomizationUpsellingMessage } from '../../../rule_management/logic/prebuilt_rules/use_prebuilt_rule_customization_upselling_message'; import { useRuleUpdateCallout } from '../../../rule_management/hooks/use_rule_update_callout'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => { const { addSuccess } = useAppToasts(); - const [ - { - loading: userInfoLoading, - isSignalIndexExists, - isAuthenticated, - hasEncryptionKey, - canUserCRUD, - }, - ] = useUserData(); + const [{ loading: userInfoLoading, isSignalIndexExists, isAuthenticated, hasEncryptionKey }] = + useUserData(); const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } = useListsConfig(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const { application, triggersActionsUi } = useKibana().services; const { navigateToApp } = application; @@ -522,7 +516,7 @@ const EditRulePageComponent: FC<{ rule: RuleResponse }> = ({ rule }) => { path: getDetectionEngineUrl(), }); return null; - } else if (!hasUserCRUDPermission(canUserCRUD)) { + } else if (!canEditRules) { navigateToApp(APP_UI_ID, { deepLinkId: SecurityPageName.rules, path: getRuleDetailsUrl(ruleId ?? ''), diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx index ab6c4594a3d34..b9ca75747b29e 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx @@ -108,7 +108,6 @@ import { useSourcererDataView } from '../../../../sourcerer/containers'; import { canEditRuleWithActions, explainLackOfPermission, - hasUserCRUDPermission, isBoolean, } from '../../../../common/utils/privileges'; @@ -155,6 +154,7 @@ import { useLegacyUrlRedirect } from './use_redirect_legacy_url'; import { RuleDetailTabs, useRuleDetailsTabs } from './use_rule_details_tabs'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; import { useRuleUpdateCallout } from '../../../rule_management/hooks/use_rule_update_callout'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const RULE_EXCEPTION_LIST_TYPES = [ ExceptionListTypeEnum.DETECTION, @@ -258,13 +258,13 @@ export const RuleDetailsPage = connector( isSignalIndexExists, isAuthenticated, hasEncryptionKey, - canUserCRUD, hasIndexRead, signalIndexName, hasIndexWrite, hasIndexMaintenance, }, ] = useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } = useListsConfig(); @@ -679,7 +679,7 @@ export const RuleDetailsPage = connector( rule, hasMlPermissions, hasActionsPrivileges, - canUserCRUD + canEditRules )} > @@ -689,7 +689,7 @@ export const RuleDetailsPage = connector( !rule || !isExistingRule || !canEditRuleWithActions(rule, hasActionsPrivileges) || - !hasUserCRUDPermission(canUserCRUD) || + !canEditRules || (isMlRule(rule?.type) && !hasMlPermissions) } enabled={isRuleEnabled} @@ -709,23 +709,21 @@ export const RuleDetailsPage = connector( ruleId={ruleId} disabled={ !isExistingRule || - !hasUserCRUDPermission(canUserCRUD) || + !canEditRules || (isMlRule(rule?.type) && !hasMlPermissions) } disabledReason={explainLackOfPermission( rule, hasMlPermissions, hasActionsPrivileges, - canUserCRUD + canEditRules )} /> Promise.resolve(null); const showManualRuleRunConfirmation = () => Promise.resolve(null); @@ -25,6 +27,7 @@ jest.mock('../../../../rule_management/logic/bulk_actions/use_bulk_export'); jest.mock( '../../../../rule_management/components/rule_details/rule_customizations_diff/rule_customizations_context' ); +jest.mock('../../../../../common/components/user_privileges'); const mockReportEvent = jest.fn(); jest.mock('../../../../../common/lib/kibana', () => { @@ -59,6 +62,10 @@ describe('RuleActionsOverflow', () => { actions: { openCustomizationsRevertFlyout: jest.fn() }, state: { doesBaseVersionExist: true }, }); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: true }, + }); }); describe('rules details menu panel', () => { test('menu items rendered when a rule is passed to the component', () => { @@ -67,7 +74,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -87,7 +94,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={null} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -99,13 +106,13 @@ describe('RuleActionsOverflow', () => { }); describe('rules details pop over button icon', () => { - test('it does not open the popover when rules-details-popover-button-icon is clicked when the user does not have permission', () => { + test('it does not open the popover when rules-details-popover-button-icon is clicked when the disabled flag is passed', () => { const { getByTestId } = render( Promise.resolve(true)} />, @@ -124,7 +131,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -147,7 +154,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -165,7 +172,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -177,6 +184,27 @@ describe('RuleActionsOverflow', () => { // Popover is not shown expect(getByTestId('rules-details-popover')).not.toHaveTextContent(/.+/); }); + + test('should be enabled when user only has rule read permissions', async () => { + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: false }, + }); + + const { getByTestId } = render( + Promise.resolve(true)} + />, + { wrapper: TestProviders } + ); + fireEvent.click(getByTestId('rules-details-popover-button-icon')); + expect(getByTestId('rules-details-export-rule')).not.toBeDisabled(); + }); }); describe('rules details delete rule', () => { @@ -186,7 +214,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -208,7 +236,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -232,7 +260,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={rule} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -255,7 +283,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -274,7 +302,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={mockRule('id')} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -305,7 +333,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={customizedMockRule} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, @@ -331,7 +359,7 @@ describe('RuleActionsOverflow', () => { showBulkDuplicateExceptionsConfirmation={showBulkDuplicateExceptionsConfirmation} showManualRuleRunConfirmation={showManualRuleRunConfirmation} rule={customizedMockRule} - userHasPermissions + isDisabled={false} canDuplicateRuleWithActions={true} confirmDeletion={() => Promise.resolve(true)} />, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/rule_actions_overflow/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/rule_actions_overflow/index.tsx index 863a5dcf88821..89d717f0380c3 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/rule_actions_overflow/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/rule_actions_overflow/index.tsx @@ -14,6 +14,7 @@ import { } from '@elastic/eui'; import React, { useCallback, useMemo } from 'react'; import styled from 'styled-components'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; import { useRuleCustomizationsContext } from '../../../../rule_management/components/rule_details/rule_customizations_diff/rule_customizations_context'; import { isCustomizedPrebuiltRule } from '../../../../../../common/api/detection_engine'; import { useScheduleRuleRun } from '../../../../rule_gaps/logic/use_schedule_rule_run'; @@ -52,7 +53,7 @@ const MyEuiButtonIcon = styled(EuiButtonIcon)` interface RuleActionsOverflowComponentProps { rule: Rule | null; - userHasPermissions: boolean; + isDisabled: boolean; canDuplicateRuleWithActions: boolean; showBulkDuplicateExceptionsConfirmation: () => Promise; showManualRuleRunConfirmation: () => Promise; @@ -64,7 +65,7 @@ interface RuleActionsOverflowComponentProps { */ const RuleActionsOverflowComponent = ({ rule, - userHasPermissions, + isDisabled, canDuplicateRuleWithActions, showBulkDuplicateExceptionsConfirmation, showManualRuleRunConfirmation, @@ -80,6 +81,7 @@ const RuleActionsOverflowComponent = ({ const { bulkExport } = useBulkExport(); const downloadExportedRules = useDownloadExportedRules(); const { scheduleRuleRun } = useScheduleRuleRun(); + const { edit: canEditRules, read: canReadRules } = useUserPrivileges().rulesPrivileges; const onRuleDeletedCallback = useCallback(() => { navigateToApp(APP_UI_ID, { @@ -100,7 +102,7 @@ const RuleActionsOverflowComponent = ({ { startTransaction({ name: SINGLE_RULE_ACTIONS.DUPLICATE }); @@ -145,7 +147,7 @@ const RuleActionsOverflowComponent = ({ { startTransaction({ name: SINGLE_RULE_ACTIONS.EXPORT }); @@ -161,9 +163,9 @@ const RuleActionsOverflowComponent = ({ { @@ -198,7 +200,7 @@ const RuleActionsOverflowComponent = ({ 'data-test-subj': 'rules-details-revert-rule-tooltip', }} icon="timeRefresh" - disabled={!userHasPermissions || !doesBaseVersionExist} + disabled={!canEditRules || !doesBaseVersionExist} data-test-subj="rules-details-revert-rule" onClick={() => { closePopover(); @@ -212,7 +214,7 @@ const RuleActionsOverflowComponent = ({ { closePopover(); @@ -238,7 +240,8 @@ const RuleActionsOverflowComponent = ({ [ rule, canDuplicateRuleWithActions, - userHasPermissions, + canEditRules, + canReadRules, doesBaseVersionExist, startTransaction, closePopover, @@ -262,13 +265,13 @@ const RuleActionsOverflowComponent = ({ ), - [togglePopover, userHasPermissions] + [togglePopover, isDisabled] ); return ( diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/all_exception_items_table/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/all_exception_items_table/index.tsx index 5c974833be1ca..3c6d0a78ed1ce 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/all_exception_items_table/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/all_exception_items_table/index.tsx @@ -45,6 +45,7 @@ import { AddExceptionFlyout } from '../add_exception_flyout'; import * as i18n from './translations'; import { useFindExceptionListReferences } from '../../logic/use_find_references'; import type { Rule } from '../../../rule_management/logic/types'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const StyledText = styled(EuiText)` font-style: italic; @@ -97,7 +98,8 @@ const ExceptionsViewerComponent = ({ }: ExceptionsViewerProps): JSX.Element => { const { services } = useKibana(); const toasts = useToasts(); - const [{ canUserCRUD, hasIndexWrite }] = useUserData(); + const [{ hasIndexWrite }] = useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const exceptionListsToQuery = useMemo( () => rule != null && rule.exceptions_list != null @@ -459,8 +461,8 @@ const ExceptionsViewerComponent = ({ // User privileges checks useEffect((): void => { - setReadOnly(isViewReadOnly || !canUserCRUD || !hasIndexWrite); - }, [setReadOnly, isViewReadOnly, canUserCRUD, hasIndexWrite]); + setReadOnly(isViewReadOnly || !canEditRules || !hasIndexWrite); + }, [setReadOnly, isViewReadOnly, hasIndexWrite, canEditRules]); useEffect(() => { if (exceptionListsToQuery.length > 0) { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx index 8def74269dc40..d0c6bc0e7fdb4 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/edit_exception_flyout/index.tsx @@ -39,6 +39,7 @@ import { import type { Moment } from 'moment'; import moment from 'moment'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; import { isEqlRule, isNewTermsRule, @@ -108,6 +109,7 @@ const EditExceptionFlyoutComponent: React.FC = ({ const { isLoading, indexPatterns, getExtendedFields } = useFetchIndexPatterns(rules); const [isSubmitting, submitEditExceptionItems] = useEditExceptionItems(); const [isClosingAlerts, closeAlerts] = useCloseAlertsFromExceptions(); + const { read: canReadRules } = useUserPrivileges().rulesPrivileges; const [ { @@ -158,7 +160,7 @@ const EditExceptionFlyoutComponent: React.FC = ({ useFindExceptionListReferences(); useEffect(() => { - if (fetchReferences != null) { + if (fetchReferences != null && canReadRules) { fetchReferences([ { id: list.id, @@ -167,7 +169,7 @@ const EditExceptionFlyoutComponent: React.FC = ({ }, ]); } - }, [list, fetchReferences]); + }, [list, fetchReferences, canReadRules]); /** * Reducer action dispatchers diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/flyout_components/add_to_lists_table/use_add_to_lists_table.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/flyout_components/add_to_lists_table/use_add_to_lists_table.tsx index 6d853e2718041..39b3a3d4dbe08 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/flyout_components/add_to_lists_table/use_add_to_lists_table.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_exceptions/components/flyout_components/add_to_lists_table/use_add_to_lists_table.tsx @@ -20,6 +20,7 @@ import type { import type { ExceptionListSchema, ListArray } from '@kbn/securitysolution-io-ts-list-types'; import { ExceptionListTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; import type { ExceptionListRuleReferencesSchema } from '../../../../../../common/api/detection_engine/rule_exceptions'; import { getExceptionItemsReferences } from '../../../../../exceptions/api'; import * as i18n from './translations'; @@ -48,6 +49,7 @@ export const useAddToSharedListTable = ({ }: ExceptionsAddToListsComponentProps) => { const [listsToDisplay, setListsToDisplay] = useState([]); const [isLoading, setIsLoading] = useState(false); + const { read: canReadRules } = useUserPrivileges().rulesPrivileges; const listsToFetch = useMemo(() => { return showAllSharedLists ? [] : sharedExceptionLists; @@ -67,15 +69,17 @@ export const useAddToSharedListTable = ({ const getReferences = useCallback(async () => { try { setIsLoading(true); - return getExceptionItemsReferences( - (!listsToFetch.length - ? [{ namespace_type: 'single' }] - : listsToFetch) as ExceptionListSchema[] - ); + return canReadRules + ? getExceptionItemsReferences( + (!listsToFetch.length + ? [{ namespace_type: 'single' }] + : listsToFetch) as ExceptionListSchema[] + ) + : {}; } catch (err) { setError(i18n.REFERENCES_FETCH_ERROR); } - }, [listsToFetch]); + }, [canReadRules, listsToFetch]); const fillListsToDisplay = useCallback(async () => { const result = (await getReferences()) as RuleReferences; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx index 399692e6cb099..e8ea87a747509 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_backfills_info/index.tsx @@ -14,16 +14,15 @@ import { BackfillStatusInfo } from './backfill_status'; import { FormattedDate } from '../../../../common/components/formatted_date'; import type { BackfillRow, BackfillStatus } from '../../types'; import * as i18n from '../../translations'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; -import { useUserData } from '../../../../detections/components/user_info'; import { getBackfillRowsFromResponse } from './utils'; import { HeaderSection } from '../../../../common/components/header_section'; import { TableHeaderTooltipCell } from '../../../rule_management_ui/components/rules_table/table_header_tooltip_cell'; import { useKibana } from '../../../../common/lib/kibana'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const DEFAULT_PAGE_SIZE = 10; -const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { +const getBackfillsTableColumns = (canEditRules: boolean) => { const stopAction = { name: i18n.BACKFILLS_TABLE_COLUMN_ACTION, render: (item: BackfillRow) => , @@ -126,7 +125,7 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { }, ]; - if (hasCRUDPermissions) { + if (canEditRules) { columns.push(stopAction); } @@ -136,8 +135,7 @@ const getBackfillsTableColumns = (hasCRUDPermissions: boolean) => { export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => { const [pageIndex, setPageIndex] = useState(0); const [pageSize, setPageSize] = useState(DEFAULT_PAGE_SIZE); - const [{ canUserCRUD }] = useUserData(); - const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const { timelines } = useKibana().services; const { data, isLoading, isError, refetch, dataUpdatedAt } = useFindBackfillsForRules({ ruleIds: [ruleId], @@ -147,7 +145,7 @@ export const RuleBackfillsInfo = React.memo<{ ruleId: string }>(({ ruleId }) => const backfills: BackfillRow[] = getBackfillRowsFromResponse(data?.data ?? []); - const columns = getBackfillsTableColumns(hasCRUDPermissions); + const columns = getBackfillsTableColumns(canEditRules); const pagination = { pageIndex, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_gaps/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_gaps/index.tsx index ef42fe8dc9653..b77bc1a47105a 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_gaps/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_gaps/components/rule_gaps/index.tsx @@ -26,8 +26,6 @@ import { EuiTextColor, EuiToolTip, } from '@elastic/eui'; -import { useUserData } from '../../../../detections/components/user_info'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; import { HeaderSection } from '../../../../common/components/header_section'; import { TableHeaderTooltipCell } from '../../../rule_management_ui/components/rules_table/table_header_tooltip_cell'; import { FormattedDate } from '../../../../common/components/formatted_date'; @@ -41,6 +39,7 @@ import { useFindGapsForRule } from '../../api/hooks/use_find_gaps_for_rule'; import { FillGap } from './fill_gap'; import { FillRuleGapsButton } from './fill_rule_gaps_button'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const DatePickerEuiFlexItem = styled(EuiFlexItem)` max-width: 582px; @@ -192,14 +191,13 @@ export const RuleGaps = ({ ruleId, enabled }: { ruleId: string; enabled: boolean start: 'now-24h', end: 'now', }); - const [{ canUserCRUD }] = useUserData(); const { timelines } = useKibana().services; - const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const [refreshInterval, setRefreshInterval] = useState(1000); const [isPaused, setIsPaused] = useState(true); const [selectedStatuses, setSelectedStatuses] = useState([]); const isBulkFillRuleGapsEnabled = useIsExperimentalFeatureEnabled('bulkFillRuleGapsEnabled'); - const isFillRuleGapsButtonEnabled = hasCRUDPermissions && isBulkFillRuleGapsEnabled; + const isFillRuleGapsButtonEnabled = canEditRules && isBulkFillRuleGapsEnabled; const [sort, setSort] = useState<{ field: keyof Gap; direction: 'desc' | 'asc' }>({ field: '@timestamp', direction: 'desc', @@ -231,7 +229,7 @@ export const RuleGaps = ({ ruleId, enabled }: { ruleId: string; enabled: boolean totalItemCount: Math.min(totalItemCount, MaxItemCount), }; - const columns = getGapsTableColumns(hasCRUDPermissions, ruleId, enabled); + const columns = getGapsTableColumns(canEditRules, ruleId, enabled); const onRefreshCallback = () => { refetch(); diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_snooze_badge/rule_snooze_badge.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_snooze_badge/rule_snooze_badge.tsx index 2f48e2ed6f356..139a59c14c8a7 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_snooze_badge/rule_snooze_badge.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/components/rule_snooze_badge/rule_snooze_badge.tsx @@ -7,11 +7,10 @@ import React from 'react'; import type { RuleObjectId } from '../../../../../common/api/detection_engine/model/rule_schema'; -import { useUserData } from '../../../../detections/components/user_info'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; import { useKibana } from '../../../../common/lib/kibana'; import { useInvalidateFetchRulesSnoozeSettingsQuery } from '../../api/hooks/use_fetch_rules_snooze_settings_query'; import { useRuleSnoozeSettings } from './use_rule_snooze_settings'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; interface RuleSnoozeBadgeProps { /** @@ -27,8 +26,7 @@ export function RuleSnoozeBadge({ }: RuleSnoozeBadgeProps): JSX.Element { const RulesListNotifyBadge = useKibana().services.triggersActionsUi.getRulesListNotifyBadge; const { snoozeSettings, error } = useRuleSnoozeSettings(ruleId); - const [{ canUserCRUD }] = useUserData(); - const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const invalidateFetchRuleSnoozeSettings = useInvalidateFetchRulesSnoozeSettingsQuery(); return ( @@ -36,7 +34,7 @@ export function RuleSnoozeBadge({ ruleId={ruleId} snoozeSettings={snoozeSettings} loading={!snoozeSettings && !error} - disabled={!hasCRUDPermissions || error} + disabled={!canEditRules || error} showTooltipInline={showTooltipInline} onRuleChanged={invalidateFetchRuleSnoozeSettings} /> diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/hooks/use_prebuilt_rules_upgrade.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/hooks/use_prebuilt_rules_upgrade.tsx index 4277555cdd3f6..e3788cd85e7d8 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/hooks/use_prebuilt_rules_upgrade.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management/hooks/use_prebuilt_rules_upgrade.tsx @@ -7,6 +7,7 @@ import React, { useCallback, useMemo, useState } from 'react'; import { EuiButton, EuiToolTip } from '@elastic/eui'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; import { RuleUpgradeEventTypes } from '../../../common/lib/telemetry/events/rule_upgrade/types'; import type { ReviewPrebuiltRuleUpgradeFilter } from '../../../../common/api/detection_engine/prebuilt_rules/common/review_prebuilt_rules_upgrade_filter'; import { FieldUpgradeStateEnum, type RuleUpgradeState } from '../model/prebuilt_rule_upgrade'; @@ -73,6 +74,7 @@ export function usePrebuiltRulesUpgrade({ const isUpgradingSecurityPackages = useIsUpgradingSecurityPackages(); const [loadingRules, setLoadingRules] = useState([]); const { telemetry } = useKibana().services; + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const { data: upgradeReviewResponse, @@ -254,6 +256,7 @@ export function usePrebuiltRulesUpgrade({ return ( - !rule || rule.rule_source.type !== 'external' ? null : ( +}: UseRuleUpdateCalloutProps): JSX.Element | null => { + const canEditRules = useUserPrivileges().rulesPrivileges.edit; + return !rule || rule.rule_source.type !== 'external' || !canEditRules ? null : ( ); +}; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/pre_packaged_rules/load_empty_prompt.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/pre_packaged_rules/load_empty_prompt.tsx index 77513dcdcb39e..9f4263b933329 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/pre_packaged_rules/load_empty_prompt.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/pre_packaged_rules/load_empty_prompt.tsx @@ -8,9 +8,9 @@ import { EuiEmptyPrompt, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import React, { memo } from 'react'; import styled from 'styled-components'; -import { useUserData } from '../../../../detections/components/user_info'; import { AddElasticRulesButton } from './add_elastic_rules_button'; import * as i18n from './translations'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const EmptyPrompt = styled(EuiEmptyPrompt)` align-self: center; /* Corrects horizontal centering in IE11 */ @@ -19,7 +19,7 @@ const EmptyPrompt = styled(EuiEmptyPrompt)` EmptyPrompt.displayName = 'EmptyPrompt'; const PrePackagedRulesPromptComponent = () => { - const [{ loading, canUserCRUD }] = useUserData(); + const canReadRules = useUserPrivileges().rulesPrivileges.read; return ( { { const { @@ -32,8 +32,7 @@ export const AddPrebuiltRulesHeaderButtons = () => { }, actions: { installAllRules, installSelectedRules }, } = useAddPrebuiltRulesTableContext(); - const [{ loading: isUserDataLoading, canUserCRUD }] = useUserData(); - const canUserEditRules = canUserCRUD && !isUserDataLoading; + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const numberOfSelectedRules = selectedRules.length ?? 0; const shouldDisplayInstallSelectedRulesButton = numberOfSelectedRules > 0; @@ -75,7 +74,7 @@ export const AddPrebuiltRulesHeaderButtons = () => { {i18n.INSTALL_SELECTED_RULES(numberOfSelectedRules)} @@ -91,7 +90,7 @@ export const AddPrebuiltRulesHeaderButtons = () => { iconType="boxesVertical" aria-label={i18n.INSTALL_RULES_OVERFLOW_BUTTON_ARIA_LABEL} onClick={onOverflowButtonClick} - disabled={!canUserEditRules || isRequestInProgress} + disabled={!canEditRules || isRequestInProgress} /> } isOpen={isOverflowPopoverOpen} @@ -110,7 +109,7 @@ export const AddPrebuiltRulesHeaderButtons = () => { iconType="plusInCircle" data-test-subj="installAllRulesButton" onClick={installAllRules} - disabled={!canUserEditRules || !hasRulesToInstall || isRequestInProgress} + disabled={!canEditRules || !hasRulesToInstall || isRequestInProgress} aria-label={i18n.INSTALL_ALL_ARIA_LABEL} > {i18n.INSTALL_ALL} diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.test.tsx index c1b41e0965e2d..ce219280fb464 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table.test.tsx @@ -10,11 +10,12 @@ import { AddPrebuiltRulesTable } from './add_prebuilt_rules_table'; import { AddPrebuiltRulesHeaderButtons } from './add_prebuilt_rules_header_buttons'; import { AddPrebuiltRulesTableContextProvider } from './add_prebuilt_rules_table_context'; -import { useUserData } from '../../../../../detections/components/user_info'; import { usePrebuiltRulesInstallReview } from '../../../../rule_management/logic/prebuilt_rules/use_prebuilt_rules_install_review'; import { useFetchPrebuiltRulesStatusQuery } from '../../../../rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_status_query'; import { useIsUpgradingSecurityPackages } from '../../../../rule_management/logic/use_upgrade_security_packages'; import { QueryClient, QueryClientProvider } from '@kbn/react-query'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; +import { initialUserPrivilegesState } from '../../../../../common/components/user_privileges/user_privileges_context'; // Mock components not needed in this test suite jest.mock('../../../../rule_management/components/rule_details/rule_details_flyout', () => ({ @@ -96,18 +97,14 @@ jest.mock( }) ); -jest.mock('../../../../../detections/components/user_info', () => ({ - useUserData: jest.fn(), -})); +jest.mock('../../../../../common/components/user_privileges'); describe('AddPrebuiltRulesTable', () => { it('disables `Install all` button if user has no write permissions', async () => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: false, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: false }, + }); render( @@ -125,12 +122,10 @@ describe('AddPrebuiltRulesTable', () => { }); it('disables `Install all` button if prebuilt package is being installed', async () => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: true, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: true }, + }); (useIsUpgradingSecurityPackages as jest.Mock).mockReturnValueOnce(true); @@ -150,12 +145,10 @@ describe('AddPrebuiltRulesTable', () => { }); it('enables Install all` button when user has permissions', async () => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: true, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: true }, + }); render( @@ -173,17 +166,15 @@ describe('AddPrebuiltRulesTable', () => { }); it.each([ - ['Security:Read', true], - ['Security:Write', false], + ['Rule:Read', true], + ['Rule:Write', false], ])( `renders "No rules available for install" when there are no rules to install and user has %s`, - async (_permissions, canUserCRUD) => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD, - }, - ]); + async (_permissions, canEdit) => { + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: canEdit }, + }); (usePrebuiltRulesInstallReview as jest.Mock).mockReturnValueOnce({ data: { @@ -217,12 +208,10 @@ describe('AddPrebuiltRulesTable', () => { ); it('does not render `Install rule` on rule rows for users with no write permissions', async () => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: false, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: false }, + }); const id = 'rule-1'; (usePrebuiltRulesInstallReview as jest.Mock).mockReturnValueOnce({ @@ -267,12 +256,10 @@ describe('AddPrebuiltRulesTable', () => { }); it('renders `Install rule` on rule rows for users with write permissions', async () => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: true, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: true }, + }); const id = 'rule-1'; (usePrebuiltRulesInstallReview as jest.Mock).mockReturnValueOnce({ diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx index 0d838abede125..66458f795da19 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_table_context.tsx @@ -12,7 +12,6 @@ import React, { createContext, useCallback, useContext, useMemo, useState } from import type { RuleSignatureId } from '../../../../../../common/api/detection_engine'; import type { RuleResponse } from '../../../../../../common/api/detection_engine/model/rule_schema'; import { invariant } from '../../../../../../common/utils/invariant'; -import { useUserData } from '../../../../../detections/components/user_info'; import { useFetchPrebuiltRulesStatusQuery } from '../../../../rule_management/api/hooks/prebuilt_rules/use_fetch_prebuilt_rules_status_query'; import { PERFORM_ALL_RULES_INSTALLATION_KEY } from '../../../../rule_management/api/hooks/prebuilt_rules/use_perform_all_rules_install_mutation'; import { @@ -26,6 +25,7 @@ import { isUpgradeReviewRequestEnabled } from './add_prebuilt_rules_utils'; import * as i18n from './translations'; import type { AddPrebuiltRulesTableFilterOptions } from './use_filter_prebuilt_rules_to_install'; import { useFilterPrebuiltRulesToInstall } from './use_filter_prebuilt_rules_to_install'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; export interface AddPrebuiltRulesTableState { /** @@ -112,7 +112,7 @@ export const AddPrebuiltRulesTableContextProvider = ({ const [loadingRules, setLoadingRules] = useState([]); const [selectedRules, setSelectedRules] = useState([]); - const [{ loading: userInfoLoading, canUserCRUD }] = useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const [filterOptions, setFilterOptions] = useState({ filter: '', @@ -127,6 +127,11 @@ export const AddPrebuiltRulesTableContextProvider = ({ mutationKey: PERFORM_ALL_RULES_INSTALLATION_KEY, }) > 0; + const isUpgradeReviewEnabled = isUpgradeReviewRequestEnabled({ + canEditRules, + isUpgradingSecurityPackages, + prebuiltRulesStatus: prebuiltRulesStatus?.stats, + }); const { data: { rules, stats: { tags } } = { rules: [], @@ -141,11 +146,7 @@ export const AddPrebuiltRulesTableContextProvider = ({ refetchInterval: 60000, // Refetch available rules for installation every minute keepPreviousData: true, // Use this option so that the state doesn't jump between "success" and "loading" on page change // Fetch rules to install only after background installation of security_detection_rules package is complete - enabled: isUpgradeReviewRequestEnabled({ - canUserCRUD, - isUpgradingSecurityPackages, - prebuiltRulesStatus: prebuiltRulesStatus?.stats, - }), + enabled: isUpgradeReviewEnabled, }); const isAnyRuleInstalling = loadingRules.length > 0 || isInstallingAllRules; @@ -213,9 +214,7 @@ export const AddPrebuiltRulesTableContextProvider = ({ (rule: RuleResponse, closeRulePreview: () => void) => { const isPreviewRuleLoading = loadingRules.includes(rule.rule_id); const canPreviewedRuleBeInstalled = - !userInfoLoading && - canUserCRUD && - !(isPreviewRuleLoading || isRefetching || isUpgradingSecurityPackages); + canEditRules && !(isPreviewRuleLoading || isRefetching || isUpgradingSecurityPackages); return ( @@ -247,14 +246,7 @@ export const AddPrebuiltRulesTableContextProvider = ({ ); }, - [ - loadingRules, - userInfoLoading, - canUserCRUD, - isRefetching, - isUpgradingSecurityPackages, - installOneRule, - ] + [loadingRules, canEditRules, isRefetching, isUpgradingSecurityPackages, installOneRule] ); const { rulePreviewFlyout, openRulePreview } = useRulePreviewFlyout({ diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_utils.ts b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_utils.ts index fa032f1b32f6d..96cd9a1bbcd72 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_utils.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/add_prebuilt_rules_utils.ts @@ -8,13 +8,13 @@ import type { PrebuiltRulesStatusStats } from '../../../../../../common/api/detection_engine'; interface UpgradeReviewEnabledProps { - canUserCRUD: boolean | null; + canEditRules: boolean | null; isUpgradingSecurityPackages: boolean; prebuiltRulesStatus?: PrebuiltRulesStatusStats; } export const isUpgradeReviewRequestEnabled = ({ - canUserCRUD, + canEditRules, isUpgradingSecurityPackages, prebuiltRulesStatus, }: UpgradeReviewEnabledProps) => { @@ -26,7 +26,7 @@ export const isUpgradeReviewRequestEnabled = ({ // If user is read-only, allow request to proceed even though the Prebuilt // Rules might not be installed. For these users, the Fleet endpoint quickly // fails with 403 so isUpgradingSecurityPackages is false - if (canUserCRUD === false) { + if (canEditRules === false) { return true; } diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/use_add_prebuilt_rules_table_columns.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/use_add_prebuilt_rules_table_columns.tsx index 7b430ecd93723..c27d94b2d784c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/use_add_prebuilt_rules_table_columns.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/add_prebuilt_rules_table/use_add_prebuilt_rules_table_columns.tsx @@ -16,8 +16,6 @@ import { IntegrationsPopover } from '../../../../common/components/related_integ import { SeverityBadge } from '../../../../../common/components/severity_badge'; import * as i18n from '../../../../common/translations'; import type { Rule } from '../../../../rule_management/logic'; -import { useUserData } from '../../../../../detections/components/user_info'; -import { hasUserCRUDPermission } from '../../../../../common/utils/privileges'; import type { AddPrebuiltRulesTableActions } from './add_prebuilt_rules_table_context'; import { useAddPrebuiltRulesTableContext } from './add_prebuilt_rules_table_context'; import type { @@ -26,6 +24,7 @@ import type { } from '../../../../../../common/api/detection_engine/model/rule_schema'; import { getNormalizedSeverity } from '../helpers'; import { PrebuiltRulesInstallButton } from './add_prebuilt_rules_install_button'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; export type TableColumn = EuiBasicTableColumn; @@ -128,8 +127,7 @@ const createInstallButtonColumn = ( }); export const useAddPrebuiltRulesTableColumns = (): TableColumn[] => { - const [{ canUserCRUD }] = useUserData(); - const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const [showRelatedIntegrations] = useUiSetting$(SHOW_RELATED_INTEGRATIONS_SETTING); const { state: { loadingRules, isRefetching, isUpgradingSecurityPackages, isInstallingAllRules }, @@ -163,10 +161,10 @@ export const useAddPrebuiltRulesTableColumns = (): TableColumn[] => { truncateText: true, width: '12%', }, - ...(hasCRUDPermissions + ...(canEditRules ? [createInstallButtonColumn(installOneRule, loadingRules, isDisabled)] : []), ], - [hasCRUDPermissions, installOneRule, loadingRules, isDisabled, showRelatedIntegrations] + [showRelatedIntegrations, canEditRules, installOneRule, loadingRules, isDisabled] ); }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/feature_tour/rules_feature_tour.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/feature_tour/rules_feature_tour.tsx index 2c06037005253..bbd1cf682cf19 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/feature_tour/rules_feature_tour.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/feature_tour/rules_feature_tour.tsx @@ -27,6 +27,7 @@ import { NEW_FEATURES_TOUR_STORAGE_KEYS } from '../../../../../../common/constan import { useKibana } from '../../../../../common/lib/kibana'; import { useIsElementMounted } from '../rules_table/guided_onboarding/use_is_element_mounted'; import * as i18n from './translations'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; export interface RulesFeatureTourContextType { steps: EuiTourStepProps[]; @@ -76,7 +77,10 @@ export const RuleFeatureTour: FC = () => { }, [tourState, storage]); const isTourAnchorMounted = useIsElementMounted(CREATE_NEW_RULE_TOUR_ANCHOR); - const shouldShowRuleUpgradeTour = isTourAnchorMounted; + const canEditRules = useUserPrivileges().rulesPrivileges.edit; + // Display the tour only if the user has permissions to create/edit rules, + // otherwise they could not follow the tour steps + const shouldShowRuleUpgradeTour = isTourAnchorMounted && canEditRules; const enhancedSteps = useMemo( () => diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table_toolbar.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table_toolbar.tsx index 1330b13a652e6..2cbc2253ed876 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table_toolbar.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_table_toolbar.tsx @@ -8,7 +8,6 @@ import React, { useCallback, useMemo } from 'react'; import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import { NewChat } from '@kbn/elastic-assistant'; -import { useUserData } from '../../../../detections/components/user_info'; import { TabNavigation } from '../../../../common/components/navigation/tab_navigation'; import { usePrebuiltRulesStatus } from '../../../rule_management/logic/prebuilt_rules/use_prebuilt_rules_status'; import { useRuleManagementFilters } from '../../../rule_management/logic/use_rule_management_filters'; @@ -17,6 +16,7 @@ import { getPromptContextFromDetectionRules } from '../../../../assistant/helper import { useRulesTableContext } from './rules_table/rules_table_context'; import { useAssistantAvailability } from '../../../../assistant/use_assistant_availability'; import * as i18nAssistant from '../../../common/translations'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; import { NewAgentBuilderAttachment } from '../../../../agent_builder/components/new_agent_builder_attachment'; import { useAgentBuilderAttachment } from '../../../../agent_builder/hooks/use_agent_builder_attachment'; @@ -32,14 +32,14 @@ export const RulesTableToolbar = React.memo(() => { const { data: ruleManagementFilters } = useRuleManagementFilters(); const { data: prebuiltRulesStatus } = usePrebuiltRulesStatus(); - const [{ loading, canUserCRUD }] = useUserData(); + const canReadRules = useUserPrivileges().rulesPrivileges.read; const installedTotal = (ruleManagementFilters?.rules_summary.custom_count ?? 0) + (ruleManagementFilters?.rules_summary.prebuilt_installed_count ?? 0); const updateTotal = prebuiltRulesStatus?.stats.num_prebuilt_rules_to_upgrade ?? 0; - const shouldDisplayRuleUpdatesTab = !loading && canUserCRUD && updateTotal > 0; + const shouldDisplayRuleUpdatesTab = canReadRules && updateTotal > 0; const ruleTabs = useMemo( () => ({ diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx index d9a28ea14fa9d..61f9e9a42d4ed 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/rules_tables.tsx @@ -33,8 +33,6 @@ import { RulesTableFilters } from './rules_table_filters/rules_table_filters'; import { AllRulesTabs } from './rules_table_toolbar'; import { RulesTableUtilityBar } from '../rules_table_utility_bar/rules_table_utility_bar'; import { useMonitoringColumns, useRulesColumns } from './use_columns'; -import { useUserData } from '../../../../detections/components/user_info'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; import { useBulkDuplicateExceptionsConfirmation } from './bulk_actions/use_bulk_duplicate_confirmation'; import { BulkActionDuplicateExceptionsConfirmation } from './bulk_actions/bulk_duplicate_exceptions_confirmation'; import { useStartMlJobs } from '../../../rule_management/logic/use_start_ml_jobs'; @@ -50,6 +48,7 @@ import { BulkActionEditTypeEnum } from '../../../../../common/api/detection_engi import { BulkFillRuleGapsModal } from '../../../rule_gaps/components/bulk_fill_rule_gaps'; import { useBulkFillRuleGapsConfirmation } from '../../../rule_gaps/components/bulk_fill_rule_gaps/use_bulk_fill_rule_gaps_confirmation'; import { BulkFillRuleGapsRuleLimitErrorModal } from './bulk_actions/bulk_schedule_gap_fills_rule_limit_error_modal'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; import { RulesWithGapsOverviewPanel } from '../../../rule_gaps/components/rules_with_gaps_overview_panel'; const INITIAL_SORT_FIELD = 'enabled'; @@ -74,8 +73,7 @@ const NO_ITEMS_MESSAGE = ( export const RulesTables = React.memo(({ selectedTab }) => { const modalTitleId = useGeneratedHtmlId(); - const [{ canUserCRUD }] = useUserData(); - const hasPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const isUpgradingSecurityPackages = useIsUpgradingSecurityPackages(); const rulesTableContext = useRulesTableContext(); @@ -205,7 +203,7 @@ export const RulesTables = React.memo(({ selectedTab }) => { const { loading: isLoadingJobs, jobs: mlJobs, startMlJobs } = useStartMlJobs(); const rulesColumns = useRulesColumns({ - hasCRUDPermissions: hasPermissions, + hasCRUDPermissions: canEditRules, isLoadingJobs, mlJobs, startMlJobs, @@ -215,7 +213,7 @@ export const RulesTables = React.memo(({ selectedTab }) => { }); const monitoringColumns = useMonitoringColumns({ - hasCRUDPermissions: hasPermissions, + hasCRUDPermissions: canEditRules, isLoadingJobs, mlJobs, startMlJobs, @@ -227,7 +225,7 @@ export const RulesTables = React.memo(({ selectedTab }) => { const isSelectAllCalled = useRef(false); const isTableSelectable = - hasPermissions && + canEditRules && (selectedTab === AllRulesTabs.management || selectedTab === AllRulesTabs.monitoring); const euiBasicTableSelectionProps = useMemo( @@ -384,7 +382,7 @@ export const RulesTables = React.memo(({ selectedTab }) => { )} 0; @@ -41,7 +40,7 @@ export const UpgradePrebuiltRulesTableButtons = ({ ); const { selectedRulesButtonTooltip, allRulesButtonTooltip } = useBulkUpdateButtonsTooltipContent({ - canUserEditRules, + canUserEditRules: canEditRules, doAllSelectedRulesHaveConflicts, isPrebuiltRulesCustomizationEnabled: isRulesCustomizationEnabled, }); @@ -58,7 +57,7 @@ export const UpgradePrebuiltRulesTableButtons = ({ <> @@ -75,7 +74,7 @@ export const UpgradePrebuiltRulesTableButtons = ({ fill iconType="plusInCircle" onClick={upgradeAllRules} - disabled={!canUserEditRules || !hasRulesToUpgrade || isRequestInProgress} + disabled={!canEditRules || !hasRulesToUpgrade || isRequestInProgress} data-test-subj="upgradeAllRulesButton" > {i18n.UPDATE_ALL} diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx index 3c24b60980e27..c405e4763e4d2 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/components/rules_table/upgrade_prebuilt_rules_table/use_upgrade_prebuilt_rules_table_columns.tsx @@ -23,16 +23,15 @@ import { SHOW_RELATED_INTEGRATIONS_SETTING } from '../../../../../../common/cons import type { RuleSignatureId } from '../../../../../../common/api/detection_engine/model/rule_schema'; import { PopoverItems } from '../../../../../common/components/popover_items'; import { useKibana, useUiSetting$ } from '../../../../../common/lib/kibana'; -import { hasUserCRUDPermission } from '../../../../../common/utils/privileges'; import { IntegrationsPopover } from '../../../../common/components/related_integrations/integrations_popover'; import { SeverityBadge } from '../../../../../common/components/severity_badge'; -import { useUserData } from '../../../../../detections/components/user_info'; import * as i18n from '../../../../common/translations'; import type { Rule } from '../../../../rule_management/logic'; import { getNormalizedSeverity } from '../helpers'; import type { UpgradePrebuiltRulesTableActions } from './upgrade_prebuilt_rules_table_context'; import { useUpgradePrebuiltRulesTableContext } from './upgrade_prebuilt_rules_table_context'; import { usePrebuiltRulesCustomizationStatus } from '../../../../rule_management/logic/prebuilt_rules/use_prebuilt_rules_customization_status'; +import { useUserPrivileges } from '../../../../../common/components/user_privileges'; export type TableColumn = EuiBasicTableColumn; @@ -242,8 +241,7 @@ const createUpgradeButtonColumn = ( }); export const useUpgradePrebuiltRulesTableColumns = (): TableColumn[] => { - const [{ canUserCRUD }] = useUserData(); - const hasCRUDPermissions = hasUserCRUDPermission(canUserCRUD); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const [showRelatedIntegrations] = useUiSetting$(SHOW_RELATED_INTEGRATIONS_SETTING); const { state: { loadingRules, isRefetching, isUpgradingSecurityPackages }, @@ -281,7 +279,7 @@ export const useUpgradePrebuiltRulesTableColumns = (): TableColumn[] => { truncateText: true, width: '10%', }, - ...(hasCRUDPermissions + ...(canEditRules ? [ createUpgradeButtonColumn( upgradeRules, @@ -295,13 +293,13 @@ export const useUpgradePrebuiltRulesTableColumns = (): TableColumn[] => { : []), ], [ + isRulesCustomizationEnabled, showRelatedIntegrations, - hasCRUDPermissions, + canEditRules, upgradeRules, openRulePreview, loadingRules, isDisabled, - isRulesCustomizationEnabled, telemetry, ] ); diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.test.tsx index 896a5c64ca9b2..44b1efa3bbcee 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.test.tsx @@ -13,10 +13,11 @@ import { TestProviders } from '../../../../common/mock'; import type { CoverageOverviewMitreTechnique } from '../../../rule_management/model/coverage_overview/mitre_technique'; import { CoverageOverviewMitreTechniquePanelPopover } from './technique_panel_popover'; import { useCoverageOverviewDashboardContext } from './coverage_overview_dashboard_context'; -import { useUserData } from '../../../../detections/components/user_info'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; +import { initialUserPrivilegesState } from '../../../../common/components/user_privileges/user_privileges_context'; jest.mock('./coverage_overview_dashboard_context'); -jest.mock('../../../../detections/components/user_info'); +jest.mock('../../../../common/components/user_privileges'); const mockEnableAllDisabled = jest.fn(); @@ -36,7 +37,10 @@ describe('CoverageOverviewMitreTechniquePanelPopover', () => { state: { showExpandedCells: false, filter: {} }, actions: { enableAllDisabled: mockEnableAllDisabled }, }); - (useUserData as jest.Mock).mockReturnValue([{ loading: false, canUserCRUD: true }]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: true }, + }); }); afterEach(() => { @@ -108,7 +112,10 @@ describe('CoverageOverviewMitreTechniquePanelPopover', () => { }); test('"Enable all disabled" button is disabled when user does not have CRUD permissions', async () => { - (useUserData as jest.Mock).mockReturnValue([{ loading: false, canUserCRUD: false }]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: false }, + }); const wrapper = renderTechniquePanelPopover(); act(() => { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.tsx index 9e026e9912b46..2e478ad1f5a7b 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/coverage_overview/technique_panel_popover.tsx @@ -21,7 +21,6 @@ import { } from '@elastic/eui'; import { css, cx } from '@emotion/css'; import React, { memo, useCallback, useMemo, useState } from 'react'; -import { useUserData } from '../../../../detections/components/user_info'; import type { CoverageOverviewMitreTechnique } from '../../../rule_management/model/coverage_overview/mitre_technique'; import { CoverageOverviewRuleListHeader } from './shared_components/popover_list_header'; import { CoverageOverviewMitreTechniquePanel } from './technique_panel'; @@ -29,6 +28,7 @@ import * as i18n from './translations'; import { RuleLink } from '../../components/rules_table/use_columns'; import { useCoverageOverviewDashboardContext } from './coverage_overview_dashboard_context'; import { getNumOfCoveredSubtechniques } from '../../../rule_management/model/coverage_overview/mitre_subtechnique'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; export interface CoverageOverviewMitreTechniquePanelPopoverProps { technique: CoverageOverviewMitreTechnique; @@ -37,19 +37,16 @@ export interface CoverageOverviewMitreTechniquePanelPopoverProps { const CoverageOverviewMitreTechniquePanelPopoverComponent = ({ technique, }: CoverageOverviewMitreTechniquePanelPopoverProps) => { - const [{ loading: userInfoLoading, canUserCRUD }] = useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const [isPopoverOpen, setIsPopoverOpen] = useState(false); const [isLoading, setIsLoading] = useState(false); const closePopover = useCallback(() => setIsPopoverOpen(false), []); const isEnableButtonDisabled = useMemo( - () => !canUserCRUD || technique.disabledRules.length === 0, - [canUserCRUD, technique.disabledRules.length] + () => !canEditRules || technique.disabledRules.length === 0, + [canEditRules, technique.disabledRules.length] ); - const isEnableButtonLoading = useMemo( - () => isLoading || userInfoLoading, - [isLoading, userInfoLoading] - ); + const isEnableButtonLoading = isLoading; const { state: { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/__integration_tests__/rules_upgrade/test_utils/rule_upgrade_flyout.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/__integration_tests__/rules_upgrade/test_utils/rule_upgrade_flyout.tsx index 67f580a11ae2d..e72d5489aab35 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/__integration_tests__/rules_upgrade/test_utils/rule_upgrade_flyout.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/__integration_tests__/rules_upgrade/test_utils/rule_upgrade_flyout.tsx @@ -14,6 +14,8 @@ import type { FieldSpec, } from '@kbn/data-views-plugin/common'; import userEvent from '@testing-library/user-event'; +import { initialUserPrivilegesState } from '../../../../../../../common/components/user_privileges/user_privileges_context'; +import { useUserPrivileges } from '../../../../../../../common/components/user_privileges'; import { invariant } from '../../../../../../../../common/utils/invariant'; import { TIMELINES_URL } from '../../../../../../../../common/constants'; import { RulesPage } from '../../..'; @@ -34,6 +36,7 @@ import { RuleUpgradeTestProviders } from './rule_upgrade_test_providers'; jest.mock('../../../../../../../detections/components/user_info'); jest.mock('../../../../../../../detections/containers/detection_engine/lists/use_lists_config'); jest.mock('../../../../../components/rules_table/feature_tour/rules_feature_tour'); +jest.mock('../../../../../../../common/components/user_privileges'); /** **********************************************/ /** @@ -48,6 +51,10 @@ export async function renderRuleUpgradeFlyout(): Promise mockedResponses.get(requestedPath) ); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: true }, + }); mockKibanaFetchResponse(GET_PREBUILT_RULES_STATUS_URL, { stats: { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx index f79ed072e2067..a62aaf7d1dabe 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_management_ui/pages/rule_management/index.tsx @@ -16,7 +16,6 @@ import { getDetectionEngineUrl } from '../../../../common/components/link_to/red import { SecuritySolutionPageWrapper } from '../../../../common/components/page_wrapper'; import { useBoolState } from '../../../../common/hooks/use_bool_state'; import { useKibana } from '../../../../common/lib/kibana'; -import { hasUserCRUDPermission } from '../../../../common/utils/privileges'; import { SpyRoute } from '../../../../common/utils/route/spy_routes'; import { MissingDetectionsPrivilegesCallOut } from '../../../../detections/components/callouts/missing_detections_privileges_callout'; import { MlJobCompatibilityCallout } from '../../components/ml_job_compatibility_callout'; @@ -38,6 +37,7 @@ import { CREATE_NEW_RULE_TOUR_ANCHOR, RuleFeatureTour, } from '../../components/rules_table/feature_tour/rules_feature_tour'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; const RulesPageComponent: React.FC = () => { const [isImportModalVisible, showImportModal, hideImportModal] = useBoolState(); @@ -45,15 +45,9 @@ const RulesPageComponent: React.FC = () => { const kibanaServices = useKibana().services; const { navigateToApp } = kibanaServices.application; - const [ - { - loading: userInfoLoading, - isSignalIndexExists, - isAuthenticated, - hasEncryptionKey, - canUserCRUD, - }, - ] = useUserData(); + const [{ loading: userInfoLoading, isSignalIndexExists, isAuthenticated, hasEncryptionKey }] = + useUserData(); + const { edit: canEditRules, read: canReadRules } = useUserPrivileges().rulesPrivileges; const { loading: listsConfigLoading, canWriteIndex: canWriteListsIndex, @@ -88,7 +82,7 @@ const RulesPageComponent: React.FC = () => { // user still can import value lists, so button should not be disabled if user has enough other privileges const cantCreateNonExistentListIndex = needsListsIndex && !canCreateListsIndex; const isImportValueListDisabled = - cantCreateNonExistentListIndex || !canWriteListsIndex || !canUserCRUD || loading; + cantCreateNonExistentListIndex || !canWriteListsIndex || !canEditRules || loading; return ( <> @@ -106,7 +100,7 @@ const RulesPageComponent: React.FC = () => { - + { {i18n.IMPORT_RULE} @@ -142,7 +136,7 @@ const RulesPageComponent: React.FC = () => { data-test-subj="create-new-rule" fill iconType="plusInCircle" - isDisabled={!hasUserCRUDPermission(canUserCRUD) || loading} + isDisabled={!canEditRules || loading} deepLinkId={SecurityPageName.rulesCreate} > {i18n.ADD_NEW_RULE} @@ -151,7 +145,7 @@ const RulesPageComponent: React.FC = () => { {isDoesNotMatchForIndicatorMatchRuleEnabled && } - + > = ({ }, [isEventRenderedView]); const alertColumns = useMemo( - () => (columns.length ? columns : getColumns(license)), + () => (columns?.length ? columns : getColumns(license)), [columns, license] ); diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx index c780b146310a5..de2e4e18ad594 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.test.tsx @@ -105,7 +105,7 @@ jest.mock('../../../../common/lib/kibana', () => { }); jest.mock('../../../containers/detection_engine/alerts/use_alerts_privileges', () => ({ - useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasKibanaCRUD: true }), + useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasSiemCRUD: true }), })); const actionMenuButton = 'timeline-context-menu-button'; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.test.tsx index c5478130f5550..19c37ee462796 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.test.tsx @@ -9,11 +9,15 @@ import { renderHook } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import { useAlertExceptionActions } from './use_add_exception_actions'; import { useUserData } from '../../user_info'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; import { useEndpointExceptionsCapability } from '../../../../exceptions/hooks/use_endpoint_exceptions_capability'; jest.mock('../../user_info'); const mockUseUserData = useUserData as jest.Mock; +jest.mock('../../../../common/components/user_privileges'); +const mockUseUserPrivileges = useUserPrivileges as jest.Mock; + jest.mock('../../../../exceptions/hooks/use_endpoint_exceptions_capability'); const mockUseEndpointExceptionsCapability = useEndpointExceptionsCapability as jest.Mock; @@ -23,7 +27,8 @@ describe('useAlertExceptionActions', () => { }); it('should return both add rule exception and add endpoint exception menu items with all privileges', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: true, hasIndexWrite: true }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: true }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: true } }); mockUseEndpointExceptionsCapability.mockReturnValue(true); const { result } = renderHook( @@ -41,7 +46,8 @@ describe('useAlertExceptionActions', () => { }); it('should disable adding endpoint exceptions when user has no endpoint exceptions ALL privilege', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: true, hasIndexWrite: true }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: true }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: true } }); mockUseEndpointExceptionsCapability.mockReturnValue(false); const { result } = renderHook( @@ -59,7 +65,8 @@ describe('useAlertExceptionActions', () => { }); it('should disable adding endpoint exceptions when alert is not an endpoint alert', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: true, hasIndexWrite: true }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: true }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: true } }); mockUseEndpointExceptionsCapability.mockReturnValue(true); const { result } = renderHook( @@ -78,7 +85,8 @@ describe('useAlertExceptionActions', () => { }); it('should disable adding rule exceptions when user has no security:ALL privilege', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: false, hasIndexWrite: true }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: true }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: false } }); mockUseEndpointExceptionsCapability.mockReturnValue(true); const { result } = renderHook( @@ -96,7 +104,8 @@ describe('useAlertExceptionActions', () => { }); it('should disable adding rule exceptions when user has no index write privilege', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: true, hasIndexWrite: false }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: false }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: true } }); mockUseEndpointExceptionsCapability.mockReturnValue(true); const { result } = renderHook( @@ -114,7 +123,8 @@ describe('useAlertExceptionActions', () => { }); it('should not return menu items when user has neither security:ALL nor endpoint exceptions ALL privilege', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: false, hasIndexWrite: true }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: true }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: false } }); mockUseEndpointExceptionsCapability.mockReturnValue(false); const { result } = renderHook( @@ -126,7 +136,8 @@ describe('useAlertExceptionActions', () => { }); it('should not return menu items when user has neither index write and it is not an endpoint alert', () => { - mockUseUserData.mockReturnValue([{ canUserCRUD: true, hasIndexWrite: false }]); + mockUseUserData.mockReturnValue([{ hasIndexWrite: false }]); + mockUseUserPrivileges.mockReturnValue({ rulesPrivileges: { edit: true } }); mockUseEndpointExceptionsCapability.mockReturnValue(true); const { result } = renderHook( diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.tsx index d630ad2288964..4c28358df6848 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/use_add_exception_actions.tsx @@ -12,6 +12,7 @@ import { useEndpointExceptionsCapability } from '../../../../exceptions/hooks/us import { useUserData } from '../../user_info'; import { ACTION_ADD_ENDPOINT_EXCEPTION, ACTION_ADD_EXCEPTION } from '../translations'; import type { AlertTableContextMenuItem } from '../types'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; export interface UseExceptionActionProps { isEndpointAlert: boolean; @@ -22,7 +23,8 @@ export const useAlertExceptionActions = ({ isEndpointAlert, onAddExceptionTypeClick, }: UseExceptionActionProps) => { - const [{ canUserCRUD, hasIndexWrite }] = useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; + const [{ hasIndexWrite }] = useUserData(); const canWriteEndpointExceptions = useEndpointExceptionsCapability('crudEndpointExceptions'); const handleDetectionExceptionModal = useCallback(() => { @@ -34,7 +36,7 @@ export const useAlertExceptionActions = ({ }, [onAddExceptionTypeClick]); const disabledAddEndpointException = !canWriteEndpointExceptions || !isEndpointAlert; - const disabledAddException = !canUserCRUD || !hasIndexWrite; + const disabledAddException = !canEditRules || !hasIndexWrite; const exceptionActionItems: AlertTableContextMenuItem[] = useMemo( () => diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/__mocks__/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/__mocks__/index.tsx index efe4cade82b4b..a7dc53b4ce397 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/__mocks__/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/__mocks__/index.tsx @@ -10,8 +10,6 @@ export const initialState = { isSignalIndexExists: true, isAuthenticated: true, hasEncryptionKey: true, - canUserCRUD: true, - canUserREAD: true, hasIndexManage: true, hasIndexMaintenance: true, hasIndexWrite: true, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.test.tsx index af3d69508bc69..7e9249630a89b 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.test.tsx @@ -44,8 +44,6 @@ describe('useUserInfo', () => { }); expect(result.current).toEqual({ - canUserCRUD: null, - canUserREAD: null, hasEncryptionKey: null, hasIndexManage: null, hasIndexMaintenance: null, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.tsx index c72eb60f75344..2b0f410de9495 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/user_info/index.tsx @@ -13,8 +13,6 @@ import { useAlertsPrivileges } from '../../containers/detection_engine/alerts/us import { useSignalIndex } from '../../containers/detection_engine/alerts/use_signal_index'; export interface State { - canUserCRUD: boolean | null; - canUserREAD: boolean | null; hasIndexManage: boolean | null; hasIndexMaintenance: boolean | null; hasIndexWrite: boolean | null; @@ -29,8 +27,6 @@ export interface State { } export const initialState: State = { - canUserCRUD: null, - canUserREAD: null, hasIndexManage: null, hasIndexMaintenance: null, hasIndexWrite: null, @@ -85,14 +81,6 @@ export type Action = | { type: 'updateSignalIndexMappingOutdated'; signalIndexMappingOutdated: boolean | null; - } - | { - type: 'updateCanUserCRUD'; - canUserCRUD: boolean | null; - } - | { - type: 'updateCanUserREAD'; - canUserREAD: boolean | null; }; export const userInfoReducer = (state: State, action: Action): State => { @@ -163,18 +151,6 @@ export const userInfoReducer = (state: State, action: Action): State => { signalIndexMappingOutdated: action.signalIndexMappingOutdated, }; } - case 'updateCanUserCRUD': { - return { - ...state, - canUserCRUD: action.canUserCRUD, - }; - } - case 'updateCanUserREAD': { - return { - ...state, - canUserREAD: action.canUserREAD, - }; - } default: return state; } @@ -197,8 +173,6 @@ export const ManageUserInfo = ({ children }: ManageUserInfoProps) => ( export const useUserInfo = (): State => { const [ { - canUserCRUD, - canUserREAD, hasIndexManage, hasIndexMaintenance, hasIndexWrite, @@ -222,8 +196,6 @@ export const useUserInfo = (): State => { hasIndexUpdateDelete: hasApiIndexUpdateDelete, hasIndexWrite: hasApiIndexWrite, hasIndexRead: hasApiIndexRead, - hasKibanaCRUD, - hasKibanaREAD, } = useAlertsPrivileges(); const { loading: indexNameLoading, @@ -233,18 +205,6 @@ export const useUserInfo = (): State => { createDeSignalIndex: createSignalIndex, } = useSignalIndex(); - useEffect(() => { - if (!loading && canUserCRUD !== hasKibanaCRUD) { - dispatch({ type: 'updateCanUserCRUD', canUserCRUD: hasKibanaCRUD }); - } - }, [dispatch, loading, canUserCRUD, hasKibanaCRUD]); - - useEffect(() => { - if (!loading && canUserREAD !== hasKibanaREAD) { - dispatch({ type: 'updateCanUserREAD', canUserREAD: hasKibanaREAD }); - } - }, [dispatch, loading, canUserREAD, hasKibanaREAD]); - useEffect(() => { if (loading !== (privilegeLoading || indexNameLoading)) { dispatch({ type: 'updateLoading', loading: privilegeLoading || indexNameLoading }); @@ -359,8 +319,6 @@ export const useUserInfo = (): State => { isSignalIndexExists, isAuthenticated, hasEncryptionKey, - canUserCRUD, - canUserREAD, hasIndexManage, hasIndexMaintenance, hasIndexWrite, @@ -370,8 +328,6 @@ export const useUserInfo = (): State => { signalIndexMappingOutdated, }), [ - canUserCRUD, - canUserREAD, hasEncryptionKey, hasIndexMaintenance, hasIndexManage, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx index 667585c5f4e56..263edb0377c7e 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.test.tsx @@ -75,9 +75,10 @@ const userPrivilegesInitial: ReturnType = { canAccessEndpointManagement: false, canAccessFleet: false, }), - kibanaSecuritySolutionsPrivileges: { crud: true, read: true }, + siemPrivileges: { crud: true, read: true }, timelinePrivileges: { crud: true, read: true }, notesPrivileges: { crud: true, read: true }, + rulesPrivileges: { edit: true, read: true }, }; describe('useAlertsPrivileges', () => { @@ -100,8 +101,8 @@ describe('useAlertsPrivileges', () => { hasIndexMaintenance: null, hasIndexWrite: null, hasIndexUpdateDelete: null, - hasKibanaCRUD: false, - hasKibanaREAD: false, + hasSiemCRUD: false, + hasSiemRead: false, isAuthenticated: null, loading: false, }) @@ -122,8 +123,8 @@ describe('useAlertsPrivileges', () => { hasIndexRead: false, hasIndexWrite: false, hasIndexUpdateDelete: false, - hasKibanaCRUD: true, - hasKibanaREAD: true, + hasSiemCRUD: true, + hasSiemRead: true, isAuthenticated: false, loading: false, }) @@ -148,8 +149,8 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasKibanaCRUD: true, - hasKibanaREAD: true, + hasSiemCRUD: true, + hasSiemRead: true, isAuthenticated: true, loading: false, }) @@ -171,18 +172,18 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasKibanaCRUD: true, - hasKibanaREAD: true, + hasSiemCRUD: true, + hasSiemRead: true, isAuthenticated: true, loading: false, }) ); }); - test('returns "hasKibanaCRUD" as false if user does not have SIEM Kibana "all" privileges', async () => { + test('returns "hasSiemCRUD" as false if user does not have SIEM Kibana "all" privileges', async () => { const userPrivileges = produce(userPrivilegesInitial, (draft) => { draft.detectionEnginePrivileges.result = privilege; - draft.kibanaSecuritySolutionsPrivileges = { crud: false, read: true }; + draft.siemPrivileges = { crud: false, read: true }; }); useUserPrivilegesMock.mockReturnValue(userPrivileges); @@ -195,18 +196,18 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasKibanaCRUD: false, - hasKibanaREAD: true, + hasSiemCRUD: false, + hasSiemRead: true, isAuthenticated: true, loading: false, }) ); }); - test('returns "hasKibanaREAD" as false if user does not have at least SIEM Kibana "read" privileges', async () => { + test('returns "hasSiemRead" as false if user does not have at least SIEM Kibana "read" privileges', async () => { const userPrivileges = produce(userPrivilegesInitial, (draft) => { draft.detectionEnginePrivileges.result = privilege; - draft.kibanaSecuritySolutionsPrivileges = { crud: false, read: false }; + draft.siemPrivileges = { crud: false, read: false }; }); useUserPrivilegesMock.mockReturnValue(userPrivileges); @@ -219,8 +220,8 @@ describe('useAlertsPrivileges', () => { hasIndexRead: true, hasIndexWrite: true, hasIndexUpdateDelete: true, - hasKibanaCRUD: false, - hasKibanaREAD: false, + hasSiemCRUD: false, + hasSiemRead: false, isAuthenticated: true, loading: false, }) diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx index 85105640f0817..b21bf63fe87cd 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/alerts/use_alerts_privileges.tsx @@ -20,8 +20,8 @@ export interface AlertsPrivelegesState { hasIndexUpdateDelete: boolean | null; hasIndexMaintenance: boolean | null; hasIndexRead: boolean | null; - hasKibanaCRUD: boolean; - hasKibanaREAD: boolean; + hasSiemCRUD: boolean; + hasSiemRead: boolean; } /** * Hook to get user privilege from @@ -30,7 +30,7 @@ export interface AlertsPrivelegesState { export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { const { detectionEnginePrivileges: { error, result, loading }, - kibanaSecuritySolutionsPrivileges: { crud: hasKibanaCRUD, read: hasKibanaREAD }, + siemPrivileges: { crud: hasSiemCRUD, read: hasSiemRead }, } = useUserPrivileges(); const indexName = useMemo(() => { @@ -50,8 +50,8 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { hasIndexWrite: false, hasIndexUpdateDelete: false, hasIndexMaintenance: false, - hasKibanaCRUD, - hasKibanaREAD, + hasSiemCRUD, + hasSiemRead, }; } @@ -68,8 +68,8 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { result.index[indexName].index || result.index[indexName].write, hasIndexUpdateDelete: result.index[indexName].write, - hasKibanaCRUD, - hasKibanaREAD, + hasSiemCRUD, + hasSiemRead, }; } @@ -81,10 +81,10 @@ export const useAlertsPrivileges = (): UseAlertsPrivelegesReturn => { hasIndexWrite: null, hasIndexUpdateDelete: null, hasIndexMaintenance: null, - hasKibanaCRUD: false, - hasKibanaREAD: false, + hasSiemCRUD: false, + hasSiemRead: false, }; - }, [error, result, indexName, hasKibanaCRUD, hasKibanaREAD]); + }, [error, result, indexName, hasSiemCRUD, hasSiemRead]); return { loading: loading ?? false, ...privileges }; }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx index 83b518a904a7b..3b88e5b50ad51 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx @@ -57,7 +57,7 @@ export const useListsPrivileges = (): UseListsPrivilegesReturn => { canWriteIndex: null, }); - const { listPrivileges, kibanaSecuritySolutionsPrivileges } = useUserPrivileges(); + const { listPrivileges, rulesPrivileges } = useUserPrivileges(); // handleReadResult useEffect(() => { @@ -72,16 +72,16 @@ export const useListsPrivileges = (): UseListsPrivilegesReturn => { isAuthenticated, canReadIndex: canReadIndex(listsPrivileges) && canReadIndex(listItemsPrivileges), canManageIndex: - kibanaSecuritySolutionsPrivileges.crud && + rulesPrivileges.edit && canManageIndex(listsPrivileges) && canManageIndex(listItemsPrivileges), canWriteIndex: - kibanaSecuritySolutionsPrivileges.crud && + rulesPrivileges.edit && canWriteIndex(listsPrivileges) && canWriteIndex(listItemsPrivileges), }); } - }, [listPrivileges.result, kibanaSecuritySolutionsPrivileges.crud]); + }, [listPrivileges.result, rulesPrivileges.edit]); // handleReadError useEffect(() => { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts index 8ffc09c63c064..9dd98005eef82 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/links.ts @@ -6,13 +6,17 @@ */ import { i18n } from '@kbn/i18n'; +import { + RULES_UI_DETECTIONS_PRIVILEGE, + RULES_UI_EXTERNAL_DETECTIONS_PRIVILEGE, + RULES_UI_READ_PRIVILEGE, +} from '@kbn/security-solution-features/constants'; import { ALERT_DETECTIONS, ALERT_SUMMARY_PATH, ALERTS_PATH, ATTACK_DISCOVERY_FEATURE_ID, ATTACKS_PATH, - SECURITY_FEATURE_ID, SecurityPageName, } from '../../common/constants'; import { ALERT_SUMMARY, ALERTS, ATTACKS } from '../app/translations'; @@ -21,7 +25,7 @@ import { IconAlerts } from '../common/icons/alerts'; import { IconAttacks } from '../common/icons/attacks'; export const alertsLink: LinkItem = { - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`]], + capabilities: [[RULES_UI_READ_PRIVILEGE, RULES_UI_DETECTIONS_PRIVILEGE]], globalNavPosition: 3, globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.alerts', { @@ -44,9 +48,7 @@ const alertsSubLink: LinkItem = { }; const attacksSubLink: LinkItem = { - capabilities: [ - [`${SECURITY_FEATURE_ID}.show`, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`], - ], + capabilities: [[RULES_UI_READ_PRIVILEGE, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`]], globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.attacks', { defaultMessage: 'Attacks', @@ -69,8 +71,8 @@ export const alertDetectionsLinks: LinkItem = { }), path: ALERT_DETECTIONS, capabilities: [ - [`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`], - [`${SECURITY_FEATURE_ID}.show`, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`], + [RULES_UI_READ_PRIVILEGE, RULES_UI_DETECTIONS_PRIVILEGE], + [RULES_UI_READ_PRIVILEGE, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`], ], globalNavPosition: 3, globalSearchKeywords: [ @@ -91,7 +93,7 @@ export const alertDetectionsLinks: LinkItem = { }; export const alertSummaryLink: LinkItem = { - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.external_detections`]], + capabilities: [[RULES_UI_READ_PRIVILEGE, RULES_UI_EXTERNAL_DETECTIONS_PRIVILEGE]], globalNavPosition: 3, globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.alertSummary', { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.test.tsx index 099028d34ffa6..ca068a9397376 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.test.tsx @@ -9,6 +9,7 @@ import React from 'react'; import { render } from '@testing-library/react'; import { ALERTS_PAGE_LOADING_TEST_ID, AlertsPage } from './alerts'; import { useUserData } from '../../components/user_info'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; import { useListsConfig } from '../../containers/detection_engine/lists/use_lists_config'; import { useSignalHelpers } from '../../../sourcerer/containers/use_signal_helpers'; import { TestProviders } from '../../../common/mock'; @@ -19,6 +20,7 @@ import { NEED_ADMIN_CALLOUT_TEST_ID } from '../../../detection_engine/rule_manag import { useMissingPrivileges } from '../../../common/hooks/use_missing_privileges'; jest.mock('../../components/user_info'); +jest.mock('../../../common/components/user_privileges'); jest.mock('../../containers/detection_engine/lists/use_lists_config'); jest.mock('../../../sourcerer/containers/use_signal_helpers'); jest.mock('../../../common/hooks/use_missing_privileges'); @@ -26,9 +28,19 @@ jest.mock('../../components/alerts/wrapper', () => ({ Wrapper: () =>
, })); +const doMockRulesPrivileges = ({ read = false }) => { + (useUserPrivileges as jest.Mock).mockReturnValue({ + rulesPrivileges: { + read, + edit: false, + }, + }); +}; + describe('', () => { beforeEach(() => { jest.clearAllMocks(); + doMockRulesPrivileges({}); }); describe('showing loading spinner', () => { @@ -123,11 +135,11 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: true, hasIndexRead: true, hasEncryptionKey: false, }, ]); + doMockRulesPrivileges({ read: true }); (useListsConfig as jest.Mock).mockReturnValue({ loading: false, needsConfiguration: false, @@ -155,12 +167,12 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: true, hasIndexRead: true, signalIndexMappingOutdated: true, hasIndexManage: false, }, ]); + doMockRulesPrivileges({ read: true }); (useListsConfig as jest.Mock).mockReturnValue({ loading: false, needsConfiguration: false, @@ -188,10 +200,10 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: true, hasIndexRead: true, }, ]); + doMockRulesPrivileges({ read: true }); (useListsConfig as jest.Mock).mockReturnValue({ loading: false, needsConfiguration: false, @@ -221,7 +233,6 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: false, hasIndexRead: false, }, ]); @@ -253,10 +264,10 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: true, hasIndexRead: true, }, ]); + doMockRulesPrivileges({ read: true }); (useListsConfig as jest.Mock).mockReturnValue({ loading: false, needsConfiguration: false, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.tsx index c95dd89cd0748..170005df600ee 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/alerts.tsx @@ -21,6 +21,7 @@ import { NeedAdminForUpdateRulesCallOut } from '../../../detection_engine/rule_m import { MissingDetectionsPrivilegesCallOut } from '../../components/callouts/missing_detections_privileges_callout'; import { NoPrivileges } from '../../../common/components/no_privileges'; import { HeaderPage } from '../../../common/components/header_page'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; export const ALERTS_PAGE_LOADING_TEST_ID = 'alerts-page-loading'; @@ -29,7 +30,8 @@ export const ALERTS_PAGE_LOADING_TEST_ID = 'alerts-page-loading'; * the actual content of the alerts page is rendered */ export const AlertsPage = memo(() => { - const [{ loading: userInfoLoading, isAuthenticated, canUserREAD, hasIndexRead }] = useUserData(); + const [{ loading: userInfoLoading, isAuthenticated, hasIndexRead }] = useUserData(); + const canReadAlerts = useUserPrivileges().rulesPrivileges.read; const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } = useListsConfig(); const { signalIndexNeedsInit } = useSignalHelpers(); @@ -47,8 +49,8 @@ export const AlertsPage = memo(() => { [needsListsConfiguration, signalIndexNeedsInit] ); const privilegesRequired: boolean = useMemo( - () => !signalIndexNeedsInit && (hasIndexRead === false || canUserREAD === false), - [canUserREAD, hasIndexRead, signalIndexNeedsInit] + () => !signalIndexNeedsInit && (hasIndexRead === false || canReadAlerts === false), + [canReadAlerts, hasIndexRead, signalIndexNeedsInit] ); if (loading) { diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.test.tsx index 42d03b6407aff..f3a8c389c097a 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.test.tsx @@ -17,8 +17,10 @@ import { NO_INDEX_TEST_ID } from '../../components/alerts/empty_pages/no_index_e import { NO_INTEGRATION_CALLOUT_TEST_ID } from '../../components/callouts/no_api_integration_key_callout'; import { NEED_ADMIN_CALLOUT_TEST_ID } from '../../../detection_engine/rule_management/components/callouts/need_admin_for_update_rules_callout'; import { useMissingPrivileges } from '../../../common/hooks/use_missing_privileges'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; jest.mock('../../components/user_info'); +jest.mock('../../../common/components/user_privileges'); jest.mock('../../containers/detection_engine/lists/use_lists_config'); jest.mock('../../../sourcerer/containers/use_signal_helpers'); jest.mock('../../../common/hooks/use_missing_privileges'); @@ -26,9 +28,19 @@ jest.mock('../../components/attacks/wrapper', () => ({ Wrapper: () =>
, })); +const doMockRulesPrivileges = ({ read = false }) => { + (useUserPrivileges as jest.Mock).mockReturnValue({ + rulesPrivileges: { + read, + edit: false, + }, + }); +}; + describe('', () => { beforeEach(() => { jest.clearAllMocks(); + doMockRulesPrivileges({}); }); describe('showing loading spinner', () => { @@ -221,7 +233,6 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: false, hasIndexRead: false, }, ]); @@ -253,10 +264,10 @@ describe('', () => { { loading: false, isAuthenticated: true, - canUserREAD: true, hasIndexRead: true, }, ]); + doMockRulesPrivileges({ read: true }); (useListsConfig as jest.Mock).mockReturnValue({ loading: false, needsConfiguration: false, diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.tsx index 72cd4a05eddb1..f9d218df91b9c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/attacks/attacks.tsx @@ -8,6 +8,7 @@ import { EuiFlexGroup, EuiLoadingSpinner } from '@elastic/eui'; import React, { memo, useMemo } from 'react'; import type { DocLinks } from '@kbn/doc-links'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; import { Wrapper } from '../../components/attacks/wrapper'; import { SecuritySolutionPageWrapper } from '../../../common/components/page_wrapper'; import { NoApiIntegrationKeyCallOut } from '../../components/callouts/no_api_integration_key_callout'; @@ -29,7 +30,8 @@ export const ATTACKS_PAGE_LOADING_TEST_ID = 'attacks-page-loading'; * the actual content of the attacks page is rendered */ export const AttacksPage = memo(() => { - const [{ loading: userInfoLoading, isAuthenticated, canUserREAD, hasIndexRead }] = useUserData(); + const [{ loading: userInfoLoading, isAuthenticated, hasIndexRead }] = useUserData(); + const canReadAlerts = useUserPrivileges().rulesPrivileges.read; const { loading: listsConfigLoading, needsConfiguration: needsListsConfiguration } = useListsConfig(); const { signalIndexNeedsInit } = useSignalHelpers(); @@ -47,8 +49,8 @@ export const AttacksPage = memo(() => { [needsListsConfiguration, signalIndexNeedsInit] ); const privilegesRequired: boolean = useMemo( - () => !signalIndexNeedsInit && (hasIndexRead === false || canUserREAD === false), - [canUserREAD, hasIndexRead, signalIndexNeedsInit] + () => !signalIndexNeedsInit && (hasIndexRead === false || canReadAlerts === false), + [canReadAlerts, hasIndexRead, signalIndexNeedsInit] ); if (loading) { diff --git a/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_all_exception_lists/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_all_exception_lists/index.tsx index 36f7fc132cc84..3cbdec24dc543 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_all_exception_lists/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_all_exception_lists/index.tsx @@ -8,6 +8,7 @@ import { useCallback, useEffect, useState } from 'react'; import type { ExceptionListSchema } from '@kbn/securitysolution-io-ts-list-types'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; import type { Rule } from '../../../detection_engine/rule_management/logic'; import { fetchRules } from '../../../detection_engine/rule_management/api/api'; export interface ExceptionListInfo extends ExceptionListSchema { @@ -39,6 +40,7 @@ export const useAllExceptionLists = ({ const [exceptionsListsInfo, setExceptionsListInfo] = useState>( {} ); + const { read: canReadRules } = useUserPrivileges().rulesPrivileges; const handleExceptionsInfo = useCallback( (rules: Rule[]): Record => { @@ -91,13 +93,18 @@ export const useAllExceptionLists = ({ try { setLoading(true); - const { data: rules } = await fetchRules({ - pagination: { - page: 1, - perPage: 10000, - }, - signal: abortCtrl.signal, - }); + const rules: Rule[] = []; + + if (canReadRules) { + const { data: rulesResponse } = await fetchRules({ + pagination: { + page: 1, + perPage: 10000, + }, + signal: abortCtrl.signal, + }); + rules.push(...rulesResponse); + } const updatedLists = handleExceptionsInfo(rules); @@ -124,7 +131,7 @@ export const useAllExceptionLists = ({ isSubscribed = false; abortCtrl.abort(); }; - }, [exceptionLists.length, handleExceptionsInfo]); + }, [canReadRules, exceptionLists.length, handleExceptionsInfo]); return [loading, exceptions, exceptionsListsInfo]; }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_detail_view/index.ts b/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_detail_view/index.ts index ba064e1d57e0e..1fee270581b77 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_detail_view/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_detail_view/index.ts @@ -16,7 +16,6 @@ import { useApi } from '@kbn/securitysolution-list-hooks'; import { isEqual } from 'lodash'; import { ENDPOINT_ARTIFACT_LISTS } from '@kbn/securitysolution-list-constants'; import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../../../common/endpoint/service/artifacts/constants'; -import { useUserData } from '../../../detections/components/user_info'; import { APP_UI_ID, SecurityPageName } from '../../../../common/constants'; import { useKibana, useToasts } from '../../../common/lib/kibana'; import { @@ -29,6 +28,7 @@ import { import { checkIfListCannotBeEdited, isAnExceptionListItem } from '../../utils/list.utils'; import * as i18n from '../../translations'; import { useInvalidateFetchRuleByIdQuery } from '../../../detection_engine/rule_management/api/hooks/use_fetch_rule_by_id_query'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; import { useEndpointExceptionsCapability } from '../use_endpoint_exceptions_capability'; interface ReferenceModalState { @@ -54,13 +54,13 @@ export const useListDetailsView = (exceptionListId: string) => { const { navigateToApp } = services.application; const { exportExceptionList, deleteExceptionList, duplicateExceptionList } = useApi(http); + const { read: canReadRules, edit: canEditRules } = useUserPrivileges().rulesPrivileges; - const [{ loading: userInfoLoading, canUserCRUD }] = useUserData(); const canWriteEndpointExceptions = useEndpointExceptionsCapability('crudEndpointExceptions'); const canUserWriteCurrentList = exceptionListId === ENDPOINT_ARTIFACT_LISTS.endpointExceptions.id ? canWriteEndpointExceptions - : canUserCRUD; + : canEditRules; const [isLoading, setIsLoading] = useState(); const [showManageButtonLoader, setShowManageButtonLoader] = useState(false); @@ -112,11 +112,11 @@ export const useListDetailsView = (exceptionListId: string) => { const initializeListRules = useCallback( async (result: Awaited>) => { if (result) { - const listRules = await getListRules(result.list_id); + const listRules = canReadRules ? await getListRules(result.list_id) : []; setLinkedRules(listRules); } }, - [] + [canReadRules] ); const initializeList = useCallback(async () => { @@ -409,7 +409,7 @@ export const useListDetailsView = (exceptionListId: string) => { // #endregion return { - isLoading: isLoading || userInfoLoading, + isLoading, invalidListId, isReadOnly: !canUserWriteCurrentList, list, diff --git a/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_exception_items/index.ts b/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_exception_items/index.ts index bacd0377982a5..ac232e754d759 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_exception_items/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/exceptions/hooks/use_list_exception_items/index.ts @@ -15,6 +15,7 @@ import type { ExceptionListItemSchema, ExceptionListSchema, } from '@kbn/securitysolution-io-ts-list-types'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; import { useKibana, useToasts } from '../../../common/lib/kibana'; import { deleteException, @@ -56,6 +57,7 @@ export const useListExceptionItems = ({ }); const [lastUpdated, setLastUpdated] = useState(null); const [viewerStatus, setViewerStatus] = useState(''); + const { read: canReadRules } = useUserPrivileges().rulesPrivileges; const handleErrorStatus = useCallback( (error: Error, errorTitle?: string, errorDescription?: string) => { @@ -70,12 +72,12 @@ export const useListExceptionItems = ({ const getReferences = useCallback(async () => { try { - const result: RuleReferences = await getExceptionItemsReferences([list]); + const result: RuleReferences = canReadRules ? await getExceptionItemsReferences([list]) : {}; setExceptionListReferences(result); } catch (error) { handleErrorStatus(error); } - }, [handleErrorStatus, list, setExceptionListReferences]); + }, [canReadRules, handleErrorStatus, list]); const updateViewer = useCallback( ( diff --git a/x-pack/solutions/security/plugins/security_solution/public/exceptions/pages/shared_lists/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/exceptions/pages/shared_lists/index.tsx index d18a4ded59063..faea890c65d14 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/exceptions/pages/shared_lists/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/exceptions/pages/shared_lists/index.tsx @@ -47,13 +47,13 @@ import { ReferenceErrorModal } from '../../../common/components/reference_error_ import { patchRule } from '../../../detection_engine/rule_management/api/api'; import { getSearchFilters } from '../../../detection_engine/rule_management_ui/components/rules_table/helpers'; -import { useUserData } from '../../../detections/components/user_info'; import { useListsConfig } from '../../../detections/containers/detection_engine/lists/use_lists_config'; import { MissingDetectionsPrivilegesCallOut } from '../../../detections/components/callouts/missing_detections_privileges_callout'; import { ALL_ENDPOINT_ARTIFACT_LIST_IDS } from '../../../../common/endpoint/service/artifacts/constants'; import { AddExceptionFlyout } from '../../../detection_engine/rule_exceptions/components/add_exception_flyout'; import { useEndpointExceptionsCapability } from '../../hooks/use_endpoint_exceptions_capability'; +import { useUserPrivileges } from '../../../common/components/user_privileges'; export type Func = () => Promise; @@ -86,10 +86,10 @@ const ExceptionsTable = styled(EuiFlexGroup)` `; export const SharedLists = React.memo(() => { - const [{ loading: userInfoLoading, canUserCRUD, canUserREAD }] = useUserData(); + const { edit: canEditRules, read: canReadRules } = useUserPrivileges().rulesPrivileges; const { loading: listsConfigLoading } = useListsConfig(); - const loading = userInfoLoading || listsConfigLoading; + const loading = listsConfigLoading; const canAccessEndpointExceptions = useEndpointExceptionsCapability('showEndpointExceptions'); const canWriteEndpointExceptions = useEndpointExceptionsCapability('crudEndpointExceptions'); @@ -112,12 +112,15 @@ export const SharedLists = React.memo(() => { const [viewerStatus, setViewStatus] = useState(ViewerStatus.LOADING); const exceptionListTypes = useMemo(() => { - const lists = [ExceptionListTypeEnum.DETECTION]; + const lists = []; + if (canReadRules) { + lists.push(ExceptionListTypeEnum.DETECTION); + } if (canAccessEndpointExceptions) { lists.push(ExceptionListTypeEnum.ENDPOINT); } return lists; - }, [canAccessEndpointExceptions]); + }, [canAccessEndpointExceptions, canReadRules]); const [ loadingExceptions, exceptions, @@ -445,9 +448,7 @@ export const SharedLists = React.memo(() => { }; const onCreateExceptionListOpenClick = () => setDisplayCreateSharedListFlyout(true); - const isReadOnly = useMemo(() => { - return (canUserREAD && !canUserCRUD) ?? true; - }, [canUserREAD, canUserCRUD]); + const isReadOnly = canReadRules && !canEditRules; useEffect(() => { if (isSearchingExceptions && hasNoExceptions) { @@ -497,7 +498,7 @@ export const SharedLists = React.memo(() => { {i18n.CREATE_BUTTON} @@ -531,7 +532,7 @@ export const SharedLists = React.memo(() => { ]} /> , - (!isReadOnly || canWriteEndpointExceptions) && ( + (canEditRules || canWriteEndpointExceptions) && ( { }, ]); - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: false, - canUserREAD: false, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + }); (useEndpointExceptionsCapability as jest.Mock).mockReturnValue(true); }); @@ -232,13 +229,10 @@ describe('SharedLists', () => { }); it('renders overflow card button as disabled if user is read only', async () => { - (useUserData as jest.Mock).mockReturnValue([ - { - loading: false, - canUserCRUD: false, - canUserREAD: true, - }, - ]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...initialUserPrivilegesState(), + rulesPrivileges: { read: true, edit: false }, + }); const wrapper = render( diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx index 06df32b4a18a1..1432d5c0ad652 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/hosts/pages/details/index.tsx @@ -188,7 +188,7 @@ const HostDetailsComponent: React.FC = ({ detailName, hostDeta dispatch(setHostDetailsTablesActivePageToZero()); }, [dispatch, detailName]); - const { hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); + const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); const canReadAlerts = hasKibanaREAD && hasIndexRead; const entityFilter = useMemo( diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/links.ts b/x-pack/solutions/security/plugins/security_solution/public/explore/links.ts index 74cb9b2b10939..9476a8c0c3e34 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/links.ts @@ -6,6 +6,7 @@ */ import { i18n } from '@kbn/i18n'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { HOSTS_PATH, NETWORK_PATH, @@ -34,7 +35,7 @@ const networkLinks: LinkItem = { defaultMessage: 'Network', }), ], - capabilities: [`${SECURITY_FEATURE_ID}.show`], + capabilities: [SECURITY_UI_SHOW_PRIVILEGE], links: [ { id: SecurityPageName.networkFlows, @@ -97,7 +98,7 @@ const usersLinks: LinkItem = { defaultMessage: 'Users', }), ], - capabilities: [`${SECURITY_FEATURE_ID}.show`], + capabilities: [SECURITY_UI_SHOW_PRIVILEGE], links: [ { id: SecurityPageName.usersAll, @@ -152,7 +153,7 @@ const hostsLinks: LinkItem = { defaultMessage: 'Hosts', }), ], - capabilities: [`${SECURITY_FEATURE_ID}.show`], + capabilities: [SECURITY_UI_SHOW_PRIVILEGE], links: [ { id: SecurityPageName.hostsAll, @@ -209,7 +210,7 @@ export const exploreLinks: LinkItem = { title: EXPLORE, path: EXPLORE_PATH, globalNavPosition: 8, - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`]], + capabilities: [[SECURITY_UI_SHOW_PRIVILEGE, `${SECURITY_FEATURE_ID}.detections`]], globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.explore', { defaultMessage: 'Explore', diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx index 11e462c37e71a..6c098ccf09ed3 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/network/pages/details/index.tsx @@ -82,7 +82,7 @@ const NetworkDetailsComponent: React.FC = () => { ); const { signalIndexName } = useSignalIndex(); - const { hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); + const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); const canReadAlerts = hasKibanaREAD && hasIndexRead; const query = useDeepEqualSelector(getGlobalQuerySelector); diff --git a/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx index 4765e49158f4f..8cfe6fd2d2b79 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/explore/users/pages/details/index.tsx @@ -94,7 +94,7 @@ const UsersDetailsComponent: React.FC = ({ const globalFilters = useDeepEqualSelector(getGlobalFiltersQuerySelector); const { signalIndexName } = useSignalIndex(); - const { hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); + const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); const canReadAlerts = hasKibanaREAD && hasIndexRead; const { to, from, deleteQuery, setQuery, isInitializing } = useGlobalTime(); diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx index e9161ba909ec6..f5f3b13c0be08 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/right/components/status_popover_button.test.tsx @@ -52,11 +52,11 @@ const props = { type AlertsPriveleges = Partial>; -const writePriveleges: AlertsPriveleges = { hasIndexWrite: true, hasKibanaCRUD: true }; +const writePriveleges: AlertsPriveleges = { hasIndexWrite: true, hasSiemCRUD: true }; const readPriveleges: AlertsPriveleges = { hasIndexWrite: false, - hasKibanaCRUD: false, - hasKibanaREAD: true, + hasSiemCRUD: false, + hasSiemRead: true, hasIndexRead: true, }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx index 8baf348af1e24..d6e5099ab7374 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/components/take_action_dropdown.test.tsx @@ -38,7 +38,7 @@ jest.mock('../../../../common/components/user_privileges'); jest.mock('../../../../exceptions/hooks/use_endpoint_exceptions_capability'); jest.mock('../../../../detections/components/user_info', () => ({ - useUserData: jest.fn().mockReturnValue([{ canUserCRUD: true, hasIndexWrite: true }]), + useUserData: jest.fn().mockReturnValue([{ hasIndexWrite: true }]), })); jest.mock('../../../../common/lib/kibana'); @@ -46,7 +46,7 @@ jest.mock('../../../../common/lib/kibana'); jest.mock( '../../../../detections/containers/detection_engine/alerts/use_alerts_privileges', () => ({ - useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasKibanaCRUD: true }), + useAlertsPrivileges: jest.fn().mockReturnValue({ hasIndexWrite: true, hasSiemCRUD: true }), }) ); jest.mock('../../../../cases/components/use_insert_timeline'); @@ -124,7 +124,7 @@ describe('take action dropdown', () => { (useHttp as jest.Mock).mockReturnValue(mockStartServicesMock.http); }); - afterEach(() => { + beforeEach(() => { (useUserPrivileges as jest.Mock).mockReturnValue(getUserPrivilegesMockDefaultValue()); }); @@ -157,6 +157,7 @@ describe('take action dropdown', () => { (useUserPrivileges as jest.Mock).mockReturnValue({ ...getUserPrivilegesMockDefaultValue(), timelinePrivileges: { read: true }, + rulesPrivileges: { read: true, edit: true }, }); wrapper = mount( @@ -380,6 +381,12 @@ describe('take action dropdown', () => { describe('"Add Endpoint exception" button', () => { const mockUseEndpointExceptionsCapability = useEndpointExceptionsCapability as jest.Mock; + beforeEach(() => { + (useUserPrivileges as jest.Mock).mockReturnValue( + getUserPrivilegesMockDefaultValue({ rulesPrivileges: { read: true, edit: true } }) + ); + }); + test('should enable the "Add Endpoint exception" button if provided endpoint alert and has right privileges', async () => { set(defaultProps.dataAsNestedObject, 'kibana.alert.original_event.kind', ['alert']); set(defaultProps.dataAsNestedObject, 'kibana.alert.original_event.module', ['endpoint']); diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.test.tsx index bfa299a6e19ab..c99bdd13f1b4d 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.test.tsx @@ -13,10 +13,11 @@ import { hasMlLicense } from '../../../../../common/machine_learning/has_ml_lice import { hasMlAdminPermissions } from '../../../../../common/machine_learning/has_ml_admin_permissions'; import type { RuleResponse } from '../../../../../common/api/detection_engine'; import { - LACK_OF_KIBANA_SECURITY_PRIVILEGES, + LACK_OF_KIBANA_RULES_FEATURE_PRIVILEGES, ML_RULES_DISABLED_MESSAGE, } from '../../../../detection_engine/common/translations'; -import { useUserData } from '../../../../detections/components/user_info'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; +import { getUserPrivilegesMockDefaultValue } from '../../../../common/components/user_privileges/__mocks__'; jest.mock('../../../../common/components/ml/hooks/use_ml_capabilities'); jest.mock( @@ -25,6 +26,7 @@ jest.mock( jest.mock('../../../../../common/machine_learning/has_ml_license'); jest.mock('../../../../../common/machine_learning/has_ml_admin_permissions'); jest.mock('../../../../detections/components/user_info'); +jest.mock('../../../../common/components/user_privileges'); const defaultProps = { rule: {} as RuleResponse, @@ -37,7 +39,10 @@ const renderUseHighlightedFieldsPrivilege = (props: UseHighlightedFieldsPrivileg describe('useHighlightedFieldsPrivilege', () => { beforeEach(() => { jest.clearAllMocks(); - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: true }]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...getUserPrivilegesMockDefaultValue(), + rulesPrivileges: { read: true, edit: true }, + }); (hasMlAdminPermissions as jest.Mock).mockReturnValue(false); (hasMlLicense as jest.Mock).mockReturnValue(false); (usePrebuiltRuleCustomizationUpsellingMessage as jest.Mock).mockReturnValue(undefined); @@ -64,10 +69,13 @@ describe('useHighlightedFieldsPrivilege', () => { }); it('should return isDisabled as true when user does not have CRUD privileges', () => { - (useUserData as jest.Mock).mockReturnValue([{ canUserCRUD: false }]); + (useUserPrivileges as jest.Mock).mockReturnValue({ + ...getUserPrivilegesMockDefaultValue(), + rulesPrivileges: { read: true, edit: false }, + }); const { result } = renderUseHighlightedFieldsPrivilege(defaultProps); expect(result.current.isDisabled).toBe(true); - expect(result.current.tooltipContent).toContain(LACK_OF_KIBANA_SECURITY_PRIVILEGES); + expect(result.current.tooltipContent).toContain(LACK_OF_KIBANA_RULES_FEATURE_PRIVILEGES); }); describe('when rule is machine learning rule', () => { diff --git a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.tsx b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.tsx index 1f9422c8da7ec..d9d73d47edef1 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/flyout/document_details/shared/hooks/use_highlighted_fields_privilege.tsx @@ -5,19 +5,16 @@ * 2.0. */ -import { useMemo } from 'react'; import { i18n } from '@kbn/i18n'; -import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities'; -import { usePrebuiltRuleCustomizationUpsellingMessage } from '../../../../detection_engine/rule_management/logic/prebuilt_rules/use_prebuilt_rule_customization_upselling_message'; -import { - explainLackOfPermission, - hasUserCRUDPermission, -} from '../../../../common/utils/privileges'; -import { hasMlLicense } from '../../../../../common/machine_learning/has_ml_license'; +import { useMemo } from 'react'; +import type { RuleResponse } from '../../../../../common/api/detection_engine'; import { hasMlAdminPermissions } from '../../../../../common/machine_learning/has_ml_admin_permissions'; -import { useUserData } from '../../../../detections/components/user_info'; +import { hasMlLicense } from '../../../../../common/machine_learning/has_ml_license'; import { isMlRule } from '../../../../../common/machine_learning/helpers'; -import type { RuleResponse } from '../../../../../common/api/detection_engine'; +import { useMlCapabilities } from '../../../../common/components/ml/hooks/use_ml_capabilities'; +import { useUserPrivileges } from '../../../../common/components/user_privileges'; +import { explainLackOfPermission } from '../../../../common/utils/privileges'; +import { usePrebuiltRuleCustomizationUpsellingMessage } from '../../../../detection_engine/rule_management/logic/prebuilt_rules/use_prebuilt_rule_customization_upselling_message'; export interface UseHighlightedFieldsPrivilegeParams { /** @@ -48,15 +45,12 @@ export const useHighlightedFieldsPrivilege = ({ rule, isExistingRule, }: UseHighlightedFieldsPrivilegeParams): UseHighlightedFieldsPrivilegeResult => { - const [{ canUserCRUD }] = useUserData(); + const canEditRules = useUserPrivileges().rulesPrivileges.edit; const mlCapabilities = useMlCapabilities(); const hasMlPermissions = hasMlLicense(mlCapabilities) && hasMlAdminPermissions(mlCapabilities); const isEditRuleDisabled = - !rule || - !isExistingRule || - !hasUserCRUDPermission(canUserCRUD) || - (isMlRule(rule?.type) && !hasMlPermissions); + !rule || !isExistingRule || !canEditRules || (isMlRule(rule?.type) && !hasMlPermissions); const upsellingMessage = usePrebuiltRuleCustomizationUpsellingMessage( 'prebuilt_rule_customization' @@ -69,7 +63,7 @@ export const useHighlightedFieldsPrivilege = ({ rule, hasMlPermissions, true, // default true because we don't need the message for lack of action privileges - canUserCRUD + canEditRules ); if (isEditRuleDisabled && explanation) { @@ -94,7 +88,7 @@ export const useHighlightedFieldsPrivilege = ({ 'xpack.securitySolution.flyout.right.investigation.highlightedFields.editHighlightedFieldsButtonTooltip', { defaultMessage: 'Edit highlighted fields' } ); - }, [canUserCRUD, hasMlPermissions, isEditRuleDisabled, isExistingRule, rule, upsellingMessage]); + }, [canEditRules, hasMlPermissions, isEditRuleDisabled, isExistingRule, rule, upsellingMessage]); return useMemo( () => ({ diff --git a/x-pack/solutions/security/plugins/security_solution/public/helpers_access.ts b/x-pack/solutions/security/plugins/security_solution/public/helpers_access.ts index 3141578680a20..c46a531d9e63e 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/helpers_access.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/helpers_access.ts @@ -5,15 +5,21 @@ * 2.0. */ import type { Capabilities } from '@kbn/core/public'; +import { RULES_UI_READ } from '@kbn/security-solution-features/constants'; import { SECURITY_FEATURE_ID, CASES_FEATURE_ID } from '../common/constants'; export function hasAccessToSecuritySolution(capabilities: Capabilities): boolean { return Boolean( capabilities[SECURITY_FEATURE_ID]?.show || - capabilities.securitySolutionAttackDiscovery?.['attack-discovery'] + capabilities.securitySolutionAttackDiscovery?.['attack-discovery'] || + hasAccessToRules(capabilities) ); } +export function hasAccessToRules(capabilities: Capabilities): boolean { + return Boolean(capabilities.securitySolutionRulesV1?.[RULES_UI_READ]); +} + export function hasAccessToCases(capabilities: Capabilities): boolean { return Boolean(capabilities[CASES_FEATURE_ID]?.read_cases); } diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts index 2855db950522b..76019dbba9e09 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/common/constants.ts @@ -31,9 +31,10 @@ export const SIEM_VERSIONS = [ 'siem', 'siemV2', 'siemV3', + 'siemV4', // actual version, should equal to SECURITY_FEATURE_ID - 'siemV4', + 'siemV5', ] as const; export type SiemVersion = (typeof SIEM_VERSIONS)[number]; diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts index 4405a01d37922..6fae846737bf4 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/artifacts/artifact_tabs_in_policy_details.cy.ts @@ -39,6 +39,11 @@ const loginWithPrivilegeNone = (privilegePrefix: string) => { const getRoleWithoutArtifactPrivilege = (privilegePrefix: string) => { const endpointSecurityPolicyManagerRole = getEndpointSecurityPolicyManager(); + const siemVersion = + Object.keys(endpointSecurityPolicyManagerRole.kibana[0].feature).find((feature) => + feature.startsWith('siem') + ) ?? SECURITY_FEATURE_ID; + return { ...endpointSecurityPolicyManagerRole, kibana: [ @@ -46,9 +51,9 @@ const getRoleWithoutArtifactPrivilege = (privilegePrefix: string) => { ...endpointSecurityPolicyManagerRole.kibana[0], feature: { ...endpointSecurityPolicyManagerRole.kibana[0].feature, - [SECURITY_FEATURE_ID]: endpointSecurityPolicyManagerRole.kibana[0].feature[ - SECURITY_FEATURE_ID - ].filter((privilege) => privilege !== `${privilegePrefix}all`), + [siemVersion]: endpointSecurityPolicyManagerRole.kibana[0].feature[siemVersion].filter( + (privilege) => privilege !== `${privilegePrefix}all` + ), }, }, ], diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts index b65256e9afee7..91cd69de9d6d4 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/e2e/rbac/navigation.cy.ts @@ -40,7 +40,7 @@ describe('Navigation RBAC', () => { name: 'Trusted devices', privilegePrefix: 'trusted_devices_', selector: Selectors.TRUSTED_DEVICES, - siemVersions: ['siemV3', 'siemV4'], // Only available starting siemV3 + siemVersions: ['siemV3', 'siemV4', 'siemV5'], // Only available starting siemV3 }, { name: 'Event filters', diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/fixtures/role_with_artifact_read_privilege.ts b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/fixtures/role_with_artifact_read_privilege.ts index 043967d8c3a29..ea1dad676b471 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/management/cypress/fixtures/role_with_artifact_read_privilege.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/management/cypress/fixtures/role_with_artifact_read_privilege.ts @@ -11,6 +11,11 @@ import { getEndpointSecurityPolicyManager } from '../../../../scripts/endpoint/c export const getRoleWithArtifactReadPrivilege = (privilegePrefix: string) => { const endpointSecurityPolicyManagerRole = getEndpointSecurityPolicyManager(); + const siemVersion = + Object.keys(endpointSecurityPolicyManagerRole.kibana[0].feature).find((feature) => + feature.startsWith('siem') + ) ?? SECURITY_FEATURE_ID; + return { ...endpointSecurityPolicyManagerRole, kibana: [ @@ -18,8 +23,8 @@ export const getRoleWithArtifactReadPrivilege = (privilegePrefix: string) => { ...endpointSecurityPolicyManagerRole.kibana[0], feature: { ...endpointSecurityPolicyManagerRole.kibana[0].feature, - [SECURITY_FEATURE_ID]: [ - ...endpointSecurityPolicyManagerRole.kibana[0].feature[SECURITY_FEATURE_ID].filter( + [siemVersion]: [ + ...endpointSecurityPolicyManagerRole.kibana[0].feature[siemVersion].filter( (privilege) => privilege !== `${privilegePrefix}all` ), `${privilegePrefix}read`, diff --git a/x-pack/solutions/security/plugins/security_solution/public/management/links.ts b/x-pack/solutions/security/plugins/security_solution/public/management/links.ts index b8411ba51bfee..3ef8c500bafb4 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/management/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/management/links.ts @@ -8,6 +8,7 @@ import type { CoreStart } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { checkArtifactHasData } from './services/exceptions_list/check_artifact_has_data'; import { calculateEndpointAuthz, @@ -109,7 +110,7 @@ export const links: LinkItem = { skipUrlState: true, hideTimeline: true, globalNavPosition: 12, - capabilities: [`${SECURITY_FEATURE_ID}.show`], + capabilities: [SECURITY_UI_SHOW_PRIVILEGE], globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.manage', { defaultMessage: 'Manage', diff --git a/x-pack/solutions/security/plugins/security_solution/public/notes/links.ts b/x-pack/solutions/security/plugins/security_solution/public/notes/links.ts index e954826354579..5d20c4876014c 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/notes/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/notes/links.ts @@ -6,12 +6,8 @@ */ import { i18n } from '@kbn/i18n'; -import { - NOTES_FEATURE_ID, - NOTES_PATH, - SECURITY_FEATURE_ID, - SecurityPageName, -} from '../../common/constants'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; +import { NOTES_PATH, SecurityPageName, NOTES_FEATURE_ID } from '../../common/constants'; import { NOTES } from '../app/translations'; import type { LinkItem } from '../common/links/types'; @@ -24,7 +20,7 @@ export const links: LinkItem = { 'Oversee, revise, and revisit the notes attached to alerts, events and Timelines.', }), // It only makes sense to show this link when the user is also granted access to security solution - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${NOTES_FEATURE_ID}.read`]], + capabilities: [[SECURITY_UI_SHOW_PRIVILEGE, `${NOTES_FEATURE_ID}.read`]], landingIcon: 'filebeatApp', skipUrlState: true, hideTimeline: false, diff --git a/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/alerts/index.ts b/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/alerts/index.ts index 11dcab9da2043..b365929624968 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/alerts/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/alerts/index.ts @@ -6,12 +6,12 @@ */ import React from 'react'; +import { RULES_UI_DETECTIONS_PRIVILEGE } from '@kbn/security-solution-features/constants'; import type { OnboardingCardConfig } from '../../../../types'; import { OnboardingCardId } from '../../../../constants'; import { ALERTS_CARD_TITLE } from './translations'; import alertsIcon from './images/alerts_icon.png'; import alertsDarkIcon from './images/alerts_icon_dark.png'; -import { SECURITY_FEATURE_ID } from '../../../../../../common/constants'; export const alertsCardConfig: OnboardingCardConfig = { id: OnboardingCardId.alerts, @@ -25,5 +25,5 @@ export const alertsCardConfig: OnboardingCardConfig = { './alerts_card' ) ), - capabilitiesRequired: [`${SECURITY_FEATURE_ID}.detections`], + capabilitiesRequired: [RULES_UI_DETECTIONS_PRIVILEGE], }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/dashboards/index.ts b/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/dashboards/index.ts index 561bc036b701d..3aaeaf3708de6 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/dashboards/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/dashboards/index.ts @@ -6,6 +6,7 @@ */ import React from 'react'; +import { RULES_UI_DETECTIONS_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { IconDashboards } from '../../../../../common/icons/dashboards'; import type { OnboardingCardConfig } from '../../../../types'; import { OnboardingCardId } from '../../../../constants'; @@ -23,5 +24,8 @@ export const dashboardsCardConfig: OnboardingCardConfig = { './dashboards_card' ) ), - capabilitiesRequired: [['dashboard_v2.show', `${SECURITY_FEATURE_ID}.detections`]], + capabilitiesRequired: [ + ['dashboard_v2.show', `${SECURITY_FEATURE_ID}.detections`], + ['dashboard_v2.show', RULES_UI_DETECTIONS_PRIVILEGE], + ], }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/integrations/index.ts b/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/integrations/index.ts index d445564b66555..327594625afa5 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/integrations/index.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/onboarding/components/onboarding_body/cards/integrations/index.ts @@ -7,6 +7,7 @@ import React from 'react'; import { i18n } from '@kbn/i18n'; +import { RULES_UI_DETECTIONS_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { IconIntegrations } from '../../../../../common/icons/integrations'; import type { OnboardingCardConfig } from '../../../../types'; import { checkIntegrationsCardComplete } from './integrations_check_complete'; @@ -28,5 +29,8 @@ export const integrationsCardConfig: OnboardingCardConfig = { @@ -32,5 +32,5 @@ export const integrationsExternalDetectionsCardConfig: OnboardingCardConfig ({ })); const defaultUseAlertsPrivilegesReturn = { - hasKibanaREAD: true, + hasSiemRead: true, hasIndexRead: true, }; @@ -174,7 +174,7 @@ describe('DetectionResponse', () => { it('should not render alerts data sections if user has not index read permission', () => { mockUseAlertsPrivileges.mockReturnValue({ hasIndexRead: false, - hasKibanaREAD: true, + hasSiemRead: true, }); const result = render( @@ -198,7 +198,7 @@ describe('DetectionResponse', () => { it('should not render alerts data sections if user has not kibana read permission', () => { mockUseAlertsPrivileges.mockReturnValue({ hasIndexRead: true, - hasKibanaREAD: false, + hasSiemRead: false, }); const result = render( @@ -243,7 +243,7 @@ describe('DetectionResponse', () => { it('should render page permissions message if the user does not have read permission', () => { mockCanUseCases.mockReturnValue(noCasesPermissions()); mockUseAlertsPrivileges.mockReturnValue({ - hasKibanaREAD: true, + hasSiemRead: true, hasIndexRead: false, }); diff --git a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx index 7af67f348fafe..8dc4318370f12 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/detection_response.tsx @@ -54,7 +54,7 @@ const DetectionResponseComponent = () => { const isSourcererLoading = newDataViewPickerEnabled ? status !== 'ready' : oldIsSourcererLoading; const { signalIndexName } = useSignalIndex(); - const { hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); + const { hasSiemRead: hasKibanaREAD, hasIndexRead } = useAlertsPrivileges(); const userCasesPermissions = cases.helpers.canUseCases([APP_ID]); const canReadCases = userCasesPermissions.read; const canReadAlerts = hasKibanaREAD && hasIndexRead; diff --git a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx index 0cae72a06a1c3..a9dfb72a3a89e 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/overview/pages/overview.tsx @@ -90,7 +90,7 @@ const OverviewComponent = () => { const { endpointPrivileges: { canAccessFleet }, } = useUserPrivileges(); - const { hasIndexRead, hasKibanaREAD } = useAlertsPrivileges(); + const { hasIndexRead, hasSiemRead: hasKibanaREAD } = useAlertsPrivileges(); const { tiDataSources: allTiDataSources, isInitiallyLoaded: isTiLoaded } = useAllTiDataSources(); if (newDataViewPickerEnabled && status === 'pristine') { diff --git a/x-pack/solutions/security/plugins/security_solution/public/reports/links.ts b/x-pack/solutions/security/plugins/security_solution/public/reports/links.ts index b42de0507ed05..36d3e532df136 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/reports/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/reports/links.ts @@ -6,11 +6,12 @@ */ import { i18n } from '@kbn/i18n'; +import { SECURITY_UI_SHOW_PRIVILEGE } from '@kbn/security-solution-features/constants'; import { - SecurityPageName, - SECURITY_FEATURE_ID, - ATTACK_DISCOVERY_FEATURE_ID, AI_VALUE_PATH, + ATTACK_DISCOVERY_FEATURE_ID, + SECURITY_FEATURE_ID, + SecurityPageName, } from '../../common/constants'; import { AI_VALUE_DASHBOARD } from '../app/translations'; import type { LinkItem } from '../common/links/types'; @@ -24,7 +25,7 @@ export const aiValueLinks: LinkItem = { path: AI_VALUE_PATH, capabilities: [ [ - `${SECURITY_FEATURE_ID}.show`, + SECURITY_UI_SHOW_PRIVILEGE, `${ATTACK_DISCOVERY_FEATURE_ID}.attack-discovery`, `${SECURITY_FEATURE_ID}.socManagement`, ], diff --git a/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx index 4b2701e9b2323..ba84570680190 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/reports/pages/ai_value.test.tsx @@ -159,10 +159,10 @@ describe('AIValue', () => { sourcererDataView: {} as Record, }); mockUseAlertsPrivileges.mockReturnValue({ - hasKibanaREAD: true, + hasSiemRead: true, hasIndexRead: true, hasIndexUpdateDelete: false, - hasKibanaCRUD: false, + hasSiemCRUD: false, loading: false, isAuthenticated: true, hasEncryptionKey: true, diff --git a/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts b/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts index b0e42dee2affa..57a1ddf2a3243 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/rules/links.ts @@ -6,6 +6,11 @@ */ import { i18n } from '@kbn/i18n'; +import { + RULES_UI_DETECTIONS_PRIVILEGE, + RULES_UI_READ_PRIVILEGE, + SECURITY_UI_SHOW_PRIVILEGE, +} from '@kbn/security-solution-features/constants'; import { COVERAGE_OVERVIEW_PATH, EXCEPTIONS_PATH, @@ -37,7 +42,7 @@ export const links: LinkItem = { hideTimeline: true, skipUrlState: true, globalNavPosition: 2, - capabilities: `${SECURITY_FEATURE_ID}.show`, + capabilities: [RULES_UI_READ_PRIVILEGE, SECURITY_UI_SHOW_PRIVILEGE], links: [ { id: SecurityPageName.rules, @@ -52,7 +57,7 @@ export const links: LinkItem = { defaultMessage: 'SIEM Rules', }), ], - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SECURITY_FEATURE_ID}.detections`]], + capabilities: [[RULES_UI_READ_PRIVILEGE, RULES_UI_DETECTIONS_PRIVILEGE]], links: [ { id: SecurityPageName.rulesAdd, @@ -79,7 +84,7 @@ export const links: LinkItem = { }), landingIcon: IconConsoleCloud, path: EXCEPTIONS_PATH, - capabilities: [`${SECURITY_FEATURE_ID}.show`], + capabilities: [RULES_UI_READ_PRIVILEGE, `${SECURITY_FEATURE_ID}.showEndpointExceptions`], skipUrlState: true, hideTimeline: true, globalSearchKeywords: [ @@ -100,7 +105,7 @@ export const links: LinkItem = { } ), path: COVERAGE_OVERVIEW_PATH, - capabilities: `${SECURITY_FEATURE_ID}.detections`, + capabilities: RULES_UI_READ_PRIVILEGE, globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.coverageOverviewDashboard', { defaultMessage: 'MITRE ATT&CK Coverage', diff --git a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx index 9df1950da3359..a993db12d0aa9 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx +++ b/x-pack/solutions/security/plugins/security_solution/public/rules/routes.tsx @@ -9,12 +9,15 @@ import { Redirect } from 'react-router-dom'; import { Routes, Route } from '@kbn/shared-ux-router'; import type { Capabilities } from '@kbn/core-capabilities-common'; +import { + RULES_UI_EDIT_PRIVILEGE, + RULES_UI_READ_PRIVILEGE, +} from '@kbn/security-solution-features/constants'; import * as i18n from './translations'; import { COVERAGE_OVERVIEW_PATH, RULES_LANDING_PATH, RULES_PATH, - SECURITY_FEATURE_ID, SecurityPageName, } from '../../common/constants'; import { NotFoundPage } from '../app/404'; @@ -36,11 +39,11 @@ import { hasCapabilities } from '../common/lib/capabilities'; import { useKibana } from '../common/lib/kibana/kibana_react'; const getRulesSubRoutes = (capabilities: Capabilities) => [ - ...(hasCapabilities(capabilities, `${SECURITY_FEATURE_ID}.detections`) // regular detection rules are enabled + ...(hasCapabilities(capabilities, RULES_UI_READ_PRIVILEGE) // regular detection rules are enabled ? [ { - path: '/rules/id/:detailName/edit', - main: EditRulePage, + path: `/rules/id/:detailName/:tabName(${RuleDetailTabs.alerts}|${RuleDetailTabs.exceptions}|${RuleDetailTabs.endpointExceptions}|${RuleDetailTabs.executionResults}|${RuleDetailTabs.executionEvents})`, + main: RuleDetailsPage, exact: true, }, { @@ -48,34 +51,31 @@ const getRulesSubRoutes = (capabilities: Capabilities) => [ main: RulesPage, exact: true, }, + { + path: '/rules/add_rules', + main: withSecurityRoutePageWrapper(AddRulesPage, SecurityPageName.rulesAdd, { + omitSpyRoute: true, + }), + exact: true, + }, ] : []), - ...(hasCapabilities(capabilities, [ - `${SECURITY_FEATURE_ID}.detections`, - `${SECURITY_FEATURE_ID}.external_detections`, - ]) // some detection capability is enabled + ...(hasCapabilities(capabilities, RULES_UI_EDIT_PRIVILEGE) ? [ { - path: `/rules/id/:detailName/:tabName(${RuleDetailTabs.alerts}|${RuleDetailTabs.exceptions}|${RuleDetailTabs.endpointExceptions}|${RuleDetailTabs.executionResults}|${RuleDetailTabs.executionEvents})`, - main: RuleDetailsPage, + path: '/rules/id/:detailName/edit', + main: EditRulePage, + exact: true, + }, + { + path: '/rules/create', + main: withSecurityRoutePageWrapper(CreateRulePage, SecurityPageName.rulesCreate, { + omitSpyRoute: true, + }), exact: true, }, ] : []), - { - path: '/rules/create', - main: withSecurityRoutePageWrapper(CreateRulePage, SecurityPageName.rulesCreate, { - omitSpyRoute: true, - }), - exact: true, - }, - { - path: '/rules/add_rules', - main: withSecurityRoutePageWrapper(AddRulesPage, SecurityPageName.rulesAdd, { - omitSpyRoute: true, - }), - exact: true, - }, ]; const RulesContainerComponent: React.FC = () => { diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/capabilities.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/capabilities.ts index a7803c41b0433..0eb194c7811c4 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/capabilities.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/capabilities.ts @@ -9,21 +9,13 @@ import type { Capabilities } from '@kbn/core/public'; import { SIEM_MIGRATIONS_FEATURE_ID } from '@kbn/security-solution-features/constants'; import { i18n } from '@kbn/i18n'; import { CapabilitiesChecker } from '../../../common/lib/capabilities'; -import { SECURITY_FEATURE_ID } from '../../../../common/constants'; export interface MissingCapability { capability: string; description: string; } -const minimumCapabilities: MissingCapability[] = [ - { - capability: `${SECURITY_FEATURE_ID}.show`, - description: i18n.translate( - 'xpack.securitySolution.siemMigrations.service.capabilities.securityAll', - { defaultMessage: 'Security > Security: Read' } - ), - }, +const minimumSiemMigrationCapabilities: MissingCapability[] = [ { capability: `${SIEM_MIGRATIONS_FEATURE_ID}.all`, description: i18n.translate( @@ -34,13 +26,6 @@ const minimumCapabilities: MissingCapability[] = [ ]; const allCapabilities: MissingCapability[] = [ - { - capability: `${SECURITY_FEATURE_ID}.crud`, - description: i18n.translate( - 'xpack.securitySolution.siemMigrations.service.capabilities.securityAll', - { defaultMessage: 'Security > Security: All' } - ), - }, { capability: `${SIEM_MIGRATIONS_FEATURE_ID}.all`, description: i18n.translate( @@ -61,8 +46,8 @@ export type CapabilitiesLevel = 'minimum' | 'all'; export type CapabilitiesByLevel = Record; -export const requiredSiemMigrationCapabilities: CapabilitiesByLevel = { - minimum: minimumCapabilities, +export const requiredSiemMigrationCapabilities = { + minimum: minimumSiemMigrationCapabilities, all: allCapabilities, }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/migrations_service_base.test.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/migrations_service_base.test.ts index 0ec056998e1b7..5417c619af305 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/migrations_service_base.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/common/service/migrations_service_base.test.ts @@ -59,6 +59,11 @@ class TestMigrationsService extends SiemMigrationsServiceBase { protected abstract fetchMigrationsStatsAll(params: GetMigrationsStatsAllParams): Promise; protected abstract sendFinishedMigrationNotification(taskStats: T): void; + public abstract isAvailable(): boolean; + public abstract getMissingCapabilities(level?: CapabilitiesLevel): MissingCapability[]; + private readonly latestStats$: BehaviorSubject; private isPolling = false; public connectorIdStorage: MigrationsStorage; @@ -58,7 +55,9 @@ export abstract class SiemMigrationsServiceBase { this.plugins.spaces.getActiveSpace().then((space) => { this.connectorIdStorage.setSpaceId(space.id); - this.startPolling(); + if (this.isAvailable()) { + this.startPolling(); + } }); } @@ -67,26 +66,11 @@ export abstract class SiemMigrationsServiceBase { return this.latestStats$.asObservable().pipe(distinctUntilChanged(isEqual)); } - /** Returns any missing capabilities for the user to use this feature */ - public getMissingCapabilities(level?: CapabilitiesLevel): MissingCapability[] { - const getMissingCapabilities = getMissingCapabilitiesChecker(); - return getMissingCapabilities(this.core.application.capabilities, level); - } - /** Checks if the user has any missing capabilities for this feature */ public hasMissingCapabilities(level?: CapabilitiesLevel): boolean { return this.getMissingCapabilities(level).length > 0; } - /** Checks if the service is available based on the `license`, `capabilities` and `experimentalFeatures` */ - public isAvailable() { - return ( - !ExperimentalFeaturesService.get().siemMigrationsDisabled && - licenseService.isEnterprise() && - !this.hasMissingCapabilities('minimum') - ); - } - /** Starts polling the migrations stats if not already polling and if the feature is available to the user */ public startPolling() { if (this.isPolling || !this.isAvailable()) { diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/dashboards/service/capabilities.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/dashboards/service/capabilities.ts index a6b6eb6f42b7c..8034979c8194d 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/dashboards/service/capabilities.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/dashboards/service/capabilities.ts @@ -12,6 +12,13 @@ import { type MissingCapability, } from '../../common/service/capabilities'; +const minimumDashboardMigrationCapability = { + capability: `dashboard_v2.show`, + description: i18n.translate( + 'xpack.securitySolution.siemMigrations.service.capabilities.dashboardsRead', + { defaultMessage: 'Analytics > Dashboards: Read' } + ), +}; const dashboardCapability = { capability: `dashboard_v2.createNew`, description: i18n.translate( @@ -24,6 +31,6 @@ export const requiredDashboardMigrationCapabilities: Record< CapabilitiesLevel, MissingCapability[] > = { - minimum: requiredSiemMigrationCapabilities.minimum, + minimum: [...requiredSiemMigrationCapabilities.minimum, minimumDashboardMigrationCapability], all: [...requiredSiemMigrationCapabilities.all, dashboardCapability], }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/links.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/links.ts index 979b0b045408b..faf36b6c305e2 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/links.ts @@ -6,13 +6,16 @@ */ import { i18n } from '@kbn/i18n'; -import { SIEM_MIGRATIONS_FEATURE_ID } from '@kbn/security-solution-features/constants'; import { - SecurityPageName, - SECURITY_FEATURE_ID, - SIEM_MIGRATIONS_RULES_PATH, + RULES_UI_READ_PRIVILEGE, + SECURITY_UI_SHOW_PRIVILEGE, + SIEM_MIGRATIONS_FEATURE_ID, +} from '@kbn/security-solution-features/constants'; +import { SIEM_MIGRATIONS_DASHBOARDS_PATH, SIEM_MIGRATIONS_LANDING_PATH, + SIEM_MIGRATIONS_RULES_PATH, + SecurityPageName, } from '../../common/constants'; import type { LinkItem } from '../common/links/types'; import { IconDashboards } from '../common/icons/dashboards'; @@ -29,7 +32,7 @@ const subLinks: LinkItem[] = [ }), landingIcon: IconRules, path: SIEM_MIGRATIONS_RULES_PATH, - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SIEM_MIGRATIONS_FEATURE_ID}.all`]], + capabilities: [[RULES_UI_READ_PRIVILEGE, `${SIEM_MIGRATIONS_FEATURE_ID}.all`]], skipUrlState: true, hideTimeline: true, hideWhenExperimentalKey: 'siemMigrationsDisabled', @@ -47,7 +50,7 @@ const subLinks: LinkItem[] = [ ), landingIcon: IconDashboards, path: SIEM_MIGRATIONS_DASHBOARDS_PATH, - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SIEM_MIGRATIONS_FEATURE_ID}.all`]], + capabilities: [[`dashboard_v2.show`, `${SIEM_MIGRATIONS_FEATURE_ID}.all`]], skipUrlState: true, hideTimeline: true, hideWhenExperimentalKey: 'siemMigrationsDisabled', @@ -67,7 +70,10 @@ export const links: LinkItem = { defaultMessage: 'Migrations', }), path: SIEM_MIGRATIONS_LANDING_PATH, - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${SIEM_MIGRATIONS_FEATURE_ID}.all`]], + capabilities: [ + [SECURITY_UI_SHOW_PRIVILEGE, `${SIEM_MIGRATIONS_FEATURE_ID}.all`], + [RULES_UI_READ_PRIVILEGE, `${SIEM_MIGRATIONS_FEATURE_ID}.all`], + ], globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.migrations', { defaultMessage: 'Migrations', diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/capabilities.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/capabilities.ts new file mode 100644 index 0000000000000..c28f9d94a0b9e --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/capabilities.ts @@ -0,0 +1,42 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { i18n } from '@kbn/i18n'; +import { + RULES_UI_EDIT_PRIVILEGE, + RULES_UI_READ_PRIVILEGE, +} from '@kbn/security-solution-features/constants'; +import { + requiredSiemMigrationCapabilities, + type CapabilitiesLevel, + type MissingCapability, +} from '../../common/service/capabilities'; + +const minimumRuleMigrationCapabilities: MissingCapability[] = [ + { + capability: RULES_UI_READ_PRIVILEGE, + description: i18n.translate( + 'xpack.securitySolution.siemMigrations.service.capabilities.rulesRead', + { defaultMessage: 'Security > Rules: Read' } + ), + }, +]; + +const allRuleMigrationCapabilities: MissingCapability[] = [ + { + capability: RULES_UI_EDIT_PRIVILEGE, + description: i18n.translate( + 'xpack.securitySolution.siemMigrations.service.capabilities.rulesAll', + { defaultMessage: 'Security > Rules: All' } + ), + }, +]; + +export const requiredRuleMigrationCapabilities: Record = { + minimum: [...requiredSiemMigrationCapabilities.minimum, ...minimumRuleMigrationCapabilities], + all: [...requiredSiemMigrationCapabilities.all, ...allRuleMigrationCapabilities], +}; diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.test.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.test.ts index 490df2464cf50..93159a345be54 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.test.ts @@ -52,6 +52,7 @@ jest.mock('../api', () => ({ })); jest.mock('../../common/service/capabilities', () => ({ + ...jest.requireActual('../../common/service/capabilities'), getMissingCapabilitiesChecker: jest.fn(() => []), })); diff --git a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.ts b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.ts index 6151851c0a9fc..61b46857c9ff1 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/siem_migrations/rules/service/rule_migrations_service.ts @@ -6,6 +6,8 @@ */ import type { CoreStart } from '@kbn/core/public'; +import { licenseService } from '../../../common/hooks/use_license'; +import { ExperimentalFeaturesService } from '../../../common/experimental_features_service'; import type { TelemetryServiceStart } from '../../../common/lib/telemetry'; import type { CreateRuleMigrationRulesRequestBody, @@ -20,14 +22,17 @@ import * as api from '../api'; import type { RuleMigrationSettings, RuleMigrationStats } from '../types'; import * as i18n from './translations'; import { SiemRulesMigrationsTelemetry } from './telemetry'; +import type { CapabilitiesLevel, MissingCapability } from '../../common/service'; import { SiemMigrationsServiceBase, + getMissingCapabilitiesChecker, getMissingCapabilitiesToast, getNoConnectorToast, } from '../../common/service'; import type { GetMigrationStatsParams, GetMigrationsStatsAllParams } from '../../common/types'; import { raiseSuccessToast } from './notification/success_notification'; import { START_STOP_POLLING_SLEEP_SECONDS } from '../../common/constants'; +import { requiredRuleMigrationCapabilities } from './capabilities'; const CREATE_MIGRATION_BODY_BATCH_SIZE = 50; @@ -43,6 +48,22 @@ export class SiemRulesMigrationsService extends SiemMigrationsServiceBase ({ + sort: legacyDataTableState[tableKey].sort?.map((sortCandidate) => ({ [sortCandidate.columnId]: { order: sortCandidate.sortDirection }, })), visibleColumns: legacyDataTableState[tableKey].columns, diff --git a/x-pack/solutions/security/plugins/security_solution/public/timelines/links.ts b/x-pack/solutions/security/plugins/security_solution/public/timelines/links.ts index fa30a91d82ad6..f140f36413c83 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/timelines/links.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/timelines/links.ts @@ -7,11 +7,10 @@ import { i18n } from '@kbn/i18n'; import { - SECURITY_FEATURE_ID, - SecurityPageName, - TIMELINE_FEATURE_ID, - TIMELINES_PATH, -} from '../../common/constants'; + RULES_UI_READ_PRIVILEGE, + SECURITY_UI_SHOW_PRIVILEGE, +} from '@kbn/security-solution-features/constants'; +import { SecurityPageName, TIMELINE_FEATURE_ID, TIMELINES_PATH } from '../../common/constants'; import { TIMELINES } from '../app/translations'; import type { LinkItem } from '../common/links/types'; @@ -20,8 +19,11 @@ export const links: LinkItem = { title: TIMELINES, path: TIMELINES_PATH, globalNavPosition: 9, - // It only makes sense to show this link when the user is also granted access to security solution - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${TIMELINE_FEATURE_ID}.read`]], + // It only makes sense to show this link when the user is also granted access to security solution or rules + capabilities: [ + [SECURITY_UI_SHOW_PRIVILEGE, `${TIMELINE_FEATURE_ID}.read`], + [RULES_UI_READ_PRIVILEGE, `${TIMELINE_FEATURE_ID}.read`], + ], globalSearchKeywords: [ i18n.translate('xpack.securitySolution.appLinks.timelines', { defaultMessage: 'Timelines', @@ -35,7 +37,10 @@ export const links: LinkItem = { }), path: `${TIMELINES_PATH}/template`, sideNavDisabled: true, - capabilities: [[`${SECURITY_FEATURE_ID}.show`, `${TIMELINE_FEATURE_ID}.read`]], + capabilities: [ + [SECURITY_UI_SHOW_PRIVILEGE, `${TIMELINE_FEATURE_ID}.read`], + [RULES_UI_READ_PRIVILEGE, `${TIMELINE_FEATURE_ID}.read`], + ], }, ], }; diff --git a/x-pack/solutions/security/plugins/security_solution/public/use_readonly_header.ts b/x-pack/solutions/security/plugins/security_solution/public/use_readonly_header.ts index d48855b397105..018fb479a2ae0 100644 --- a/x-pack/solutions/security/plugins/security_solution/public/use_readonly_header.ts +++ b/x-pack/solutions/security/plugins/security_solution/public/use_readonly_header.ts @@ -9,7 +9,7 @@ import { useEffect } from 'react'; import * as i18n from './translations'; import { useKibana } from './common/lib/kibana'; -import { useAlertsPrivileges } from './detections/containers/detection_engine/alerts/use_alerts_privileges'; +import { useUserPrivileges } from './common/components/user_privileges'; /** * This component places a read-only icon badge in the header @@ -17,11 +17,11 @@ import { useAlertsPrivileges } from './detections/containers/detection_engine/al * privileges */ export function useReadonlyHeader(tooltip: string) { - const { hasKibanaREAD, hasKibanaCRUD } = useAlertsPrivileges(); + const { rulesPrivileges } = useUserPrivileges(); const chrome = useKibana().services.chrome; useEffect(() => { - if (hasKibanaREAD && !hasKibanaCRUD) { + if (rulesPrivileges.read && !rulesPrivileges.edit) { chrome.setBadge({ text: i18n.READ_ONLY_BADGE_TEXT, tooltip, @@ -33,5 +33,5 @@ export function useReadonlyHeader(tooltip: string) { return () => { chrome.setBadge(); }; - }, [chrome, hasKibanaREAD, hasKibanaCRUD, tooltip]); + }, [chrome, tooltip, rulesPrivileges.read, rulesPrivileges.edit]); } diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts index 9bfbda7735692..3b9e37695ea73 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_all_integrations/route.ts @@ -8,6 +8,7 @@ import type { Logger } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { SO_SEARCH_LIMIT } from '@kbn/fleet-plugin/common/constants'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { PREBUILT_RULES_PACKAGE_NAME } from '../../../../../../common/detection_engine/constants'; import { buildSiemResponse } from '../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; @@ -29,7 +30,7 @@ export const getAllIntegrationsRoute = (router: SecuritySolutionPluginRouter, lo path: GET_ALL_INTEGRATIONS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts index 006cc0afc17d5..9cbf98d088f59 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/fleet_integrations/api/get_installed_integrations/route.ts @@ -7,6 +7,7 @@ import type { Logger } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { buildSiemResponse } from '../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; @@ -29,7 +30,7 @@ export const getInstalledIntegrationsRoute = ( path: GET_INSTALLED_INTEGRATIONS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts index fb39e0cec41b1..30b0c0f80b326 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules.ts @@ -6,6 +6,7 @@ */ import type { Logger } from '@kbn/core/server'; +import { INITIALIZE_SECURITY_SOLUTION } from '@kbn/security-solution-features/constants'; import { BOOTSTRAP_PREBUILT_RULES_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { PREBUILT_RULES_OPERATION_SOCKET_TIMEOUT_MS } from '../../constants'; @@ -22,7 +23,7 @@ export const bootstrapPrebuiltRulesRoute = ( path: BOOTSTRAP_PREBUILT_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [INITIALIZE_SECURITY_SOLUTION], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts index a90534a0f7147..3426f02692561 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/bootstrap_prebuilt_rules/bootstrap_prebuilt_rules_handler.ts @@ -11,7 +11,7 @@ import type { KibanaRequest, KibanaResponseFactory, } from '@kbn/core/server'; -import { ProductFeatureSecurityKey } from '@kbn/security-solution-features/keys'; +import { ProductFeatureRulesKey } from '@kbn/security-solution-features/keys'; import { transformError } from '@kbn/securitysolution-es-utils'; import { installSecurityAiPromptsPackage } from '../../logic/integrations/install_ai_prompts'; import type { @@ -47,7 +47,7 @@ export const bootstrapPrebuiltRulesHandler = async ( const productFeatureService = securityContext.getProductFeatureService(); const isExternalDetectionsEnabled = productFeatureService.isEnabled( - ProductFeatureSecurityKey.externalDetections + ProductFeatureRulesKey.externalDetections ); const packageResults: PackageInstallStatus[] = []; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rule_base_version/get_prebuilt_rule_base_version_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rule_base_version/get_prebuilt_rule_base_version_route.ts index 8e4812e8619d2..4445ab132f163 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rule_base_version/get_prebuilt_rule_base_version_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rule_base_version/get_prebuilt_rule_base_version_route.ts @@ -6,6 +6,7 @@ */ import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { GET_PREBUILT_RULES_BASE_VERSION_URL, GetPrebuiltRuleBaseVersionRequest, @@ -20,7 +21,7 @@ export const getPrebuiltRuleBaseVersion = (router: SecuritySolutionPluginRouter) path: GET_PREBUILT_RULES_BASE_VERSION_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts index 3794f33278c7e..fa4b1c056cf9f 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_and_timelines_status/get_prebuilt_rules_and_timelines_status_route.ts @@ -7,6 +7,7 @@ import type { Logger } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { InstallPrepackedTimelinesRequestBody } from '../../../../../../common/api/timeline'; import { buildSiemResponse } from '../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; @@ -36,7 +37,7 @@ export const getPrebuiltRulesAndTimelinesStatusRoute = ( path: PREBUILT_RULES_STATUS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts index e1fa7d9dc13c9..d5c5debd11df7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/get_prebuilt_rules_status/get_prebuilt_rules_status_route.ts @@ -6,6 +6,7 @@ */ import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { GET_PREBUILT_RULES_STATUS_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules'; import type { GetPrebuiltRulesStatusResponseBody } from '../../../../../../common/api/detection_engine/prebuilt_rules'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; @@ -21,7 +22,7 @@ export const getPrebuiltRulesStatusRoute = (router: SecuritySolutionPluginRouter path: GET_PREBUILT_RULES_STATUS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts index 711518ad91d46..c87e3682bff55 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/install_prebuilt_rules_and_timelines/install_prebuilt_rules_and_timelines_route.ts @@ -7,6 +7,7 @@ import type { Logger } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import { PREBUILT_RULES_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { buildSiemResponse } from '../../../routes/utils'; @@ -25,7 +26,7 @@ export const installPrebuiltRulesAndTimelinesRoute = ( path: PREBUILT_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts index 269f02111373b..c732242a4de0c 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_installation/perform_rule_installation_route.ts @@ -6,6 +6,7 @@ */ import type { Logger } from '@kbn/core/server'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import { PERFORM_RULE_INSTALLATION_URL, PerformRuleInstallationRequestBody, @@ -29,7 +30,7 @@ export const performRuleInstallationRoute = ( path: PERFORM_RULE_INSTALLATION_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts index 9b8c38d5990a2..8eb591f297560 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/perform_rule_upgrade/perform_rule_upgrade_route.ts @@ -7,6 +7,7 @@ import type { Logger } from '@kbn/core/server'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import { PERFORM_RULE_UPGRADE_URL, PerformRuleUpgradeRequestBody, @@ -26,7 +27,7 @@ export const performRuleUpgradeRoute = (router: SecuritySolutionPluginRouter, lo path: PERFORM_RULE_UPGRADE_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/revert_prebuilt_rule/revert_prebuilt_rule_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/revert_prebuilt_rule/revert_prebuilt_rule_route.ts index b57041074e7b1..e797082e07335 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/revert_prebuilt_rule/revert_prebuilt_rule_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/revert_prebuilt_rule/revert_prebuilt_rule_route.ts @@ -6,6 +6,7 @@ */ import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import { REVERT_PREBUILT_RULES_URL, RevertPrebuiltRulesRequest, @@ -21,7 +22,7 @@ export const revertPrebuiltRule = (router: SecuritySolutionPluginRouter) => { path: REVERT_PREBUILT_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts index 7ae1e70c43a7d..ae5f1b29eae08 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_installation/review_rule_installation_route.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { REVIEW_RULE_INSTALLATION_URL } from '../../../../../../common/api/detection_engine/prebuilt_rules'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { routeLimitedConcurrencyTag } from '../../../../../utils/route_limited_concurrency_tag'; @@ -21,7 +22,7 @@ export const reviewRuleInstallationRoute = (router: SecuritySolutionPluginRouter path: REVIEW_RULE_INSTALLATION_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts index 24b3865fc5ea0..f40dfc641f541 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/prebuilt_rules/api/review_rule_upgrade/review_rule_upgrade_route.ts @@ -6,6 +6,7 @@ */ import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { REVIEW_RULE_UPGRADE_URL, ReviewRuleUpgradeRequestBody, @@ -25,7 +26,7 @@ export const reviewRuleUpgradeRoute = (router: SecuritySolutionPluginRouter) => path: REVIEW_RULE_UPGRADE_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts index efdadd0c2f3e7..bb3aeefaebadb 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/create_index_route.ts @@ -15,6 +15,7 @@ import { setPolicy, createBootstrapIndex, } from '@kbn/securitysolution-es-utils'; +import { INITIALIZE_SECURITY_SOLUTION } from '@kbn/security-solution-features/constants'; import type { CreateAlertsIndexResponse } from '../../../../../common/api/detection_engine/index_management'; import type { SecuritySolutionApiRequestHandlerContext, @@ -42,7 +43,7 @@ export const createIndexRoute = (router: SecuritySolutionPluginRouter) => { access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [INITIALIZE_SECURITY_SOLUTION], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts index 08f975c023851..3d5305e5117d2 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/delete_index_route.ts @@ -14,6 +14,7 @@ import { } from '@kbn/securitysolution-es-utils'; import type { IKibanaResponse } from '@kbn/core/server'; +import { ALERTS_API_ALL } from '@kbn/security-solution-features/constants'; import type { DeleteAlertsIndexResponse } from '../../../../../common/api/detection_engine/index_management'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { DETECTION_ENGINE_INDEX_URL } from '../../../../../common/constants'; @@ -37,7 +38,7 @@ export const deleteIndexRoute = (router: SecuritySolutionPluginRouter) => { access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [ALERTS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts index 2f5131d1abf8b..e6401534689d9 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/index/read_index_route.ts @@ -8,6 +8,7 @@ import { transformError, getBootstrapIndexExists } from '@kbn/securitysolution-es-utils'; import type { RuleDataPluginService } from '@kbn/rule-registry-plugin/server'; import type { IKibanaResponse } from '@kbn/core/server'; +import { INITIALIZE_SECURITY_SOLUTION } from '@kbn/security-solution-features/constants'; import type { ReadAlertsIndexResponse } from '../../../../../common/api/detection_engine/index_management'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { DETECTION_ENGINE_INDEX_URL } from '../../../../../common/constants'; @@ -28,7 +29,7 @@ export const readIndexRoute = ( access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [INITIALIZE_SECURITY_SOLUTION], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts index 22c031d5d5eb5..f4fb9b15fa573 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/privileges/read_privileges_route.ts @@ -9,6 +9,7 @@ import { merge } from 'lodash/fp'; import { readPrivileges, transformError } from '@kbn/securitysolution-es-utils'; import type { IKibanaResponse } from '@kbn/core/server'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { DETECTION_ENGINE_PRIVILEGES_URL } from '../../../../../common/constants'; import { buildSiemResponse } from '../utils'; @@ -24,7 +25,7 @@ export const readPrivilegesRoute = ( access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [{ anyRequired: [RULES_API_READ, 'securitySolution'] }], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts index 8a84180c997ae..ae8ef0b68d0d2 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/open_close_signals_route.ts @@ -15,6 +15,7 @@ import { } from '@kbn/rule-data-utils'; import type { AuthenticatedUser, ElasticsearchClient, Logger } from '@kbn/core/server'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { ALERTS_API_READ } from '@kbn/security-solution-features/constants'; import { SetAlertsStatusRequestBody } from '../../../../../common/api/detection_engine/signals'; import { AlertStatusEnum } from '../../../../../common/api/model'; import type { SecuritySolutionPluginRouter } from '../../../../types'; @@ -41,7 +42,7 @@ export const setSignalsStatusRoute = ( access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [ALERTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts index 9f736c2d02329..336d975e4b9aa 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/query_signals_route.ts @@ -7,6 +7,7 @@ import type { IRuleDataClient } from '@kbn/rule-registry-plugin/server'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { ALERTS_API_READ } from '@kbn/security-solution-features/constants'; import { SearchAlertsRequestBody } from '../../../../../common/api/detection_engine/signals'; import type { SecuritySolutionPluginRouter } from '../../../../types'; @@ -23,7 +24,7 @@ export const querySignalsRoute = ( access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [ALERTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts index 5fee6554a1400..8fe1f0390ac22 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_assignees_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { uniq } from 'lodash/fp'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { ALERTS_API_READ } from '@kbn/security-solution-features/constants'; import { SetAlertAssigneesRequestBody } from '../../../../../common/api/detection_engine/alert_assignees'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { @@ -24,7 +25,8 @@ export const setAlertAssigneesRoute = (router: SecuritySolutionPluginRouter) => access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + // a t1_analyst, who has read only access, should be able to assign alerts + requiredPrivileges: [ALERTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts index 19b7f309ce126..435f8bd1e1712 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/signals/set_alert_tags_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { uniq } from 'lodash/fp'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { ALERTS_API_READ } from '@kbn/security-solution-features/constants'; import { SetAlertTagsRequestBody } from '../../../../../common/api/detection_engine/alert_tags'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { @@ -24,7 +25,7 @@ export const setAlertTagsRoute = (router: SecuritySolutionPluginRouter) => { access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [ALERTS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts index 2b8f65af12ca5..2bcd65fca12db 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/routes/users/suggest_user_profiles_route.ts @@ -9,6 +9,7 @@ import type { IKibanaResponse, StartServicesAccessor } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import type { UserProfileWithAvatar } from '@kbn/user-profile-components'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { USERS_API_READ } from '@kbn/security-solution-features/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { DETECTION_ENGINE_ALERT_SUGGEST_USERS_URL } from '../../../../../common/constants'; import { buildSiemResponse } from '../utils'; @@ -25,7 +26,7 @@ export const suggestUserProfilesRoute = ( access: 'internal', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [USERS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts index b178d912ccf27..1fa1cbc468c44 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/create_rule_exceptions/route.ts @@ -22,6 +22,7 @@ import { CreateRuleExceptionListItemsResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { EXCEPTIONS_API_ALL } from '@kbn/security-solution-features/constants'; import { CREATE_RULE_EXCEPTIONS_URL } from '../../../../../../common/api/detection_engine/rule_exceptions'; import { readRules } from '../../../rule_management/logic/detection_rules_client/read_rules'; @@ -38,7 +39,7 @@ export const createRuleExceptionsRoute = (router: SecuritySolutionPluginRouter) access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [EXCEPTIONS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts index db890c7104e58..476c5b8264dd1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_exceptions/api/find_exception_references/route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { getSavedObjectType } from '@kbn/securitysolution-list-utils'; import { validate } from '@kbn/securitysolution-io-ts-utils'; +import { EXCEPTIONS_API_READ } from '@kbn/security-solution-features/constants'; import { buildRouteValidation } from '../../../../../utils/build_validation/route_validation'; import { buildSiemResponse } from '../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; @@ -31,7 +32,7 @@ export const findRuleExceptionReferencesRoute = (router: SecuritySolutionPluginR access: 'internal', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [EXCEPTIONS_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts index 3b62b4a6f9622..05cb26a824093 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/bulk_actions/route.ts @@ -10,6 +10,7 @@ import { AbortError } from '@kbn/kibana-utils-plugin/common'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import type { BulkActionSkipResult, GapFillStatus } from '@kbn/alerting-plugin/common'; +import { RULES_API_ALL, RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { PerformRulesBulkActionResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { BulkActionTypeEnum, @@ -140,7 +141,7 @@ export const performBulkActionRoute = ( path: DETECTION_ENGINE_RULES_BULK_ACTION, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [{ anyRequired: [RULES_API_READ, RULES_API_ALL] }], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts index a3c6a07e0b8be..9a807ab2669df 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/coverage_overview/route.ts @@ -7,6 +7,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import type { IKibanaResponse } from '@kbn/core/server'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { CoverageOverviewResponse } from '../../../../../../../common/api/detection_engine'; import { CoverageOverviewRequestBody, @@ -24,7 +25,7 @@ export const getCoverageOverviewRoute = (router: SecuritySolutionPluginRouter) = path: RULE_MANAGEMENT_COVERAGE_OVERVIEW_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts index dbeaed85db055..0907680c68b1f 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/create_rule/route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import type { CreateRuleResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { CreateRuleRequestBody, @@ -29,7 +30,7 @@ export const createRuleRoute = (router: SecuritySolutionPluginRouter): void => { security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts index 3e5ef8aa8ab7a..e85c29950e58d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/delete_rule/route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import type { DeleteRuleResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { DeleteRuleRequestQuery, @@ -26,7 +27,7 @@ export const deleteRuleRoute = (router: SecuritySolutionPluginRouter) => { path: DETECTION_ENGINE_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts index f0abe3bd75a50..77b0bf45ecba2 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/export_rules/route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import type { Logger } from '@kbn/core/server'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { DETECTION_ENGINE_RULES_URL } from '../../../../../../../common/constants'; import { ExportRulesRequestBody, @@ -32,7 +33,7 @@ export const exportRulesRoute = ( path: `${DETECTION_ENGINE_RULES_URL}/_export`, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts index 6496c6edc2a87..a72fcf236bdc4 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts @@ -9,6 +9,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { validate } from '@kbn/securitysolution-io-ts-utils'; import type { RulesClient } from '@kbn/alerting-plugin/server'; import type { IKibanaResponse } from '@kbn/core/server'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { GetRuleManagementFiltersResponse, RULE_MANAGEMENT_FILTERS_URL, @@ -58,7 +59,7 @@ export const getRuleManagementFilters = (router: SecuritySolutionPluginRouter) = path: RULE_MANAGEMENT_FILTERS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts index 1e54fd633b37f..dfe52a957d7d1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/find_rules/route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse, Logger } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { DETECTION_ENGINE_RULES_URL_FIND } from '../../../../../../../common/constants'; import type { FindRulesResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { @@ -26,7 +27,7 @@ export const findRulesRoute = (router: SecuritySolutionPluginRouter, logger: Log path: DETECTION_ENGINE_RULES_URL_FIND, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts index 67030218b9419..7f3eaf2a0ea61 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/import_rules/route.ts @@ -11,6 +11,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import { chunk, partition } from 'lodash/fp'; import { extname } from 'path'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import { ImportRulesRequestQuery, ImportRulesResponse, @@ -53,7 +54,7 @@ export const importRulesRoute = ( path: DETECTION_ENGINE_RULES_IMPORT_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts index 6971628a780d9..ca4d6b2f67c47 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/patch_rule/route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import type { PatchRuleResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { PatchRuleRequestBody, @@ -28,7 +29,7 @@ export const patchRuleRoute = (router: SecuritySolutionPluginRouter) => { path: DETECTION_ENGINE_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts index 53b8ca4085209..3a829cc0f9ebe 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/read_rule/route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse, Logger } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { ReadRuleResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { ReadRuleRequestQuery, @@ -26,7 +27,7 @@ export const readRuleRoute = (router: SecuritySolutionPluginRouter, logger: Logg path: DETECTION_ENGINE_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts index 8a83aae938d6f..7ca159b2109f0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/update_rule/route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_ALL } from '@kbn/security-solution-features/constants'; import type { UpdateRuleResponse } from '../../../../../../../common/api/detection_engine/rule_management'; import { UpdateRuleRequestBody, @@ -29,7 +30,7 @@ export const updateRuleRoute = (router: SecuritySolutionPluginRouter) => { path: DETECTION_ENGINE_RULES_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts index 0332dfe024964..04d7941d0ee79 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/route.ts @@ -7,6 +7,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { ReadTagsResponse } from '../../../../../../../common/api/detection_engine'; import { DETECTION_ENGINE_TAGS_URL } from '../../../../../../../common/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; @@ -20,7 +21,7 @@ export const readTagsRoute = (router: SecuritySolutionPluginRouter) => { path: DETECTION_ENGINE_TAGS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts index d6d9e6843e5a2..d05a1547d42b5 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_cluster_health/get_cluster_health_route.ts @@ -7,6 +7,7 @@ import type { IKibanaResponse, KibanaResponseFactory } from '@kbn/core-http-server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { buildRouteValidation } from '../../../../../../utils/build_validation/route_validation'; import { buildSiemResponse } from '../../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; @@ -38,7 +39,7 @@ export const getClusterHealthRoute = (router: SecuritySolutionPluginRouter) => { path: GET_CLUSTER_HEALTH_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) @@ -66,7 +67,7 @@ export const getClusterHealthRoute = (router: SecuritySolutionPluginRouter) => { path: GET_CLUSTER_HEALTH_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts index 401040b33faa5..58fe1a81becef 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_rule_health/get_rule_health_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import type { IKibanaResponse } from '@kbn/core/server'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { GetRuleHealthResponse } from '../../../../../../../common/api/detection_engine/rule_monitoring'; import { GetRuleHealthRequestBody, @@ -35,7 +36,7 @@ export const getRuleHealthRoute = (router: SecuritySolutionPluginRouter) => { path: GET_RULE_HEALTH_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts index 772de5aead760..055ec5383c50f 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/get_space_health/get_space_health_route.ts @@ -7,6 +7,7 @@ import type { IKibanaResponse, KibanaResponseFactory } from '@kbn/core-http-server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { buildRouteValidation } from '../../../../../../utils/build_validation/route_validation'; import { buildSiemResponse } from '../../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; @@ -38,7 +39,7 @@ export const getSpaceHealthRoute = (router: SecuritySolutionPluginRouter) => { path: GET_SPACE_HEALTH_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) @@ -66,7 +67,7 @@ export const getSpaceHealthRoute = (router: SecuritySolutionPluginRouter) => { path: GET_SPACE_HEALTH_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts index 0e8e5e5b676fa..764a85b3d4803 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/detection_engine_health/setup/setup_health_route.ts @@ -7,6 +7,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; +import { INITIALIZE_SECURITY_SOLUTION } from '@kbn/security-solution-features/constants'; import { SETUP_HEALTH_URL } from '../../../../../../../common/api/detection_engine/rule_monitoring'; import type { SetupHealthResponse } from '../../../../../../../common/api/detection_engine'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; @@ -24,7 +25,7 @@ export const setupHealthRoute = (router: SecuritySolutionPluginRouter) => { path: SETUP_HEALTH_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [INITIALIZE_SECURITY_SOLUTION], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts index fc3c485710c1a..4120b6fe78cf8 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_events/get_rule_execution_events_route.ts @@ -8,6 +8,7 @@ import { transformError } from '@kbn/securitysolution-es-utils'; import type { IKibanaResponse } from '@kbn/core/server'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { buildSiemResponse } from '../../../../routes/utils'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; @@ -29,7 +30,7 @@ export const getRuleExecutionEventsRoute = (router: SecuritySolutionPluginRouter path: GET_RULE_EXECUTION_EVENTS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts index c23396e139afc..95d5bc4b37446 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_monitoring/api/rule_execution_logs/get_rule_execution_results/get_rule_execution_results_route.ts @@ -8,6 +8,7 @@ import type { IKibanaResponse } from '@kbn/core/server'; import { transformError } from '@kbn/securitysolution-es-utils'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; import { buildSiemResponse } from '../../../../routes/utils'; @@ -29,7 +30,7 @@ export const getRuleExecutionResultsRoute = (router: SecuritySolutionPluginRoute path: GET_RULE_EXECUTION_RESULTS_URL, security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts index 78a39cca72f04..a686057345e6b 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/detection_engine/rule_preview/api/preview_rules/route.ts @@ -18,6 +18,7 @@ import type { } from '@kbn/alerting-plugin/common'; import { parseDuration, DISABLE_FLAPPING_SETTINGS } from '@kbn/alerting-plugin/common'; import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; import { wrapAsyncSearchClient } from '@kbn/alerting-plugin/server/lib'; import { DEFAULT_PREVIEW_INDEX, @@ -90,7 +91,7 @@ export const previewRulesRoute = ( access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [RULES_API_READ], }, }, options: { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts index 5b2a3a70be1a2..b447b789f05da 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/exceptions/api/manage_exceptions/route.ts @@ -13,6 +13,7 @@ import { CreateSharedExceptionListRequestBody, CreateSharedExceptionListResponse, } from '@kbn/securitysolution-exceptions-common/api'; +import { EXCEPTIONS_API_ALL } from '@kbn/security-solution-features/constants'; import { SHARED_EXCEPTION_LIST_URL } from '../../../../../common/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; @@ -25,7 +26,7 @@ export const createSharedExceptionListRoute = (router: SecuritySolutionPluginRou access: 'public', security: { authz: { - requiredPrivileges: ['securitySolution'], + requiredPrivileges: [EXCEPTIONS_API_ALL], }, }, }) diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/mocks.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/mocks.ts index f641f85e48038..d855b805f48e0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/mocks.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/mocks.ts @@ -38,6 +38,11 @@ jest.mock('@kbn/security-solution-features/product_features', () => ({ baseKibanaSubFeatureIds: [], subFeaturesMap: new Map(), })), + getSecurityV5Feature: jest.fn(() => ({ + baseKibanaFeature: {}, + baseKibanaSubFeatureIds: [], + subFeaturesMap: new Map(), + })), getCasesFeature: jest.fn(() => ({ baseKibanaFeature: {}, baseKibanaSubFeatureIds: [], @@ -78,6 +83,11 @@ jest.mock('@kbn/security-solution-features/product_features', () => ({ baseKibanaSubFeatureIds: [], subFeaturesMap: new Map(), })), + getRulesFeature: jest.fn(() => ({ + baseKibanaFeature: {}, + baseKibanaSubFeatureIds: [], + subFeaturesMap: new Map(), + })), })); export const createProductFeaturesServiceMock = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.test.ts index eed604167f1a9..0001428c8469c 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.test.ts @@ -41,6 +41,8 @@ jest.mock('@kbn/security-solution-features/product_features', () => ({ getSecurityV2Feature: () => mockGetFeature(), getSecurityV3Feature: () => mockGetFeature(), getSecurityV4Feature: () => mockGetFeature(), + getSecurityV5Feature: () => mockGetFeature(), + getRulesFeature: () => mockGetFeature(), getCasesFeature: () => mockGetFeature(), getCasesV2Feature: () => mockGetFeature(), getCasesV3Feature: () => mockGetFeature(), diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.ts index 88b637fe2c5e6..ee1ac46fb6c45 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/product_features_service.ts @@ -20,19 +20,25 @@ import { getSecurityV2Feature, getSecurityV3Feature, getSecurityV4Feature, + getSecurityV5Feature, getTimelineFeature, getNotesFeature, getSiemMigrationsFeature, + getRulesFeature, } from '@kbn/security-solution-features/product_features'; import { API_ACTION_PREFIX } from '@kbn/security-solution-features/actions'; import type { ExperimentalFeatures } from '../../../common'; import { ProductFeatures } from './product_features'; import { casesProductFeatureParams } from './cases_product_feature_params'; import { - securityDefaultSavedObjects, + rulesSavedObjects, securityNotesSavedObjects, securityTimelineSavedObjects, securityV1SavedObjects, + securityV2SavedObjects, + securityV3SavedObjects, + securityV4SavedObjects, + securityV5SavedObjects, } from './security_saved_objects'; import { registerApiAccessControl } from './product_features_api_access_control'; import type { @@ -52,9 +58,10 @@ export class ProductFeaturesService { const securityFeatureParams = { experimentalFeatures }; this.productFeaturesRegistry.create('security', [ getSecurityFeature({ ...securityFeatureParams, savedObjects: securityV1SavedObjects }), - getSecurityV2Feature({ ...securityFeatureParams, savedObjects: securityDefaultSavedObjects }), - getSecurityV3Feature({ ...securityFeatureParams, savedObjects: securityDefaultSavedObjects }), - getSecurityV4Feature({ ...securityFeatureParams, savedObjects: securityDefaultSavedObjects }), + getSecurityV2Feature({ ...securityFeatureParams, savedObjects: securityV2SavedObjects }), + getSecurityV3Feature({ ...securityFeatureParams, savedObjects: securityV3SavedObjects }), + getSecurityV4Feature({ ...securityFeatureParams, savedObjects: securityV4SavedObjects }), + getSecurityV5Feature({ ...securityFeatureParams, savedObjects: securityV5SavedObjects }), ]); this.productFeaturesRegistry.create('cases', [ getCasesFeature(casesProductFeatureParams), @@ -73,6 +80,9 @@ export class ProductFeaturesService { this.productFeaturesRegistry.create('notes', [ getNotesFeature({ ...securityFeatureParams, savedObjects: securityNotesSavedObjects }), ]); + this.productFeaturesRegistry.create('rules', [ + getRulesFeature({ ...securityFeatureParams, savedObjects: rulesSavedObjects }), + ]); if (!experimentalFeatures.siemMigrationsDisabled) { this.productFeaturesRegistry.create('siemMigrations', [getSiemMigrationsFeature()]); } diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/security_saved_objects.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/security_saved_objects.ts index 369f1a55e9a5f..6eb35aa12df52 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/security_saved_objects.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/product_features_service/security_saved_objects.ts @@ -8,11 +8,12 @@ import { DATA_VIEW_SAVED_OBJECT_TYPE } from '@kbn/data-views-plugin/common'; import { EXCEPTION_LIST_NAMESPACE_AGNOSTIC } from '@kbn/securitysolution-list-constants'; import { - savedObjectTypesWithoutTimelineAndWithoutNotes, timelineSavedObjectTypes, notesSavedObjectTypes, savedObjectTypes, } from '../../saved_objects'; +import { noteType, pinnedEventType, timelineType } from '../timeline/saved_object_mappings'; +import { prebuiltRuleAssetType } from '../detection_engine/prebuilt_rules'; // Same as the saved-object type for rules defined by Cloud Security Posture const CLOUD_POSTURE_SAVED_OBJECT_RULE_TYPE = 'csp_rule'; @@ -20,18 +21,57 @@ const CLOUD_SECURITY_POSTURE_SETTINGS = 'cloud-security-posture-settings'; // Benchmark Rule Templates installed by the Cloud Security Posture package stored as Saved Objects: const CLOUD_SECURITY_POSTURE_BENCHMARK_RULE_TEMPLATE = 'csp-rule-template'; -export const securityDefaultSavedObjects = [ +export const securityV1SavedObjects = [ 'exception-list', EXCEPTION_LIST_NAMESPACE_AGNOSTIC, DATA_VIEW_SAVED_OBJECT_TYPE, - ...savedObjectTypesWithoutTimelineAndWithoutNotes, CLOUD_POSTURE_SAVED_OBJECT_RULE_TYPE, CLOUD_SECURITY_POSTURE_SETTINGS, CLOUD_SECURITY_POSTURE_BENCHMARK_RULE_TEMPLATE, + ...savedObjectTypes, ]; -export const securityV1SavedObjects = [...securityDefaultSavedObjects, ...savedObjectTypes]; +export const securityV2SavedObjects = [ + 'exception-list', + EXCEPTION_LIST_NAMESPACE_AGNOSTIC, + DATA_VIEW_SAVED_OBJECT_TYPE, + CLOUD_POSTURE_SAVED_OBJECT_RULE_TYPE, + CLOUD_SECURITY_POSTURE_SETTINGS, + CLOUD_SECURITY_POSTURE_BENCHMARK_RULE_TEMPLATE, + ...savedObjectTypes.filter( + (type) => ![noteType.name, pinnedEventType.name, timelineType.name].includes(type) + ), +]; + +export const securityV3SavedObjects = [...securityV2SavedObjects]; + +export const securityV4SavedObjects = [...securityV3SavedObjects]; + +export const securityV5SavedObjects = [ + // The difference between v4 and v5 is that v5 removes the exceptions list SO + // type and prebuilt rules which are now managed by the rules product feature + DATA_VIEW_SAVED_OBJECT_TYPE, + CLOUD_POSTURE_SAVED_OBJECT_RULE_TYPE, + CLOUD_SECURITY_POSTURE_SETTINGS, + CLOUD_SECURITY_POSTURE_BENCHMARK_RULE_TEMPLATE, + EXCEPTION_LIST_NAMESPACE_AGNOSTIC, + ...savedObjectTypes.filter( + (type) => + ![ + noteType.name, + pinnedEventType.name, + timelineType.name, + prebuiltRuleAssetType.name, + ].includes(type) + ), +]; export const securityTimelineSavedObjects = timelineSavedObjectTypes; export const securityNotesSavedObjects = notesSavedObjectTypes; + +export const rulesSavedObjects = [ + 'exception-list', + EXCEPTION_LIST_NAMESPACE_AGNOSTIC, + prebuiltRuleAssetType.name, +]; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/create.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/create.ts index 399c44354d42d..d316b866007ac 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/create.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/create.ts @@ -10,7 +10,7 @@ import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import type { IKibanaResponse } from '@kbn/core/server'; import { SIEM_DASHBOARD_MIGRATIONS_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import type { CreateDashboardMigrationResponse } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { CreateDashboardMigrationRequestBody } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { withLicense } from '../../common/api/util/with_license'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/create.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/create.ts index e2e13b29b0ec8..54f3e6ccfe524 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/create.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/create.ts @@ -15,7 +15,7 @@ import { } from '../../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATION_DASHBOARDS_PATH } from '../../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; import type { CreateMigrationItemInput } from '../../../common/data/siem_migrations_data_item_client'; import { DashboardResourceIdentifier } from '../../../../../../common/siem_migrations/dashboards/resources'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/get.ts index 2b7b2a52c4812..e01e68298d7ee 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/get.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/dashboards/get.ts @@ -15,7 +15,7 @@ import { } from '../../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATION_DASHBOARDS_PATH } from '../../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; import { withExistingMigration } from '../../../common/api/util/with_existing_migration_id'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/delete.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/delete.ts index 53d96b801bd0c..4763d2feb4db0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/delete.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/delete.ts @@ -10,7 +10,7 @@ import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { DeleteDashboardMigrationRequestParams } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATION_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/evaluation/evaluate.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/evaluation/evaluate.ts index a3bd7b0738aaa..29518cfece843 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/evaluation/evaluate.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/evaluation/evaluate.ts @@ -13,7 +13,7 @@ import { DashboardMigrationTaskExecutionSettings } from '../../../../../../commo import { LangSmithEvaluationOptions } from '../../../../../../common/siem_migrations/model/common.gen'; import { SIEM_DASHBOARD_MIGRATION_EVALUATE_PATH } from '../../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; const REQUEST_TIMEOUT = 10 * 60 * 1000; // 10 minutes diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/get.ts index fc8214b1444aa..232aaf3e15cb7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/get.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/get.ts @@ -11,7 +11,7 @@ import type { GetDashboardMigrationResponse } from '../../../../../common/siem_m import { GetDashboardMigrationRequestParams } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATION_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; import { withLicense } from '../../common/api/util/with_license'; import { MIGRATION_ID_NOT_FOUND } from '../../common/translations'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/install.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/install.ts index 5ee1a17c726a9..0f129aa4ed007 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/install.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/install.ts @@ -14,7 +14,7 @@ import { InstallMigrationDashboardsRequestBody, InstallMigrationDashboardsRequestParams, } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/get.ts index 5410fffe70a79..56805f00a9202 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/get.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/get.ts @@ -15,7 +15,7 @@ import { } from '../../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; import { withExistingMigration } from '../../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/missing.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/missing.ts index a5e0370eb2b23..450039e99b873 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/missing.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/missing.ts @@ -15,7 +15,7 @@ import { } from '../../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATION_RESOURCES_MISSING_PATH } from '../../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; import { withExistingMigration } from '../../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/upsert.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/upsert.ts index d98734e1066f3..f1c9eed0e0ee1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/upsert.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/resources/upsert.ts @@ -17,7 +17,7 @@ import { import { DashboardResourceIdentifier } from '../../../../../../common/siem_migrations/dashboards/resources'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; import type { CreateSiemMigrationResourceInput } from '../../../common/data/siem_migrations_data_resources_client'; import { processLookups } from '../../../rules/api/util/lookups'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/start.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/start.ts index 4886c75f177c0..05e7760914154 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/start.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/start.ts @@ -15,7 +15,7 @@ import { } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { getRetryFilter } from '../../common/api/util/retry'; import { withLicense } from '../../common/api/util/with_license'; import { createTracersCallbacks } from '../../common/api/util/tracing'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats.ts index a775f9501e34f..eb69f17fc8d43 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats.ts @@ -12,7 +12,7 @@ import { GetDashboardMigrationStatsRequestParams } from '../../../../../common/s import { SIEM_DASHBOARD_MIGRATION_STATS_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { withLicense } from '../../common/api/util/with_license'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; export const registerSiemDashboardMigrationsStatsRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats_all.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats_all.ts index 87698d5f91ae1..da57aeadd8ef7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats_all.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stats_all.ts @@ -9,7 +9,7 @@ import type { IKibanaResponse, Logger } from '@kbn/core/server'; import type { GetAllDashboardMigrationsStatsResponse } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATIONS_ALL_STATS_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; export const registerSiemDashboardMigrationsStatsAllRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stop.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stop.ts index 8a9bde444c4a6..8cd6662f66c34 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stop.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/stop.ts @@ -14,7 +14,7 @@ import { } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/translation_stats.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/translation_stats.ts index c9990b288d362..ffd0163113a92 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/translation_stats.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/translation_stats.ts @@ -11,7 +11,7 @@ import type { GetAllTranslationStatsDashboardMigrationResponse } from '../../../ import { GetAllTranslationStatsDashboardMigrationRequestParams } from '../../../../../common/siem_migrations/model/api/dashboards/dashboard_migration.gen'; import { SIEM_DASHBOARD_MIGRATION_TRANSLATION_STATS_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/update.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/update.ts index e2278e4e0f1a2..c2bc8e3794ba2 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/update.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/update.ts @@ -10,7 +10,7 @@ import { buildRouteValidationWithZod } from '@kbn/zod-helpers'; import { SIEM_DASHBOARD_MIGRATION_PATH } from '../../../../../common/siem_migrations/dashboards/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { UpdateDashboardMigrationRequestParams, diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/common/api/util/authz.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/util/authz.ts similarity index 82% rename from x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/common/api/util/authz.ts rename to x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/util/authz.ts index 7131dc57f911a..c2d5a18c935aa 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/common/api/util/authz.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/dashboards/api/util/authz.ts @@ -8,5 +8,5 @@ import { SIEM_MIGRATIONS_API_ACTION_ALL } from '@kbn/security-solution-features/actions'; export const authz = { - requiredPrivileges: ['securitySolution', SIEM_MIGRATIONS_API_ACTION_ALL], + requiredPrivileges: [SIEM_MIGRATIONS_API_ACTION_ALL], }; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts index 1088605f491f1..1bb917b85f82d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/create.ts @@ -14,7 +14,7 @@ import { } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; export const registerSiemRuleMigrationsCreateRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/delete.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/delete.ts index d0f668af01ef2..e684a10446ff5 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/delete.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/delete.ts @@ -11,7 +11,7 @@ import { SIEM_RULE_MIGRATION_PATH } from '../../../../../common/siem_migrations/ import { GetRuleMigrationRequestParams } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/evaluation/evaluate.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/evaluation/evaluate.ts index 30f59987ce653..7858441dc07d6 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/evaluation/evaluate.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/evaluation/evaluate.ts @@ -13,7 +13,7 @@ import { RuleMigrationTaskExecutionSettings } from '../../../../../../common/sie import { LangSmithEvaluationOptions } from '../../../../../../common/siem_migrations/model/common.gen'; import { SIEM_RULE_MIGRATION_EVALUATE_PATH } from '../../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; const REQUEST_TIMEOUT = 10 * 60 * 1000; // 10 minutes diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get.ts index 0054358f3bc94..5771dc5f052ac 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get.ts @@ -12,7 +12,7 @@ import type { GetRuleMigrationResponse } from '../../../../../common/siem_migrat import { GetRuleMigrationRequestParams } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { MIGRATION_ID_NOT_FOUND } from '../../common/translations'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_integrations.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_integrations.ts index ad476eae401e5..4ba3b6603bba7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_integrations.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_integrations.ts @@ -10,7 +10,7 @@ import type { RelatedIntegration } from '../../../../../common/api/detection_eng import { type GetRuleMigrationIntegrationsResponse } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATIONS_INTEGRATIONS_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; export const registerSiemRuleMigrationsIntegrationsRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_prebuilt_rules.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_prebuilt_rules.ts index 7b7ed9b175d49..09a5c5bd185a7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_prebuilt_rules.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/get_prebuilt_rules.ts @@ -11,7 +11,7 @@ import type { GetRuleMigrationPrebuiltRulesResponse } from '../../../../../commo import { GetRuleMigrationPrebuiltRulesRequestParams } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATIONS_PREBUILT_RULES_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { getPrebuiltRulesForMigration } from './util/prebuilt_rules'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/install.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/install.ts index 9ddd43508d63e..960af90a7d0c0 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/install.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/install.ts @@ -16,7 +16,7 @@ import { import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; import { installTranslated } from './util/installation'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; export const registerSiemRuleMigrationsInstallRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/integrations_stats.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/integrations_stats.ts index 9a4ae0b394d6a..3f4af9eb4ba2e 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/integrations_stats.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/integrations_stats.ts @@ -9,7 +9,7 @@ import type { IKibanaResponse, Logger } from '@kbn/core/server'; import { type GetRuleMigrationIntegrationsStatsResponse } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATIONS_INTEGRATIONS_STATS_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/privileges/get_missing_privileges.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/privileges/get_missing_privileges.ts index dedf72953ffe6..2f81ced4ba1d1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/privileges/get_missing_privileges.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/privileges/get_missing_privileges.ts @@ -13,7 +13,7 @@ import { LOOKUPS_INDEX_PREFIX, } from '../../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; export const registerSiemRuleMigrationsGetMissingPrivilegesRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/get.ts index c4c033cde65c2..006529193446d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/get.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/get.ts @@ -15,7 +15,7 @@ import { } from '../../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; export const registerSiemRuleMigrationsResourceGetRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/missing.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/missing.ts index a3090e4ca2c6e..6aae284ec4642 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/missing.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/missing.ts @@ -14,7 +14,7 @@ import { } from '../../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATION_RESOURCES_MISSING_PATH } from '../../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; export const registerSiemRuleMigrationsResourceGetMissingRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/upsert.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/upsert.ts index 3e84d6b82221b..04e8e81ea221b 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/upsert.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/resources/upsert.ts @@ -18,7 +18,7 @@ import { import { RuleResourceIdentifier } from '../../../../../../common/siem_migrations/rules/resources'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { processLookups } from '../util/lookups'; import { withLicense } from '../../../common/api/util/with_license'; import type { CreateSiemMigrationResourceInput } from '../../../common/data/siem_migrations_data_resources_client'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/create.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/create.ts index 56d96fe9d10d3..a5998e5012a20 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/create.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/create.ts @@ -18,7 +18,7 @@ import { RuleResourceIdentifier } from '../../../../../../common/siem_migrations import type { SecuritySolutionPluginRouter } from '../../../../../types'; import type { CreateRuleMigrationRulesInput } from '../../data/rule_migrations_data_rules_client'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withExistingMigration } from '../../../common/api/util/with_existing_migration_id'; import { withLicense } from '../../../common/api/util/with_license'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/enhance.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/enhance.ts index 78d2c5915ca3a..d559de7d0504d 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/enhance.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/enhance.ts @@ -14,7 +14,7 @@ import { RuleMigrationEnhanceRuleRequestBody, } from '../../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; import { withLicense } from '../../../common/api/util/with_license'; import { withExistingMigration } from '../../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/get.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/get.ts index df5676154ffc3..412eb656d6f1b 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/get.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/get.ts @@ -16,7 +16,7 @@ import { import type { SecuritySolutionPluginRouter } from '../../../../../types'; import type { RuleMigrationGetRulesOptions } from '../../data/rule_migrations_data_rules_client'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { withLicense } from '../../../common/api/util/with_license'; import { withExistingMigration } from '../../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/qradar/create.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/qradar/create.ts index d3855f7636620..bf0f04bd46997 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/qradar/create.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/qradar/create.ts @@ -15,7 +15,7 @@ import { import { QradarRulesXmlParser } from '../../../../../../../common/siem_migrations/parsers/qradar/rules_xml'; import type { SecuritySolutionPluginRouter } from '../../../../../../types'; import { SiemMigrationAuditLogger } from '../../../../common/api/util/audit'; -import { authz } from '../../../../common/api/util/authz'; +import { authz } from '../../util/authz'; import { withExistingMigration } from '../../../../common/api/util/with_existing_migration_id'; import { withLicense } from '../../../../common/api/util/with_license'; import type { CreateSiemMigrationResourceInput } from '../../../../common/data/siem_migrations_data_resources_client'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/update.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/update.ts index c6e4559c9a51d..3a85859103a99 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/update.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/rules/update.ts @@ -14,7 +14,7 @@ import { UpdateRuleMigrationRulesRequestParams, } from '../../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../../types'; -import { authz } from '../../../common/api/util/authz'; +import { authz } from '../util/authz'; import { SiemMigrationAuditLogger } from '../../../common/api/util/audit'; import { transformToInternalUpdateRuleMigrationData } from '../util/update_rules'; import { withLicense } from '../../../common/api/util/with_license'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/start.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/start.ts index be4a90fad04a4..2feb322aff3f2 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/start.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/start.ts @@ -15,7 +15,7 @@ import { } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { getRetryFilter } from '../../common/api/util/retry'; import { withLicense } from '../../common/api/util/with_license'; import { createTracersCallbacks } from '../../common/api/util/tracing'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats.ts index ebf49e1cf030e..21b4efe34673e 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats.ts @@ -13,7 +13,7 @@ import { } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATION_STATS_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats_all.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats_all.ts index d169caa82b57a..1bf206a828d09 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats_all.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stats_all.ts @@ -9,7 +9,7 @@ import type { IKibanaResponse, Logger } from '@kbn/core/server'; import type { GetAllStatsRuleMigrationResponse } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATIONS_ALL_STATS_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; export const registerSiemRuleMigrationsStatsAllRoute = ( diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stop.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stop.ts index d0ebf3d2dfef9..3905b60d744f5 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stop.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/stop.ts @@ -14,7 +14,7 @@ import { } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/translation_stats.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/translation_stats.ts index f45a8a35a6a88..2f19237e670ee 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/translation_stats.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/translation_stats.ts @@ -11,7 +11,7 @@ import type { GetRuleMigrationTranslationStatsResponse } from '../../../../../co import { GetRuleMigrationTranslationStatsRequestParams } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATION_TRANSLATION_STATS_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update.ts index 6a941c397fe07..3bbdc8915f2c1 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update.ts @@ -14,7 +14,7 @@ import { } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import type { SecuritySolutionPluginRouter } from '../../../../types'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update_index_pattern.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update_index_pattern.ts index f83132bb1b95f..4b6034270d0a9 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update_index_pattern.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/update_index_pattern.ts @@ -14,7 +14,7 @@ import { } from '../../../../../common/siem_migrations/model/api/rules/rule_migration.gen'; import { SIEM_RULE_MIGRATION_UPDATE_INDEX_PATTERN_PATH } from '../../../../../common/siem_migrations/constants'; import type { SecuritySolutionPluginRouter } from '../../../../types'; -import { authz } from '../../common/api/util/authz'; +import { authz } from './util/authz'; import { withLicense } from '../../common/api/util/with_license'; import { withExistingMigration } from '../../common/api/util/with_existing_migration_id'; import { SiemMigrationAuditLogger } from '../../common/api/util/audit'; diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/util/authz.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/util/authz.ts new file mode 100644 index 0000000000000..8513addb5b064 --- /dev/null +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/siem_migrations/rules/api/util/authz.ts @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { SIEM_MIGRATIONS_API_ACTION_ALL } from '@kbn/security-solution-features/actions'; +import { RULES_API_READ } from '@kbn/security-solution-features/constants'; + +export const authz = { + requiredPrivileges: [RULES_API_READ, SIEM_MIGRATIONS_API_ACTION_ALL], +}; diff --git a/x-pack/solutions/security/plugins/security_solution/server/saved_objects.ts b/x-pack/solutions/security/plugins/security_solution/server/saved_objects.ts index 24ad91037c460..f0b7edf19c3ce 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/saved_objects.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/saved_objects.ts @@ -58,17 +58,6 @@ const types = [ export const savedObjectTypes = types.map((type) => type.name); -export const savedObjectTypesWithoutTimelineAndWithoutNotes = savedObjectTypes.filter((type) => { - switch (type) { - case noteType.name: - case pinnedEventType.name: - case timelineType.name: - return false; - default: - return true; - } -}); - export const timelineSavedObjectTypes = [timelineType.name, pinnedEventType.name]; export const notesSavedObjectTypes = [noteType.name]; diff --git a/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts b/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts index 0d0bfcd80d70d..926cd0aee061e 100644 --- a/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts +++ b/x-pack/solutions/security/plugins/security_solution_ess/common/constants.ts @@ -9,11 +9,12 @@ import type { ProductFeatureKeyType } from '@kbn/security-solution-features/keys import { ALL_PRODUCT_FEATURE_KEYS, ProductFeatureSecurityKey, + ProductFeatureRulesKey, } from '@kbn/security-solution-features/keys'; // List of product features that are disabled in different offering (eg. Serverless). const DISABLED_PRODUCT_FEATURES: ProductFeatureKeyType[] = [ - ProductFeatureSecurityKey.externalDetections, + ProductFeatureRulesKey.externalDetections, ProductFeatureSecurityKey.configurations, ]; diff --git a/x-pack/solutions/security/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts b/x-pack/solutions/security/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts index 1bef790c14b93..690efaea79464 100644 --- a/x-pack/solutions/security/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts +++ b/x-pack/solutions/security/test/cloud_security_posture_api/routes/helper/user_roles_utilites.ts @@ -15,7 +15,10 @@ import { BENCHMARK_SCORE_INDEX_PATTERN, ALERTS_INDEX_PATTERN, } from '@kbn/cloud-security-posture-plugin/common/constants'; -import { SECURITY_FEATURE_ID } from '@kbn/security-solution-plugin/common/constants'; +import { + RULES_FEATURE_ID, + SECURITY_FEATURE_ID, +} from '@kbn/security-solution-plugin/common/constants'; import type { FtrProviderContext } from '../../ftr_provider_context'; const alertsSecurityUserIndices = [ @@ -149,6 +152,7 @@ export function CspSecurityCommonProvider(providerContext: FtrProviderContext) { base: [], feature: { [SECURITY_FEATURE_ID]: ['all'], + [RULES_FEATURE_ID]: ['all'], fleet: ['all'], fleetv2: ['all'], savedObjectsManagement: ['all'], diff --git a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/document_level_security.ts b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/document_level_security.ts index a5e0a746aad08..52ad5e4bcaa10 100644 --- a/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/document_level_security.ts +++ b/x-pack/solutions/security/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/trial_license_complete_tier/document_level_security.ts @@ -9,6 +9,7 @@ import expect from '@kbn/expect'; import { DETECTION_ENGINE_QUERY_SIGNALS_URL, + RULES_FEATURE_ID, SECURITY_FEATURE_ID, } from '@kbn/security-solution-plugin/common/constants'; import { deleteAllAlerts } from '@kbn/detections-response-ftr-services'; @@ -29,6 +30,7 @@ const roleToAccessSecuritySolution = { { feature: { [SECURITY_FEATURE_ID]: ['all'], + [RULES_FEATURE_ID]: ['all'], }, spaces: ['*'], }, @@ -52,6 +54,7 @@ const roleToAccessSecuritySolutionWithDls = { { feature: { [SECURITY_FEATURE_ID]: ['all'], + [RULES_FEATURE_ID]: ['all'], }, spaces: ['*'], }, diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts index b72433f329a2f..a181ffce8c947 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/ai4dsoc/capabilities/access.cy.ts @@ -119,6 +119,29 @@ describe('Capabilities', { tags: '@serverless' }, () => { cy.task('deleteServerlessCustomRole', 'siemV4'); }, }, + { + name: 'User with siem v5 role', + loginAs: 'siemV5', + setup: () => { + cy.task('createServerlessCustomRole', { + roleDescriptor: { + elasticsearch: { + indices: [{ names: ['*'], privileges: ['all'] }], + }, + kibana: [ + { + feature: { siemV5: ['all'], securitySolutionRulesV1: ['all'], fleet: ['all'] }, + spaces: ['*'], + }, + ], + }, + roleName: 'siemV5', + }); + }, + teardown: () => { + cy.task('deleteServerlessCustomRole', 'siemV5'); + }, + }, ]; // Iterate through each user role diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_page.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_page.cy.ts index 56e1304ba97b8..aa3cb4ac8e264 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_page.cy.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/asset_inventory/asset_inventory_page.cy.ts @@ -16,7 +16,6 @@ import { ID_FILTER_BOX, INVESTIGATE_IN_TIMELINE_BUTTON, NAME_FILTER_BOX, - NO_PRIVILEGES_BOX, TAKE_ACTION_BUTTON, TIMELINE_BODY, TYPE_FILTER_BOX, @@ -34,6 +33,7 @@ import { login } from '../../tasks/login'; import { visit } from '../../tasks/navigation'; import { ASSET_INVENTORY_URL } from '../../urls/navigation'; import { postDataView } from '../../tasks/api_calls/common'; +import { NO_PRIVILEGES_BOX } from '../../screens/common/page'; describe('Asset Inventory page - uiSetting disabled', { tags: ['@ess', '@serverless'] }, () => { beforeEach(() => { diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/privileges.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/privileges.cy.ts new file mode 100644 index 0000000000000..050bbec19d2b2 --- /dev/null +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/detection_alerts/privileges.cy.ts @@ -0,0 +1,145 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getCustomQueryRuleParams } from '../../../../objects/rule'; +import { ADD_EXCEPTION_BTN, ATTACH_TO_NEW_CASE_BUTTON } from '../../../../screens/alerts'; +import { + addAlertTagToNAlerts, + closeAlerts, + expandFirstAlertActions, + selectNumberOfAlerts, +} from '../../../../tasks/alerts'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; +import { loginWithUser } from '../../../../tasks/login'; +import { visit } from '../../../../tasks/navigation'; +import { ALERTS_URL } from '../../../../urls/navigation'; +import { + createUsersAndRoles, + deleteUsersAndRoles, + rulesAllUser, + rulesAllWithCasesUser, + rulesReadUser, + secAll as rulesNone, + secAllUser as rulesNoneUser, + rulesAll, + rulesRead, + rulesAllWithCases, +} from '../../../../tasks/privileges'; +import { assertSuccessToast } from '../../../../screens/common/toast'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { + removeAllAssigneesForFirstAlert, + updateAssigneesForFirstAlert, +} from '../../../../tasks/alert_assignments'; +import { sortUsingDataGridBtn } from '../../../../tasks/table_pagination'; +import { NO_PRIVILEGES_BOX } from '../../../../screens/common/page'; +import { openKibanaNavigation } from '../../../../tasks/kibana_navigation'; +import { ALERTS_PAGE } from '../../../../screens/kibana_navigation'; + +const usersToCreate = [rulesAllUser, rulesAllWithCasesUser, rulesReadUser, rulesNoneUser]; +const rolesToCreate = [rulesAll, rulesAllWithCases, rulesRead, rulesNone]; + +describe('Alerts page - privileges', { tags: ['@ess'] }, () => { + before(() => { + cy.task('esArchiverLoad', { archiveName: 'auditbeat_multiple' }); + deleteAlertsAndRules(); + deleteUsersAndRoles(usersToCreate, rolesToCreate); + createUsersAndRoles(usersToCreate, rolesToCreate); + // This triggers the creation of list indexes which is necessary to visualize the alerts page + loginWithUser(rulesAllUser); + visit(ALERTS_URL); + }); + + after(() => { + cy.task('esArchiverUnload', { archiveName: 'auditbeat_multiple' }); + }); + + beforeEach(() => { + loginWithUser(rulesAllUser); + deleteAlertsAndRules(); + createRule(getCustomQueryRuleParams()); + }); + + describe('securitySolutionRulesV1.all', () => { + beforeEach(() => { + loginWithUser(rulesAllUser); + visit(ALERTS_URL); + waitForAlertsToPopulate(); + }); + + it(`should be able close alerts`, () => { + selectNumberOfAlerts(3); + + closeAlerts(); + assertSuccessToast('Successfully closed 3 alerts.', ''); + }); + + it(`should be able to add an exception`, () => { + expandFirstAlertActions(); + + cy.get(ADD_EXCEPTION_BTN).click(); + cy.get('[data-test-subj="exceptionFlyoutTitle"]').should('be.visible'); + }); + }); + + describe('securitySolutionRulesV1.all with cases', () => { + beforeEach(() => { + loginWithUser(rulesAllWithCasesUser); + visit(ALERTS_URL); + waitForAlertsToPopulate(); + }); + + it(`should be able to add to case`, () => { + expandFirstAlertActions(); + + cy.get(ATTACH_TO_NEW_CASE_BUTTON).click(); + + cy.get('[data-test-subj="create-case-submit"]').should('be.enabled'); + }); + }); + + describe('securitySolutionRulesV1.read', () => { + beforeEach(() => { + loginWithUser(rulesReadUser); + visit(ALERTS_URL); + waitForAlertsToPopulate(); + sortUsingDataGridBtn('Assignees'); + }); + + it('should be able to assign/unassign alerts', () => { + const assignees = [rulesReadUser.username]; + updateAssigneesForFirstAlert(assignees); + removeAllAssigneesForFirstAlert(); + }); + + it('should be able to apply alert tags', () => { + addAlertTagToNAlerts(5); + }); + + it(`should not be able to add an exception`, () => { + expandFirstAlertActions(); + cy.get(ADD_EXCEPTION_BTN).should('not.exist'); + }); + }); + + describe('securitySolutionRulesV1 none', () => { + beforeEach(() => { + loginWithUser(rulesNoneUser); + visit(ALERTS_URL); + }); + + it('should not be able to see the alerts page', () => { + cy.get(NO_PRIVILEGES_BOX).should('exist'); + }); + + it('should not see the "alerts" link in the sidebar', () => { + openKibanaNavigation(); + cy.get(ALERTS_PAGE).should('not.exist'); + }); + }); +}); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_update_authorization.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_update_authorization.cy.ts index db83b42ce4122..b62ac79104f7e 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_update_authorization.cy.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/prebuilt_rules/installation/install_update_authorization.cy.ts @@ -39,6 +39,7 @@ import { UPGRADE_ALL_RULES_BUTTON, } from '../../../../../screens/alerts_detection_rules'; import { login } from '../../../../../tasks/login'; +import { NOT_FOUND } from '../../../../../screens/common/page'; // Rule to test update const RULE_1_ID = 'rule_1'; @@ -94,18 +95,13 @@ describe( // Now login with read-only user in preparation for test loadPageAsReadOnlyUser(RULES_MANAGEMENT_URL); - // Check that Add Elastic Rules button is disabled - cy.get(ADD_ELASTIC_RULES_BTN).should('be.disabled'); + // Check that Add Elastic Rules button is enabled + cy.get(ADD_ELASTIC_RULES_BTN).should('be.enabled'); - // Navigate to Add Elastic Rules page anyways via URL - // and assert that rules cannot be selected and all - // installation buttons are disabled + // Navigate to Add Elastic Rules page via URL + // and assert that page can be accessed cy.visit(`${APP_PATH}${RULES_ADD_PATH}`); - cy.get(INSTALL_ALL_RULES_BUTTON).should('be.disabled'); - cy.get(getInstallSingleRuleButtonByRuleId(UPDATED_RULE_1['security-rule'].rule_id)).should( - 'not.exist' - ); - cy.get(RULE_CHECKBOX).should('not.exist'); + cy.get(NOT_FOUND).should('not.exist'); }); it('should not be able to upgrade prebuilt rules', () => { @@ -117,20 +113,20 @@ describe( // Now login with read-only user in preparation for test loadPageAsReadOnlyUser(RULES_MANAGEMENT_URL); - // Check that Rule Update tab is not shown - cy.get(RULES_UPDATES_TAB).should('not.exist'); + // Check that Rule Update tab is shown + cy.get(RULES_UPDATES_TAB).should('exist'); // Navigate to Rule Update tab anyways via URL cy.visit(`${APP_PATH}${RULES_UPDATES}`); - // Check that upgrade buttons are not visible - cy.get(UPGRADE_ALL_RULES_BUTTON).should('not.exist'); + // Check that upgrade buttons are disabled/hidden + cy.get(UPGRADE_ALL_RULES_BUTTON).should('be.disabled'); cy.get(getUpgradeSingleRuleButtonByRuleId(OUTDATED_RULE_1['security-rule'].rule_id)).should( 'not.exist' ); - // Check that rule selection checkbox is not visible - cy.get(RULE_CHECKBOX).should('not.exist'); + // Check that rule selection checkbox is visible + cy.get(RULE_CHECKBOX).should('exist'); }); }); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/execution_log.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/execution_log.cy.ts index c668fbe44cfe3..fbc8750bf95a4 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/execution_log.cy.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/execution_log.cy.ts @@ -15,8 +15,8 @@ import { createRule } from '../../../../tasks/api_calls/rules'; import { goToExecutionLogTab, getExecutionLogTableRow, - refreshRuleExecutionTable, filterByRunType, + waitForExecutionLogTabToBePopulated, } from '../../../../tasks/rule_details'; import { getCustomQueryRuleParams } from '../../../../objects/rule'; import { EXECUTION_SHOWING } from '../../../../screens/rule_details'; @@ -49,16 +49,7 @@ describe( visit(ruleDetailsUrl(this.ruleId)); goToExecutionLogTab(); - cy.waitUntil( - () => { - cy.log('Waiting for execution logs to appear in execution log table'); - refreshRuleExecutionTable(); - return getExecutionLogTableRow().then((rows) => { - return rows.length > 0; - }); - }, - { interval: 5000, timeout: 20000 } - ); + waitForExecutionLogTabToBePopulated(1); cy.get(EXECUTION_SHOWING).contains('Showing 1 rule execution'); getExecutionLogTableRow().should('have.length', 1); @@ -70,16 +61,7 @@ describe( end: moment().toISOString(), }); - cy.waitUntil( - () => { - cy.log('Waiting for execution logs to appear in execution log table'); - refreshRuleExecutionTable(); - return getExecutionLogTableRow().then((rows) => { - return rows.length > 1; - }); - }, - { interval: 5000, timeout: 20000 } - ); + waitForExecutionLogTabToBePopulated(2); cy.get(EXECUTION_SHOWING).contains('Showing 2 rule executions'); getExecutionLogTableRow().should('have.length', 2); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/privileges.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/privileges.cy.ts new file mode 100644 index 0000000000000..3b2bd47dbdaca --- /dev/null +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rule_details/privileges.cy.ts @@ -0,0 +1,179 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN } from '../../../../screens/exceptions'; +import { + CREATE_NEW_RULE_BTN, + MODAL_CONFIRMATION_BTN, + RULE_DETAILS_MANUAL_RULE_RUN_BTN, +} from '../../../../screens/alerts_detection_rules'; +import { loginWithUser } from '../../../../tasks/login'; +import { visit } from '../../../../tasks/navigation'; +import { + createUsersAndRoles, + deleteUsersAndRoles, + rulesAll, + rulesAllUser, + rulesRead, + rulesReadUser, + secAll as rulesNone, + secAllUser as rulesNoneUser, +} from '../../../../tasks/privileges'; + +import { RULES_URL } from '../../../../urls/navigation'; +import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; +import { getCustomQueryRuleParams } from '../../../../objects/rule'; +import { + createAndEnableRule, + fillAboutRuleMinimumAndContinue, + fillDefineCustomRuleAndContinue, + fillScheduleRuleAndContinue, +} from '../../../../tasks/create_new_rule'; +import { + goToRuleDetailsOf, + manualRuleRunFromDetailsPage, +} from '../../../../tasks/alerts_detection_rules'; +import { + addFirstExceptionFromRuleDetails, + goToExceptionsTab, + goToExecutionLogTab, + goToRuleEditSettings, + waitForExecutionLogTabToBePopulated, +} from '../../../../tasks/rule_details'; +import { EDIT_SUBMIT_BUTTON } from '../../../../screens/edit_rule'; +import { + EDIT_RULE_SETTINGS_LINK, + POPOVER_ACTIONS_TRIGGER_BUTTON, + RULE_FILL_ALL_GAPS_BUTTON, +} from '../../../../screens/rule_details'; +import { + expectRuleSnoozed, + expectUnsnoozeSuccessToast, + snoozeRule, + unsnoozeRule, +} from '../../../../tasks/rule_snoozing'; +import { UNSNOOZED_BADGE } from '../../../../screens/rule_snoozing'; +const usersToCreate = [rulesAllUser, rulesReadUser, rulesNoneUser]; +const rolesToCreate = [rulesAll, rulesRead, rulesNone]; + +// As part of the rules RBAC effort, we have created these tests with roles that only have the new rules feature 'securitySolutionVX' enabled in order to test +// the features that said roles should have access to. Notice that the roles created are very minimal and only contain the new rules feature. + +describe('Rules table - privileges', { tags: ['@ess'] }, () => { + const ruleName = 'My rule'; + const createRule = () => { + const rule = getCustomQueryRuleParams({ name: ruleName }); + loginWithUser(rulesAllUser); + visit(RULES_URL); + cy.get(CREATE_NEW_RULE_BTN).click(); + + fillDefineCustomRuleAndContinue(rule); + fillAboutRuleMinimumAndContinue(rule); + fillScheduleRuleAndContinue(rule); + createAndEnableRule(); + }; + + before(() => { + deleteAlertsAndRules(); + deleteUsersAndRoles(usersToCreate, rolesToCreate); + createUsersAndRoles(usersToCreate, rolesToCreate); + createRule(); + }); + + describe('securitySolutionRulesV1.all', () => { + beforeEach(() => { + loginWithUser(rulesAllUser); + visit(RULES_URL); + goToRuleDetailsOf(ruleName); + }); + + it(`should be able to edit rules`, () => { + goToRuleEditSettings(); + cy.get(EDIT_SUBMIT_BUTTON).should('be.enabled'); + }); + + describe('execution log tab', () => { + beforeEach(() => { + goToExecutionLogTab(); + }); + + it(`should be able to see the execution history`, () => { + waitForExecutionLogTabToBePopulated(1); + }); + + it('should be able to trigger gap fills', () => { + cy.get(RULE_FILL_ALL_GAPS_BUTTON).click(); + cy.get(MODAL_CONFIRMATION_BTN).should('be.enabled'); + }); + }); + + it('should be able to trigger manual runs', () => { + manualRuleRunFromDetailsPage(); + }); + + it('should be able to trigger adding exceptions', () => { + goToExceptionsTab(); + + addFirstExceptionFromRuleDetails( + { + field: 'host.name', + operator: 'is one of', + values: ['foo', 'FOO', 'bar'], + }, + 'Some exception name' + ); + }); + + it('should be able to adjust snooze settings', () => { + snoozeRule('3 days'); + expectRuleSnoozed('3 days'); + unsnoozeRule(); + expectUnsnoozeSuccessToast(); + }); + }); + + describe('securitySolutionRulesV1.read', () => { + beforeEach(() => { + loginWithUser(rulesReadUser); + visit(RULES_URL); + goToRuleDetailsOf(ruleName); + }); + + it(`should not be able to edit rules`, () => { + cy.get(EDIT_RULE_SETTINGS_LINK).should('be.disabled'); + }); + + describe('execution log tab', () => { + beforeEach(() => { + goToExecutionLogTab(); + }); + + it(`should be able to see the execution history`, () => { + waitForExecutionLogTabToBePopulated(1); + }); + + it('should not be able to trigger gap fills', () => { + cy.get(RULE_FILL_ALL_GAPS_BUTTON).should('not.exist'); + }); + }); + + it('should not be able to trigger manual runs', () => { + cy.get(POPOVER_ACTIONS_TRIGGER_BUTTON).click(); + cy.get(RULE_DETAILS_MANUAL_RULE_RUN_BTN).should('be.disabled'); + }); + + it('should not be able to trigger adding exceptions', () => { + goToExceptionsTab(); + + cy.get(ADD_EXCEPTIONS_BTN_FROM_EMPTY_PROMPT_BTN).should('not.exist'); + }); + + it('should not be able to adjust snooze settings', () => { + cy.get(UNSNOOZED_BADGE).should('be.disabled'); + }); + }); +}); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rules_table/privileges.cy.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rules_table/privileges.cy.ts new file mode 100644 index 0000000000000..5ec260e898b08 --- /dev/null +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/e2e/detection_response/rule_management/rules_table/privileges.cy.ts @@ -0,0 +1,157 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ADD_ELASTIC_RULES_BTN, + CREATE_NEW_RULE_BTN, + ENABLE_RULE_TOGGLE, +} from '../../../../screens/alerts_detection_rules'; +import { loginWithUser } from '../../../../tasks/login'; +import { visit } from '../../../../tasks/navigation'; +import { + createUsersAndRoles, + deleteUsersAndRoles, + rulesAll, + rulesAllUser, + rulesRead, + rulesReadUser, + secAll as rulesNone, + secAllUser as rulesNoneUser, +} from '../../../../tasks/privileges'; + +import { RULES_URL } from '../../../../urls/navigation'; +import { deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; +import { getCustomQueryRuleParams } from '../../../../objects/rule'; +import { + createAndEnableRule, + fillAboutRuleMinimumAndContinue, + fillDefineCustomRuleAndContinue, + fillScheduleRuleAndContinue, +} from '../../../../tasks/create_new_rule'; +import { enableRule, selectRulesByName } from '../../../../tasks/alerts_detection_rules'; +import { + BULK_ACTIONS_BTN, + BULK_EXPORT_ACTION_BTN, + BULK_MANUAL_RULE_RUN_BTN, + DELETE_RULE_BULK_BTN, + DISABLE_RULE_BULK_BTN, + DUPLICATE_RULE_BULK_BTN, + ENABLE_RULE_BULK_BTN, +} from '../../../../screens/rules_bulk_actions'; +import { NO_PRIVILEGES_BOX } from '../../../../screens/common/page'; +import { assertSuccessToast } from '../../../../screens/common/toast'; +const usersToCreate = [rulesAllUser, rulesReadUser, rulesNoneUser]; +const rolesToCreate = [rulesAll, rulesRead, rulesNone]; + +// As part of the rules RBAC effort, we have created these tests with roles that only have the new rules feature 'securitySolutionVX' enabled in order to test +// the features that said roles should have access to. Notice that the roles created are very minimal and only contain the new rules feature. + +describe('Rules table - privileges', { tags: ['@ess'] }, () => { + const ruleName = 'My rule'; + const createRule = () => { + const rule = getCustomQueryRuleParams({ name: ruleName }); + loginWithUser(rulesAllUser); + visit(RULES_URL); + cy.get(CREATE_NEW_RULE_BTN).click(); + + fillDefineCustomRuleAndContinue(rule); + fillAboutRuleMinimumAndContinue(rule); + fillScheduleRuleAndContinue(rule); + createAndEnableRule(); + }; + + before(() => { + deleteAlertsAndRules(); + deleteUsersAndRoles(usersToCreate, rolesToCreate); + createUsersAndRoles(usersToCreate, rolesToCreate); + createRule(); + }); + + describe('securitySolutionRulesV1.all', () => { + beforeEach(() => { + loginWithUser(rulesAllUser); + visit(RULES_URL); + }); + + it(`should be able to "Enable/Disable" a rule`, () => { + // Click the rule enable toggle for the only rule we have. The rule is enabled when created so we click to disable + enableRule(0); + assertSuccessToast('Rules disabled', 'Successfully disabled 1 rule'); + + // Click again to enable + enableRule(0); + assertSuccessToast('Rules enabled', 'Successfully enabled 1 rule'); + }); + + it(`should see enabled bulk actions from context menu`, () => { + selectRulesByName([ruleName]); + cy.get(BULK_ACTIONS_BTN).click(); + + type ActionsButtonEnableArray = [string, 'enabled' | 'disabled'][]; + const bulkActionButtonsWhenEnabled: ActionsButtonEnableArray = [ + [BULK_MANUAL_RULE_RUN_BTN, 'enabled'], + [DISABLE_RULE_BULK_BTN, 'enabled'], + [ENABLE_RULE_BULK_BTN, 'disabled'], + [DELETE_RULE_BULK_BTN, 'enabled'], + [DUPLICATE_RULE_BULK_BTN, 'enabled'], + [BULK_EXPORT_ACTION_BTN, 'enabled'], + ]; + + for (const [actionButton, enableState] of bulkActionButtonsWhenEnabled) { + cy.get(actionButton).should(`be.${enableState}`); + } + + // Click to disable the rule + enableRule(0); + assertSuccessToast('Rules disabled', 'Successfully disabled 1 rule'); + + cy.get(BULK_ACTIONS_BTN).click(); + + const bulkActionsWhenDisabled: ActionsButtonEnableArray = [ + [BULK_MANUAL_RULE_RUN_BTN, 'disabled'], + [DISABLE_RULE_BULK_BTN, 'disabled'], + [ENABLE_RULE_BULK_BTN, 'enabled'], + [DELETE_RULE_BULK_BTN, 'enabled'], + [DUPLICATE_RULE_BULK_BTN, 'enabled'], + [BULK_EXPORT_ACTION_BTN, 'enabled'], + ]; + + for (const [actionButton, disabledState] of bulkActionsWhenDisabled) { + cy.get(actionButton).should(`be.${disabledState}`); + } + }); + }); + + describe('securitySolutionRulesV1.read', () => { + beforeEach(() => { + loginWithUser(rulesReadUser); + visit(RULES_URL); + }); + + it(`should not be able to trigger "Create rule" process`, () => { + cy.get(CREATE_NEW_RULE_BTN).should('not.be.enabled'); + }); + + it(`should not be able to "Enable/Disable" a rule`, () => { + cy.get(ENABLE_RULE_TOGGLE).should('not.be.enabled'); + }); + + it(`should be able to "Add" a prebuilt rule`, () => { + cy.get(ADD_ELASTIC_RULES_BTN).should('be.enabled'); + }); + }); + + describe('securitySolutionRulesV1 none', () => { + beforeEach(() => { + loginWithUser(rulesNoneUser); + visit(RULES_URL); + }); + it('should not be able to see the rules management page', () => { + cy.get(NO_PRIVILEGES_BOX).should('exist'); + }); + }); +}); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts index 4eef3a0f85067..b694d52183bea 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/alerts_detection_rules.ts @@ -113,6 +113,10 @@ export const RULES_ROW = '.euiTableRow'; export const SEVERITY = '[data-test-subj="severity"]'; +export const CREATE_NEW_RULE_BTN = '[data-test-subj="create-new-rule"]'; + +export const ENABLE_RULE_TOGGLE = '[data-test-subj="ruleSwitch"]'; + export const SELECT_ALL_RULES_BTN = '[data-test-subj="selectAllRules"]'; export const RULES_EMPTY_PROMPT = '[data-test-subj="rulesEmptyPrompt"]'; diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/asset_inventory/asset_inventory_page.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/asset_inventory/asset_inventory_page.ts index f6c541300aaa2..b825f2561cea1 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/asset_inventory/asset_inventory_page.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/asset_inventory/asset_inventory_page.ts @@ -7,7 +7,6 @@ import { getDataTestSubjectSelector } from '../../helpers/common'; -export const NO_PRIVILEGES_BOX = getDataTestSubjectSelector('noPrivilegesPage'); export const ALL_ASSETS_TITLE = getDataTestSubjectSelector('asset-inventory-test-subj-page-title'); export const FLYOUT_RIGHT_PANEL = getDataTestSubjectSelector('rightSection'); export const FLYOUT_CARDS = getDataTestSubjectSelector('responsive-data-card'); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/data_grid.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/data_grid.ts index 6861fdf24fdf3..94b1da13d5145 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/data_grid.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/data_grid.ts @@ -43,3 +43,6 @@ export const DATA_GRID_FULL_SCREEN = export const DATA_GRID_FIELD_SORT_BTN = '[data-test-subj="dataGridColumnSortingButton"]'; export const DATA_GRID_COLUMN_ORDER_BTN = '[data-test-subj="dataGridColumnSelectorButton"]'; + +export const DATA_GRID_COLUMN_SORTER_SELECTION_BTN = + '[data-test-subj="dataGridColumnSortingSelectionButton"]'; diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/page.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/page.ts index 7cd4eb2afac91..f36bb302ba93c 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/page.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/page.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { getDataTestSubjectSelector } from '../../helpers/common'; + export const PAGE_TITLE = '[data-test-subj="header-page-title"]'; export const NOT_FOUND = '[data-test-subj="notFoundPage"]'; @@ -14,3 +16,5 @@ export const LOADING_SPINNER = '.euiLoadingSpinner'; export const PAGE_CONTENT = '[data-test-subj="pageContainer"]'; export const PAGE_CONTENT_SPINNER = `${PAGE_CONTENT} ${LOADING_SPINNER}`; + +export const NO_PRIVILEGES_BOX = getDataTestSubjectSelector('noPrivilegesPage'); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/toast.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/toast.ts index 3f52d30a05a1a..dfed6a5bb90fa 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/toast.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/common/toast.ts @@ -5,4 +5,13 @@ * 2.0. */ +import { SUCCESS_TOASTER_HEADER, TOASTER_BODY } from '../alerts_detection_rules'; + export const TOAST_CLOSE_BUTTON = '[data-test-subj="toastCloseButton"]'; + +export const assertSuccessToast = (heading: string, msg?: string) => { + cy.get(SUCCESS_TOASTER_HEADER).should('be.visible').should('have.text', heading); + if (msg) { + cy.get(TOASTER_BODY).should('be.visible').should('have.text', msg); + } +}; diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/custom_roles/assign_to_space_flyout.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/custom_roles/assign_to_space_flyout.ts index 2a1255c4429c3..f2581ce220703 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/custom_roles/assign_to_space_flyout.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/screens/custom_roles/assign_to_space_flyout.ts @@ -16,10 +16,10 @@ export const SECURITY_CATEGORY = '[data-test-subj="featureCategory_securitySolut export const SECURITY_FEATURE = `[data-test-subj="featureCategory_securitySolution_${SECURITY_FEATURE_ID}"]`; export const SECURITY_FEATURE_DESCRIPTION = '[data-test-subj="featurePrivilegeDescriptionText"]'; export const SECURITY_SUB_FEATURE_TABLE = - '[data-test-subj="securitySolution_siemV4_subFeaturesTable"]'; + '[data-test-subj="securitySolution_siemV5_subFeaturesTable"]'; export const SOC_MANAGEMENT_SUB_FEATURE = - '[data-test-subj="securitySolution_siemV4_soc_management"]'; + '[data-test-subj="securitySolution_siemV5_soc_management"]'; export const CASES_FEATURE = '[data-test-subj="featureCategory_securitySolution_securitySolutionCasesV3"]'; diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/alerts.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/alerts.ts index c7c14bbe61f62..1aa0d363d4c21 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/alerts.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/alerts.ts @@ -26,6 +26,7 @@ import { ALERT_TAGGING_CONTEXT_MENU_ITEM, ALERT_TAGGING_UPDATE_BUTTON, ALERTS_HISTOGRAM_LEGEND, + ALERTS_TABLE_ROW_LOADER, CELL_ADD_TO_TIMELINE_BUTTON, CELL_FILTER_IN_BUTTON, CELL_FILTER_OUT_BUTTON, @@ -49,6 +50,7 @@ import { SELECT_COUNTS_TABLE, SELECT_HISTOGRAM, SELECT_TREEMAP, + SELECTED_ALERT_TAG, SELECTED_ALERTS, SEND_ALERT_TO_TIMELINE_BTN, SESSION_VIEWER_BUTTON, @@ -560,6 +562,17 @@ export const updateAlertTags = () => { cy.get(ALERT_TAGGING_UPDATE_BUTTON).click(); }; +export const addAlertTagToNAlerts = (alertCount: number, tag = 'Duplicate') => { + selectNumberOfAlerts(alertCount); + openAlertTaggingBulkActionMenu(); + clickAlertTag(tag); + updateAlertTags(); + cy.get(ALERTS_TABLE_ROW_LOADER).should('not.exist'); + selectNumberOfAlerts(alertCount); + openAlertTaggingBulkActionMenu(); + cy.get(SELECTED_ALERT_TAG).contains(tag); +}; + export const showHoverActionsEventRenderedView = (fieldSelector: string) => { cy.get(fieldSelector).first().realHover(); cy.get(HOVER_ACTIONS_CONTAINER).should('be.visible'); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/privileges.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/privileges.ts index 32e1978689e25..e12a49eab2f03 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/privileges.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/privileges.ts @@ -62,7 +62,7 @@ export const secAll: Role = { kibana: [ { feature: { - siemV4: ['all'], + siemV5: ['all'], securitySolutionTimeline: ['all'], securitySolutionNotes: ['all'], securitySolutionAssistant: ['all'], @@ -100,7 +100,7 @@ export const secReadCasesAll: Role = { kibana: [ { feature: { - siemV4: ['read'], + siemV5: ['read'], securitySolutionTimeline: ['all'], securitySolutionNotes: ['all'], securitySolutionAssistant: ['all'], @@ -137,7 +137,7 @@ export const secAllCasesOnlyReadDelete: Role = { kibana: [ { feature: { - siemV4: ['all'], + siemV5: ['all'], securitySolutionTimeline: ['all'], securitySolutionNotes: ['all'], securitySolutionAssistant: ['all'], @@ -174,7 +174,7 @@ export const secAllCasesNoDelete: Role = { kibana: [ { feature: { - siemV4: ['all'], + siemV5: ['all'], securitySolutionTimeline: ['all'], securitySolutionNotes: ['all'], securitySolutionAssistant: ['all'], @@ -197,6 +197,99 @@ export const secAllCasesNoDeleteUser: User = { roles: [secAllCasesNoDelete.name], }; +export const rulesAll: Role = { + name: 'rules_all_role', + privileges: { + elasticsearch: { + indices: [ + { + names: ['*'], + privileges: ['all'], + }, + ], + }, + kibana: [ + { + feature: { + securitySolutionRulesV1: ['all'], + actions: ['all'], + indexPatterns: ['all'], + savedObjectManagement: ['all'], + }, + spaces: ['*'], + }, + ], + }, +}; + +export const rulesAllWithCases: Role = { + name: 'rules_all_role', + privileges: { + elasticsearch: { + indices: [ + { + names: ['*'], + privileges: ['all'], + }, + ], + }, + kibana: [ + { + feature: { + securitySolutionRulesV1: ['all'], + actions: ['all'], + indexPatterns: ['all'], + savedObjectManagement: ['all'], + securitySolutionCasesV3: ['all'], + }, + spaces: ['*'], + }, + ], + }, +}; + +export const rulesRead: Role = { + name: 'rules_read_role', + privileges: { + elasticsearch: { + indices: [ + { + names: ['*'], + privileges: ['all'], + }, + ], + }, + kibana: [ + { + feature: { + securitySolutionRulesV1: ['read'], + savedObjectManagement: ['all'], + indexPatterns: ['all'], + }, + spaces: ['*'], + }, + ], + }, +}; + +export const rulesAllUser: User = { + username: 'rules_all_user', + password: 'password', + roles: [rulesAll.name], +}; + +export const rulesAllWithCasesUser: User = { + username: 'rules_all_with_cases_user', + password: 'password', + roles: [rulesAllWithCases.name], +}; + +export const rulesReadUser: User = { + username: 'rules_read_user', + password: 'password', + roles: [rulesRead.name], +}; + const getUserInfo = (user: User): UserInfo => ({ username: user.username, full_name: user.username.replace('_', ' '), diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/rule_details.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/rule_details.ts index a79d248670fc4..a9e2befe71c46 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/rule_details.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/rule_details.ts @@ -135,6 +135,19 @@ export const goToExecutionLogTab = () => { cy.get(EXECUTIONS_TAB).click(); }; +export const waitForExecutionLogTabToBePopulated = (minRowCount = 1) => { + cy.waitUntil( + () => { + cy.log('Waiting for execution logs to appear in execution log table'); + refreshRuleExecutionTable(); + return getExecutionLogTableRow().then((rows) => { + return rows.length > minRowCount - 1; + }); + }, + { interval: 5000, timeout: 20000 } + ); +}; + export const viewExpiredExceptionItems = () => { cy.get(EXCEPTIONS_TAB_EXPIRED_FILTER).click(); cy.get(EXCEPTIONS_TAB_ACTIVE_FILTER).click(); diff --git a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/table_pagination.ts b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/table_pagination.ts index 1318a5258684e..70b4bf3fb3522 100644 --- a/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/table_pagination.ts +++ b/x-pack/solutions/security/test/security_solution_cypress/cypress/tasks/table_pagination.ts @@ -5,6 +5,10 @@ * 2.0. */ +import { + DATA_GRID_COLUMN_SORTER_SELECTION_BTN, + DATA_GRID_FIELD_SORT_BTN, +} from '../screens/common/data_grid'; import { LOADING_SPINNER } from '../screens/loading'; import { rowsPerPageSelector, @@ -60,3 +64,12 @@ export const expectTableSorting = (columnName: string, direction: 'asc' | 'desc' .parents('.euiTableHeaderCell') .should('have.attr', 'aria-sort', direction === 'asc' ? 'ascending' : 'descending'); }; + +export const sortUsingDataGridBtn = (columnName: string) => { + cy.get(DATA_GRID_FIELD_SORT_BTN).click(); + cy.get(DATA_GRID_COLUMN_SORTER_SELECTION_BTN).click(); + cy.get('[data-test-subj^="dataGridColumnSortingPopoverColumnSelection"]') + .contains(columnName) + .first() + .click(); +}; diff --git a/x-pack/solutions/security/test/serverless/api_integration/test_suites/platform_security/authorization.ts b/x-pack/solutions/security/test/serverless/api_integration/test_suites/platform_security/authorization.ts index cab36c2be3288..589b6afb0907e 100644 --- a/x-pack/solutions/security/test/serverless/api_integration/test_suites/platform_security/authorization.ts +++ b/x-pack/solutions/security/test/serverless/api_integration/test_suites/platform_security/authorization.ts @@ -43,6 +43,7 @@ export default function ({ getService }: FtrProviderContext) { 'siemV2', 'siemV3', 'siemV4', + 'siemV5', ]; const features = Object.fromEntries( @@ -239,14 +240,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readActionsLogManagement", "ui:siem/writeActionsLogManagement", "ui:siem/readActionsLogManagement", - "ui:siemV4/writeActionsLogManagement", - "ui:siemV4/readActionsLogManagement", + "ui:siemV5/writeActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "actions_log_management_read": Array [ "login:", "api:securitySolution-readActionsLogManagement", "ui:siem/readActionsLogManagement", - "ui:siemV4/readActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "all": Array [ "login:", @@ -254,17 +255,23 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:rac", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:timeline_write", "api:timeline_read", "api:notes_write", "api:notes_read", - "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", + "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:securitySolution-writeGlobalArtifacts", "api:securitySolution-showEndpointExceptions", @@ -327,6 +334,66 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", + "saved_object:siem-ui-timeline-note/bulk_get", + "saved_object:siem-ui-timeline-note/get", + "saved_object:siem-ui-timeline-note/find", + "saved_object:siem-ui-timeline-note/open_point_in_time", + "saved_object:siem-ui-timeline-note/close_point_in_time", + "saved_object:siem-ui-timeline-note/create", + "saved_object:siem-ui-timeline-note/bulk_create", + "saved_object:siem-ui-timeline-note/update", + "saved_object:siem-ui-timeline-note/bulk_update", + "saved_object:siem-ui-timeline-note/delete", + "saved_object:siem-ui-timeline-note/bulk_delete", + "saved_object:siem-ui-timeline-note/share_to_space", + "saved_object:siem-ui-timeline-pinned-event/bulk_get", + "saved_object:siem-ui-timeline-pinned-event/get", + "saved_object:siem-ui-timeline-pinned-event/find", + "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/create", + "saved_object:siem-ui-timeline-pinned-event/bulk_create", + "saved_object:siem-ui-timeline-pinned-event/update", + "saved_object:siem-ui-timeline-pinned-event/bulk_update", + "saved_object:siem-ui-timeline-pinned-event/delete", + "saved_object:siem-ui-timeline-pinned-event/bulk_delete", + "saved_object:siem-ui-timeline-pinned-event/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -351,6 +418,18 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security-rule/delete", "saved_object:security-rule/bulk_delete", "saved_object:security-rule/share_to_space", + "saved_object:siem-ui-timeline/bulk_get", + "saved_object:siem-ui-timeline/get", + "saved_object:siem-ui-timeline/find", + "saved_object:siem-ui-timeline/open_point_in_time", + "saved_object:siem-ui-timeline/close_point_in_time", + "saved_object:siem-ui-timeline/create", + "saved_object:siem-ui-timeline/bulk_create", + "saved_object:siem-ui-timeline/update", + "saved_object:siem-ui-timeline/bulk_update", + "saved_object:siem-ui-timeline/delete", + "saved_object:siem-ui-timeline/bulk_delete", + "saved_object:siem-ui-timeline/share_to_space", "saved_object:endpoint:user-artifact-manifest/bulk_get", "saved_object:endpoint:user-artifact-manifest/get", "saved_object:endpoint:user-artifact-manifest/find", @@ -483,78 +562,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", - "saved_object:siem-ui-timeline-note/bulk_get", - "saved_object:siem-ui-timeline-note/get", - "saved_object:siem-ui-timeline-note/find", - "saved_object:siem-ui-timeline-note/open_point_in_time", - "saved_object:siem-ui-timeline-note/close_point_in_time", - "saved_object:siem-ui-timeline-note/create", - "saved_object:siem-ui-timeline-note/bulk_create", - "saved_object:siem-ui-timeline-note/update", - "saved_object:siem-ui-timeline-note/bulk_update", - "saved_object:siem-ui-timeline-note/delete", - "saved_object:siem-ui-timeline-note/bulk_delete", - "saved_object:siem-ui-timeline-note/share_to_space", - "saved_object:siem-ui-timeline-pinned-event/bulk_get", - "saved_object:siem-ui-timeline-pinned-event/get", - "saved_object:siem-ui-timeline-pinned-event/find", - "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/create", - "saved_object:siem-ui-timeline-pinned-event/bulk_create", - "saved_object:siem-ui-timeline-pinned-event/update", - "saved_object:siem-ui-timeline-pinned-event/bulk_update", - "saved_object:siem-ui-timeline-pinned-event/delete", - "saved_object:siem-ui-timeline-pinned-event/bulk_delete", - "saved_object:siem-ui-timeline-pinned-event/share_to_space", - "saved_object:siem-ui-timeline/bulk_get", - "saved_object:siem-ui-timeline/get", - "saved_object:siem-ui-timeline/find", - "saved_object:siem-ui-timeline/open_point_in_time", - "saved_object:siem-ui-timeline/close_point_in_time", - "saved_object:siem-ui-timeline/create", - "saved_object:siem-ui-timeline/bulk_create", - "saved_object:siem-ui-timeline/update", - "saved_object:siem-ui-timeline/bulk_update", - "saved_object:siem-ui-timeline/delete", - "saved_object:siem-ui-timeline/bulk_delete", - "saved_object:siem-ui-timeline/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -1147,16 +1154,20 @@ export default function ({ getService }: FtrProviderContext) { "ui:navLinks/securitySolutionNotes", "ui:securitySolutionNotes/read", "ui:securitySolutionNotes/crud", - "ui:siemV4/show", - "ui:siemV4/crud", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", - "ui:siemV4/writeGlobalArtifacts", - "ui:siemV4/showEndpointExceptions", - "ui:siemV4/crudEndpointExceptions", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:siemV5/writeGlobalArtifacts", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "blocklist_all": Array [ "login:", @@ -1180,9 +1191,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siem/writeBlocklist", "ui:siem/readBlocklist", - "ui:siemV4/writeBlocklist", - "ui:siemV4/readBlocklist", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeBlocklist", + "ui:siemV5/readBlocklist", + "ui:siemV5/writeGlobalArtifacts", ], "blocklist_read": Array [ "login:", @@ -1190,7 +1201,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readBlocklist", "ui:siem/readBlocklist", - "ui:siemV4/readBlocklist", + "ui:siemV5/readBlocklist", ], "endpoint_exceptions_all": Array [ "login:", @@ -1214,9 +1225,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siem/showEndpointExceptions", "ui:siem/crudEndpointExceptions", - "ui:siemV4/showEndpointExceptions", - "ui:siemV4/crudEndpointExceptions", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", + "ui:siemV5/writeGlobalArtifacts", ], "endpoint_exceptions_read": Array [ "login:", @@ -1224,7 +1235,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-showEndpointExceptions", "ui:siem/showEndpointExceptions", - "ui:siemV4/showEndpointExceptions", + "ui:siemV5/showEndpointExceptions", ], "endpoint_list_all": Array [ "login:", @@ -1232,14 +1243,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readEndpointList", "ui:siem/writeEndpointList", "ui:siem/readEndpointList", - "ui:siemV4/writeEndpointList", - "ui:siemV4/readEndpointList", + "ui:siemV5/writeEndpointList", + "ui:siemV5/readEndpointList", ], "endpoint_list_read": Array [ "login:", "api:securitySolution-readEndpointList", "ui:siem/readEndpointList", - "ui:siemV4/readEndpointList", + "ui:siemV5/readEndpointList", ], "event_filters_all": Array [ "login:", @@ -1263,9 +1274,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siem/writeEventFilters", "ui:siem/readEventFilters", - "ui:siemV4/writeEventFilters", - "ui:siemV4/readEventFilters", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeEventFilters", + "ui:siemV5/readEventFilters", + "ui:siemV5/writeGlobalArtifacts", ], "event_filters_read": Array [ "login:", @@ -1273,19 +1284,19 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readEventFilters", "ui:siem/readEventFilters", - "ui:siemV4/readEventFilters", + "ui:siemV5/readEventFilters", ], "execute_operations_all": Array [ "login:", "api:securitySolution-writeExecuteOperations", "ui:siem/writeExecuteOperations", - "ui:siemV4/writeExecuteOperations", + "ui:siemV5/writeExecuteOperations", ], "file_operations_all": Array [ "login:", "api:securitySolution-writeFileOperations", "ui:siem/writeFileOperations", - "ui:siemV4/writeFileOperations", + "ui:siemV5/writeFileOperations", ], "host_isolation_all": Array [ "login:", @@ -1293,8 +1304,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-writeHostIsolation", "ui:siem/writeHostIsolationRelease", "ui:siem/writeHostIsolation", - "ui:siemV4/writeHostIsolationRelease", - "ui:siemV4/writeHostIsolation", + "ui:siemV5/writeHostIsolationRelease", + "ui:siemV5/writeHostIsolation", ], "host_isolation_exceptions_all": Array [ "login:", @@ -1322,11 +1333,11 @@ export default function ({ getService }: FtrProviderContext) { "ui:siem/deleteHostIsolationExceptions", "ui:siem/accessHostIsolationExceptions", "ui:siem/writeHostIsolationExceptions", - "ui:siemV4/readHostIsolationExceptions", - "ui:siemV4/deleteHostIsolationExceptions", - "ui:siemV4/accessHostIsolationExceptions", - "ui:siemV4/writeHostIsolationExceptions", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/deleteHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", + "ui:siemV5/writeHostIsolationExceptions", + "ui:siemV5/writeGlobalArtifacts", ], "host_isolation_exceptions_read": Array [ "login:", @@ -1336,8 +1347,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-accessHostIsolationExceptions", "ui:siem/readHostIsolationExceptions", "ui:siem/accessHostIsolationExceptions", - "ui:siemV4/readHostIsolationExceptions", - "ui:siemV4/accessHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", ], "minimal_all": Array [ "login:", @@ -1345,17 +1356,23 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:rac", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:timeline_write", "api:timeline_read", "api:notes_write", "api:notes_read", - "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", + "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:securitySolution-writeGlobalArtifacts", "app:securitySolution", @@ -1416,6 +1433,66 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", + "saved_object:siem-ui-timeline-note/bulk_get", + "saved_object:siem-ui-timeline-note/get", + "saved_object:siem-ui-timeline-note/find", + "saved_object:siem-ui-timeline-note/open_point_in_time", + "saved_object:siem-ui-timeline-note/close_point_in_time", + "saved_object:siem-ui-timeline-note/create", + "saved_object:siem-ui-timeline-note/bulk_create", + "saved_object:siem-ui-timeline-note/update", + "saved_object:siem-ui-timeline-note/bulk_update", + "saved_object:siem-ui-timeline-note/delete", + "saved_object:siem-ui-timeline-note/bulk_delete", + "saved_object:siem-ui-timeline-note/share_to_space", + "saved_object:siem-ui-timeline-pinned-event/bulk_get", + "saved_object:siem-ui-timeline-pinned-event/get", + "saved_object:siem-ui-timeline-pinned-event/find", + "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/create", + "saved_object:siem-ui-timeline-pinned-event/bulk_create", + "saved_object:siem-ui-timeline-pinned-event/update", + "saved_object:siem-ui-timeline-pinned-event/bulk_update", + "saved_object:siem-ui-timeline-pinned-event/delete", + "saved_object:siem-ui-timeline-pinned-event/bulk_delete", + "saved_object:siem-ui-timeline-pinned-event/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -1440,15 +1517,27 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security-rule/delete", "saved_object:security-rule/bulk_delete", "saved_object:security-rule/share_to_space", - "saved_object:endpoint:user-artifact-manifest/bulk_get", - "saved_object:endpoint:user-artifact-manifest/get", - "saved_object:endpoint:user-artifact-manifest/find", - "saved_object:endpoint:user-artifact-manifest/open_point_in_time", - "saved_object:endpoint:user-artifact-manifest/close_point_in_time", - "saved_object:endpoint:user-artifact-manifest/create", - "saved_object:endpoint:user-artifact-manifest/bulk_create", - "saved_object:endpoint:user-artifact-manifest/update", - "saved_object:endpoint:user-artifact-manifest/bulk_update", + "saved_object:siem-ui-timeline/bulk_get", + "saved_object:siem-ui-timeline/get", + "saved_object:siem-ui-timeline/find", + "saved_object:siem-ui-timeline/open_point_in_time", + "saved_object:siem-ui-timeline/close_point_in_time", + "saved_object:siem-ui-timeline/create", + "saved_object:siem-ui-timeline/bulk_create", + "saved_object:siem-ui-timeline/update", + "saved_object:siem-ui-timeline/bulk_update", + "saved_object:siem-ui-timeline/delete", + "saved_object:siem-ui-timeline/bulk_delete", + "saved_object:siem-ui-timeline/share_to_space", + "saved_object:endpoint:user-artifact-manifest/bulk_get", + "saved_object:endpoint:user-artifact-manifest/get", + "saved_object:endpoint:user-artifact-manifest/find", + "saved_object:endpoint:user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:user-artifact-manifest/create", + "saved_object:endpoint:user-artifact-manifest/bulk_create", + "saved_object:endpoint:user-artifact-manifest/update", + "saved_object:endpoint:user-artifact-manifest/bulk_update", "saved_object:endpoint:user-artifact-manifest/delete", "saved_object:endpoint:user-artifact-manifest/bulk_delete", "saved_object:endpoint:user-artifact-manifest/share_to_space", @@ -1572,78 +1661,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", - "saved_object:siem-ui-timeline-note/bulk_get", - "saved_object:siem-ui-timeline-note/get", - "saved_object:siem-ui-timeline-note/find", - "saved_object:siem-ui-timeline-note/open_point_in_time", - "saved_object:siem-ui-timeline-note/close_point_in_time", - "saved_object:siem-ui-timeline-note/create", - "saved_object:siem-ui-timeline-note/bulk_create", - "saved_object:siem-ui-timeline-note/update", - "saved_object:siem-ui-timeline-note/bulk_update", - "saved_object:siem-ui-timeline-note/delete", - "saved_object:siem-ui-timeline-note/bulk_delete", - "saved_object:siem-ui-timeline-note/share_to_space", - "saved_object:siem-ui-timeline-pinned-event/bulk_get", - "saved_object:siem-ui-timeline-pinned-event/get", - "saved_object:siem-ui-timeline-pinned-event/find", - "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/create", - "saved_object:siem-ui-timeline-pinned-event/bulk_create", - "saved_object:siem-ui-timeline-pinned-event/update", - "saved_object:siem-ui-timeline-pinned-event/bulk_update", - "saved_object:siem-ui-timeline-pinned-event/delete", - "saved_object:siem-ui-timeline-pinned-event/bulk_delete", - "saved_object:siem-ui-timeline-pinned-event/share_to_space", - "saved_object:siem-ui-timeline/bulk_get", - "saved_object:siem-ui-timeline/get", - "saved_object:siem-ui-timeline/find", - "saved_object:siem-ui-timeline/open_point_in_time", - "saved_object:siem-ui-timeline/close_point_in_time", - "saved_object:siem-ui-timeline/create", - "saved_object:siem-ui-timeline/bulk_create", - "saved_object:siem-ui-timeline/update", - "saved_object:siem-ui-timeline/bulk_update", - "saved_object:siem-ui-timeline/delete", - "saved_object:siem-ui-timeline/bulk_delete", - "saved_object:siem-ui-timeline/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -2234,25 +2251,33 @@ export default function ({ getService }: FtrProviderContext) { "ui:navLinks/securitySolutionNotes", "ui:securitySolutionNotes/read", "ui:securitySolutionNotes/crud", - "ui:siemV4/show", - "ui:siemV4/crud", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "minimal_read": Array [ "login:", "api:securitySolution", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:rac", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:timeline_read", "api:notes_read", - "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", + "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", "app:csp", @@ -2279,6 +2304,31 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:siem-ui-timeline-note/bulk_get", + "saved_object:siem-ui-timeline-note/get", + "saved_object:siem-ui-timeline-note/find", + "saved_object:siem-ui-timeline-note/open_point_in_time", + "saved_object:siem-ui-timeline-note/close_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/bulk_get", + "saved_object:siem-ui-timeline-pinned-event/get", + "saved_object:siem-ui-timeline-pinned-event/find", + "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -2289,6 +2339,11 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security-rule/find", "saved_object:security-rule/open_point_in_time", "saved_object:security-rule/close_point_in_time", + "saved_object:siem-ui-timeline/bulk_get", + "saved_object:siem-ui-timeline/get", + "saved_object:siem-ui-timeline/find", + "saved_object:siem-ui-timeline/open_point_in_time", + "saved_object:siem-ui-timeline/close_point_in_time", "saved_object:endpoint:user-artifact-manifest/bulk_get", "saved_object:endpoint:user-artifact-manifest/get", "saved_object:endpoint:user-artifact-manifest/find", @@ -2344,36 +2399,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:siem-ui-timeline-note/bulk_get", - "saved_object:siem-ui-timeline-note/get", - "saved_object:siem-ui-timeline-note/find", - "saved_object:siem-ui-timeline-note/open_point_in_time", - "saved_object:siem-ui-timeline-note/close_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/bulk_get", - "saved_object:siem-ui-timeline-pinned-event/get", - "saved_object:siem-ui-timeline-pinned-event/find", - "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", - "saved_object:siem-ui-timeline/bulk_get", - "saved_object:siem-ui-timeline/get", - "saved_object:siem-ui-timeline/find", - "saved_object:siem-ui-timeline/open_point_in_time", - "saved_object:siem-ui-timeline/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -2661,12 +2686,15 @@ export default function ({ getService }: FtrProviderContext) { "ui:securitySolutionTimeline/read", "ui:navLinks/securitySolutionNotes", "ui:securitySolutionNotes/read", - "ui:siemV4/show", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "policy_management_all": Array [ "login:", @@ -2686,8 +2714,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/share_to_space", "ui:siem/writePolicyManagement", "ui:siem/readPolicyManagement", - "ui:siemV4/writePolicyManagement", - "ui:siemV4/readPolicyManagement", + "ui:siemV5/writePolicyManagement", + "ui:siemV5/readPolicyManagement", ], "policy_management_read": Array [ "login:", @@ -2698,25 +2726,29 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/open_point_in_time", "saved_object:policy-settings-protection-updates-note/close_point_in_time", "ui:siem/readPolicyManagement", - "ui:siemV4/readPolicyManagement", + "ui:siemV5/readPolicyManagement", ], "process_operations_all": Array [ "login:", "api:securitySolution-writeProcessOperations", "ui:siem/writeProcessOperations", - "ui:siemV4/writeProcessOperations", + "ui:siemV5/writeProcessOperations", ], "read": Array [ "login:", "api:securitySolution", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:rac", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:timeline_read", "api:notes_read", - "api:bulkGetUserProfiles", "api:securitySolution-entity-analytics", + "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:lists-summary", "api:securitySolution-showEndpointExceptions", @@ -2745,6 +2777,31 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:siem-ui-timeline-note/bulk_get", + "saved_object:siem-ui-timeline-note/get", + "saved_object:siem-ui-timeline-note/find", + "saved_object:siem-ui-timeline-note/open_point_in_time", + "saved_object:siem-ui-timeline-note/close_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/bulk_get", + "saved_object:siem-ui-timeline-pinned-event/get", + "saved_object:siem-ui-timeline-pinned-event/find", + "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", + "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -2755,6 +2812,11 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security-rule/find", "saved_object:security-rule/open_point_in_time", "saved_object:security-rule/close_point_in_time", + "saved_object:siem-ui-timeline/bulk_get", + "saved_object:siem-ui-timeline/get", + "saved_object:siem-ui-timeline/find", + "saved_object:siem-ui-timeline/open_point_in_time", + "saved_object:siem-ui-timeline/close_point_in_time", "saved_object:endpoint:user-artifact-manifest/bulk_get", "saved_object:endpoint:user-artifact-manifest/get", "saved_object:endpoint:user-artifact-manifest/find", @@ -2810,36 +2872,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:siem-ui-timeline-note/bulk_get", - "saved_object:siem-ui-timeline-note/get", - "saved_object:siem-ui-timeline-note/find", - "saved_object:siem-ui-timeline-note/open_point_in_time", - "saved_object:siem-ui-timeline-note/close_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/bulk_get", - "saved_object:siem-ui-timeline-pinned-event/get", - "saved_object:siem-ui-timeline-pinned-event/find", - "saved_object:siem-ui-timeline-pinned-event/open_point_in_time", - "saved_object:siem-ui-timeline-pinned-event/close_point_in_time", - "saved_object:siem-ui-timeline/bulk_get", - "saved_object:siem-ui-timeline/get", - "saved_object:siem-ui-timeline/find", - "saved_object:siem-ui-timeline/open_point_in_time", - "saved_object:siem-ui-timeline/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -3128,25 +3160,28 @@ export default function ({ getService }: FtrProviderContext) { "ui:securitySolutionTimeline/read", "ui:navLinks/securitySolutionNotes", "ui:securitySolutionNotes/read", - "ui:siemV4/show", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", - "ui:siemV4/showEndpointExceptions", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:siemV5/showEndpointExceptions", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "scan_operations_all": Array [ "login:", "api:securitySolution-writeScanOperations", "ui:siem/writeScanOperations", - "ui:siemV4/writeScanOperations", + "ui:siemV5/writeScanOperations", ], "soc_management_all": Array [ "login:", "api:securitySolution-socManagement", "ui:siem/socManagement", - "ui:siemV4/socManagement", + "ui:siemV5/socManagement", ], "trusted_applications_all": Array [ "login:", @@ -3170,9 +3205,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siem/writeTrustedApplications", "ui:siem/readTrustedApplications", - "ui:siemV4/writeTrustedApplications", - "ui:siemV4/readTrustedApplications", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeTrustedApplications", + "ui:siemV5/readTrustedApplications", + "ui:siemV5/writeGlobalArtifacts", ], "trusted_applications_read": Array [ "login:", @@ -3180,7 +3215,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readTrustedApplications", "ui:siem/readTrustedApplications", - "ui:siemV4/readTrustedApplications", + "ui:siemV5/readTrustedApplications", ], }, "siemV2": Object { @@ -3190,14 +3225,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readActionsLogManagement", "ui:siemV2/writeActionsLogManagement", "ui:siemV2/readActionsLogManagement", - "ui:siemV4/writeActionsLogManagement", - "ui:siemV4/readActionsLogManagement", + "ui:siemV5/writeActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "actions_log_management_read": Array [ "login:", "api:securitySolution-readActionsLogManagement", "ui:siemV2/readActionsLogManagement", - "ui:siemV4/readActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "all": Array [ "login:", @@ -3206,11 +3241,17 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:securitySolution-writeGlobalArtifacts", @@ -3274,12 +3315,48 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", - "saved_object:siem-detection-engine-rule-actions/bulk_get", - "saved_object:siem-detection-engine-rule-actions/get", - "saved_object:siem-detection-engine-rule-actions/find", - "saved_object:siem-detection-engine-rule-actions/open_point_in_time", - "saved_object:siem-detection-engine-rule-actions/close_point_in_time", - "saved_object:siem-detection-engine-rule-actions/create", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", + "saved_object:siem-detection-engine-rule-actions/bulk_get", + "saved_object:siem-detection-engine-rule-actions/get", + "saved_object:siem-detection-engine-rule-actions/find", + "saved_object:siem-detection-engine-rule-actions/open_point_in_time", + "saved_object:siem-detection-engine-rule-actions/close_point_in_time", + "saved_object:siem-detection-engine-rule-actions/create", "saved_object:siem-detection-engine-rule-actions/bulk_create", "saved_object:siem-detection-engine-rule-actions/update", "saved_object:siem-detection-engine-rule-actions/bulk_update", @@ -3430,42 +3507,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -4036,16 +4077,20 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/save", "ui:visualize_v2/createShortUrl", "ui:visualize_v2/generateScreenshot", - "ui:siemV4/show", - "ui:siemV4/crud", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", - "ui:siemV4/writeGlobalArtifacts", - "ui:siemV4/showEndpointExceptions", - "ui:siemV4/crudEndpointExceptions", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:siemV5/writeGlobalArtifacts", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "blocklist_all": Array [ "login:", @@ -4069,9 +4114,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV2/writeBlocklist", "ui:siemV2/readBlocklist", - "ui:siemV4/writeBlocklist", - "ui:siemV4/readBlocklist", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeBlocklist", + "ui:siemV5/readBlocklist", + "ui:siemV5/writeGlobalArtifacts", ], "blocklist_read": Array [ "login:", @@ -4079,7 +4124,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readBlocklist", "ui:siemV2/readBlocklist", - "ui:siemV4/readBlocklist", + "ui:siemV5/readBlocklist", ], "endpoint_exceptions_all": Array [ "login:", @@ -4103,9 +4148,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV2/showEndpointExceptions", "ui:siemV2/crudEndpointExceptions", - "ui:siemV4/showEndpointExceptions", - "ui:siemV4/crudEndpointExceptions", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", + "ui:siemV5/writeGlobalArtifacts", ], "endpoint_exceptions_read": Array [ "login:", @@ -4113,7 +4158,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-showEndpointExceptions", "ui:siemV2/showEndpointExceptions", - "ui:siemV4/showEndpointExceptions", + "ui:siemV5/showEndpointExceptions", ], "endpoint_list_all": Array [ "login:", @@ -4121,14 +4166,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readEndpointList", "ui:siemV2/writeEndpointList", "ui:siemV2/readEndpointList", - "ui:siemV4/writeEndpointList", - "ui:siemV4/readEndpointList", + "ui:siemV5/writeEndpointList", + "ui:siemV5/readEndpointList", ], "endpoint_list_read": Array [ "login:", "api:securitySolution-readEndpointList", "ui:siemV2/readEndpointList", - "ui:siemV4/readEndpointList", + "ui:siemV5/readEndpointList", ], "event_filters_all": Array [ "login:", @@ -4152,9 +4197,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV2/writeEventFilters", "ui:siemV2/readEventFilters", - "ui:siemV4/writeEventFilters", - "ui:siemV4/readEventFilters", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeEventFilters", + "ui:siemV5/readEventFilters", + "ui:siemV5/writeGlobalArtifacts", ], "event_filters_read": Array [ "login:", @@ -4162,25 +4207,25 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readEventFilters", "ui:siemV2/readEventFilters", - "ui:siemV4/readEventFilters", + "ui:siemV5/readEventFilters", ], "execute_operations_all": Array [ "login:", "api:securitySolution-writeExecuteOperations", "ui:siemV2/writeExecuteOperations", - "ui:siemV4/writeExecuteOperations", + "ui:siemV5/writeExecuteOperations", ], "file_operations_all": Array [ "login:", "api:securitySolution-writeFileOperations", "ui:siemV2/writeFileOperations", - "ui:siemV4/writeFileOperations", + "ui:siemV5/writeFileOperations", ], "global_artifact_management_all": Array [ "login:", "api:securitySolution-writeGlobalArtifacts", "ui:siemV2/writeGlobalArtifacts", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeGlobalArtifacts", ], "host_isolation_all": Array [ "login:", @@ -4188,8 +4233,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-writeHostIsolation", "ui:siemV2/writeHostIsolationRelease", "ui:siemV2/writeHostIsolation", - "ui:siemV4/writeHostIsolationRelease", - "ui:siemV4/writeHostIsolation", + "ui:siemV5/writeHostIsolationRelease", + "ui:siemV5/writeHostIsolation", ], "host_isolation_exceptions_all": Array [ "login:", @@ -4217,11 +4262,11 @@ export default function ({ getService }: FtrProviderContext) { "ui:siemV2/deleteHostIsolationExceptions", "ui:siemV2/accessHostIsolationExceptions", "ui:siemV2/writeHostIsolationExceptions", - "ui:siemV4/readHostIsolationExceptions", - "ui:siemV4/deleteHostIsolationExceptions", - "ui:siemV4/accessHostIsolationExceptions", - "ui:siemV4/writeHostIsolationExceptions", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/deleteHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", + "ui:siemV5/writeHostIsolationExceptions", + "ui:siemV5/writeGlobalArtifacts", ], "host_isolation_exceptions_read": Array [ "login:", @@ -4231,8 +4276,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-accessHostIsolationExceptions", "ui:siemV2/readHostIsolationExceptions", "ui:siemV2/accessHostIsolationExceptions", - "ui:siemV4/readHostIsolationExceptions", - "ui:siemV4/accessHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", ], "minimal_all": Array [ "login:", @@ -4241,11 +4286,17 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:securitySolution-writeGlobalArtifacts", @@ -4307,6 +4358,42 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -4463,42 +4550,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -5067,22 +5118,30 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/save", "ui:visualize_v2/createShortUrl", "ui:visualize_v2/generateScreenshot", - "ui:siemV4/show", - "ui:siemV4/crud", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "minimal_read": Array [ "login:", "api:securitySolution", "api:rac", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -5110,6 +5169,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -5175,21 +5249,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -5466,12 +5525,15 @@ export default function ({ getService }: FtrProviderContext) { "ui:navLinks/lens", "ui:visualize_v2/show", "ui:visualize_v2/createShortUrl", - "ui:siemV4/show", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "policy_management_all": Array [ "login:", @@ -5491,8 +5553,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/share_to_space", "ui:siemV2/writePolicyManagement", "ui:siemV2/readPolicyManagement", - "ui:siemV4/writePolicyManagement", - "ui:siemV4/readPolicyManagement", + "ui:siemV5/writePolicyManagement", + "ui:siemV5/readPolicyManagement", ], "policy_management_read": Array [ "login:", @@ -5503,22 +5565,26 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/open_point_in_time", "saved_object:policy-settings-protection-updates-note/close_point_in_time", "ui:siemV2/readPolicyManagement", - "ui:siemV4/readPolicyManagement", + "ui:siemV5/readPolicyManagement", ], "process_operations_all": Array [ "login:", "api:securitySolution-writeProcessOperations", "ui:siemV2/writeProcessOperations", - "ui:siemV4/writeProcessOperations", + "ui:siemV5/writeProcessOperations", ], "read": Array [ "login:", "api:securitySolution", "api:rac", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:lists-summary", @@ -5548,6 +5614,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -5613,21 +5694,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -5905,25 +5971,28 @@ export default function ({ getService }: FtrProviderContext) { "ui:navLinks/lens", "ui:visualize_v2/show", "ui:visualize_v2/createShortUrl", - "ui:siemV4/show", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", - "ui:siemV4/showEndpointExceptions", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:siemV5/showEndpointExceptions", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "scan_operations_all": Array [ "login:", "api:securitySolution-writeScanOperations", "ui:siemV2/writeScanOperations", - "ui:siemV4/writeScanOperations", + "ui:siemV5/writeScanOperations", ], "soc_management_all": Array [ "login:", "api:securitySolution-socManagement", "ui:siemV2/socManagement", - "ui:siemV4/socManagement", + "ui:siemV5/socManagement", ], "trusted_applications_all": Array [ "login:", @@ -5947,9 +6016,9 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV2/writeTrustedApplications", "ui:siemV2/readTrustedApplications", - "ui:siemV4/writeTrustedApplications", - "ui:siemV4/readTrustedApplications", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeTrustedApplications", + "ui:siemV5/readTrustedApplications", + "ui:siemV5/writeGlobalArtifacts", ], "trusted_applications_read": Array [ "login:", @@ -5957,7 +6026,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readTrustedApplications", "ui:siemV2/readTrustedApplications", - "ui:siemV4/readTrustedApplications", + "ui:siemV5/readTrustedApplications", ], "workflow_insights_all": Array [ "login:", @@ -5965,14 +6034,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readWorkflowInsights", "ui:siemV2/writeWorkflowInsights", "ui:siemV2/readWorkflowInsights", - "ui:siemV4/writeWorkflowInsights", - "ui:siemV4/readWorkflowInsights", + "ui:siemV5/writeWorkflowInsights", + "ui:siemV5/readWorkflowInsights", ], "workflow_insights_read": Array [ "login:", "api:securitySolution-readWorkflowInsights", "ui:siemV2/readWorkflowInsights", - "ui:siemV4/readWorkflowInsights", + "ui:siemV5/readWorkflowInsights", ], }, "siemV3": Object { @@ -5982,14 +6051,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readActionsLogManagement", "ui:siemV3/writeActionsLogManagement", "ui:siemV3/readActionsLogManagement", - "ui:siemV4/writeActionsLogManagement", - "ui:siemV4/readActionsLogManagement", + "ui:siemV5/writeActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "actions_log_management_read": Array [ "login:", "api:securitySolution-readActionsLogManagement", "ui:siemV3/readActionsLogManagement", - "ui:siemV4/readActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "all": Array [ "login:", @@ -5998,11 +6067,17 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:securitySolution-showEndpointExceptions", @@ -6063,6 +6138,42 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -6219,42 +6330,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -6826,15 +6901,19 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/createShortUrl", "ui:visualize_v2/generateScreenshot", "ui:navLinks/cloudDefend", - "ui:siemV4/show", - "ui:siemV4/crud", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", - "ui:siemV4/showEndpointExceptions", - "ui:siemV4/crudEndpointExceptions", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "blocklist_all": Array [ "login:", @@ -6857,8 +6936,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV3/writeBlocklist", "ui:siemV3/readBlocklist", - "ui:siemV4/writeBlocklist", - "ui:siemV4/readBlocklist", + "ui:siemV5/writeBlocklist", + "ui:siemV5/readBlocklist", ], "blocklist_read": Array [ "login:", @@ -6866,7 +6945,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readBlocklist", "ui:siemV3/readBlocklist", - "ui:siemV4/readBlocklist", + "ui:siemV5/readBlocklist", ], "endpoint_exceptions_all": Array [ "login:", @@ -6889,8 +6968,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV3/showEndpointExceptions", "ui:siemV3/crudEndpointExceptions", - "ui:siemV4/showEndpointExceptions", - "ui:siemV4/crudEndpointExceptions", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", ], "endpoint_exceptions_read": Array [ "login:", @@ -6898,7 +6977,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-showEndpointExceptions", "ui:siemV3/showEndpointExceptions", - "ui:siemV4/showEndpointExceptions", + "ui:siemV5/showEndpointExceptions", ], "endpoint_list_all": Array [ "login:", @@ -6906,14 +6985,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readEndpointList", "ui:siemV3/writeEndpointList", "ui:siemV3/readEndpointList", - "ui:siemV4/writeEndpointList", - "ui:siemV4/readEndpointList", + "ui:siemV5/writeEndpointList", + "ui:siemV5/readEndpointList", ], "endpoint_list_read": Array [ "login:", "api:securitySolution-readEndpointList", "ui:siemV3/readEndpointList", - "ui:siemV4/readEndpointList", + "ui:siemV5/readEndpointList", ], "event_filters_all": Array [ "login:", @@ -6936,8 +7015,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV3/writeEventFilters", "ui:siemV3/readEventFilters", - "ui:siemV4/writeEventFilters", - "ui:siemV4/readEventFilters", + "ui:siemV5/writeEventFilters", + "ui:siemV5/readEventFilters", ], "event_filters_read": Array [ "login:", @@ -6945,25 +7024,25 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readEventFilters", "ui:siemV3/readEventFilters", - "ui:siemV4/readEventFilters", + "ui:siemV5/readEventFilters", ], "execute_operations_all": Array [ "login:", "api:securitySolution-writeExecuteOperations", "ui:siemV3/writeExecuteOperations", - "ui:siemV4/writeExecuteOperations", + "ui:siemV5/writeExecuteOperations", ], "file_operations_all": Array [ "login:", "api:securitySolution-writeFileOperations", "ui:siemV3/writeFileOperations", - "ui:siemV4/writeFileOperations", + "ui:siemV5/writeFileOperations", ], "global_artifact_management_all": Array [ "login:", "api:securitySolution-writeGlobalArtifacts", "ui:siemV3/writeGlobalArtifacts", - "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeGlobalArtifacts", ], "host_isolation_all": Array [ "login:", @@ -6971,8 +7050,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-writeHostIsolation", "ui:siemV3/writeHostIsolationRelease", "ui:siemV3/writeHostIsolation", - "ui:siemV4/writeHostIsolationRelease", - "ui:siemV4/writeHostIsolation", + "ui:siemV5/writeHostIsolationRelease", + "ui:siemV5/writeHostIsolation", ], "host_isolation_exceptions_all": Array [ "login:", @@ -6999,10 +7078,10 @@ export default function ({ getService }: FtrProviderContext) { "ui:siemV3/deleteHostIsolationExceptions", "ui:siemV3/accessHostIsolationExceptions", "ui:siemV3/writeHostIsolationExceptions", - "ui:siemV4/readHostIsolationExceptions", - "ui:siemV4/deleteHostIsolationExceptions", - "ui:siemV4/accessHostIsolationExceptions", - "ui:siemV4/writeHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/deleteHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", + "ui:siemV5/writeHostIsolationExceptions", ], "host_isolation_exceptions_read": Array [ "login:", @@ -7012,8 +7091,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-accessHostIsolationExceptions", "ui:siemV3/readHostIsolationExceptions", "ui:siemV3/accessHostIsolationExceptions", - "ui:siemV4/readHostIsolationExceptions", - "ui:siemV4/accessHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", ], "minimal_all": Array [ "login:", @@ -7022,11 +7101,17 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -7085,6 +7170,42 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -7241,42 +7362,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -7846,22 +7931,30 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/createShortUrl", "ui:visualize_v2/generateScreenshot", "ui:navLinks/cloudDefend", - "ui:siemV4/show", - "ui:siemV4/crud", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "minimal_read": Array [ "login:", "api:securitySolution", "api:rac", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -7887,6 +7980,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -7952,21 +8060,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -8244,12 +8337,15 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/show", "ui:visualize_v2/createShortUrl", "ui:navLinks/cloudDefend", - "ui:siemV4/show", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "policy_management_all": Array [ "login:", @@ -8269,8 +8365,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/share_to_space", "ui:siemV3/writePolicyManagement", "ui:siemV3/readPolicyManagement", - "ui:siemV4/writePolicyManagement", - "ui:siemV4/readPolicyManagement", + "ui:siemV5/writePolicyManagement", + "ui:siemV5/readPolicyManagement", ], "policy_management_read": Array [ "login:", @@ -8281,22 +8377,26 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/open_point_in_time", "saved_object:policy-settings-protection-updates-note/close_point_in_time", "ui:siemV3/readPolicyManagement", - "ui:siemV4/readPolicyManagement", + "ui:siemV5/readPolicyManagement", ], "process_operations_all": Array [ "login:", "api:securitySolution-writeProcessOperations", "ui:siemV3/writeProcessOperations", - "ui:siemV4/writeProcessOperations", + "ui:siemV5/writeProcessOperations", ], "read": Array [ "login:", "api:securitySolution", "api:rac", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "api:lists-summary", @@ -8324,12 +8424,27 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", - "saved_object:siem-detection-engine-rule-actions/bulk_get", - "saved_object:siem-detection-engine-rule-actions/get", - "saved_object:siem-detection-engine-rule-actions/find", - "saved_object:siem-detection-engine-rule-actions/open_point_in_time", - "saved_object:siem-detection-engine-rule-actions/close_point_in_time", - "saved_object:security-rule/bulk_get", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:siem-detection-engine-rule-actions/bulk_get", + "saved_object:siem-detection-engine-rule-actions/get", + "saved_object:siem-detection-engine-rule-actions/find", + "saved_object:siem-detection-engine-rule-actions/open_point_in_time", + "saved_object:siem-detection-engine-rule-actions/close_point_in_time", + "saved_object:security-rule/bulk_get", "saved_object:security-rule/get", "saved_object:security-rule/find", "saved_object:security-rule/open_point_in_time", @@ -8389,21 +8504,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -8682,25 +8782,28 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/show", "ui:visualize_v2/createShortUrl", "ui:navLinks/cloudDefend", - "ui:siemV4/show", - "ui:siemV4/entity-analytics", - "ui:siemV4/detections", - "ui:siemV4/investigation-guide", - "ui:siemV4/investigation-guide-interactions", - "ui:siemV4/threat-intelligence", - "ui:siemV4/showEndpointExceptions", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:siemV5/showEndpointExceptions", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "scan_operations_all": Array [ "login:", "api:securitySolution-writeScanOperations", "ui:siemV3/writeScanOperations", - "ui:siemV4/writeScanOperations", + "ui:siemV5/writeScanOperations", ], "soc_management_all": Array [ "login:", "api:securitySolution-socManagement", "ui:siemV3/socManagement", - "ui:siemV4/socManagement", + "ui:siemV5/socManagement", ], "trusted_applications_all": Array [ "login:", @@ -8723,8 +8826,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV3/writeTrustedApplications", "ui:siemV3/readTrustedApplications", - "ui:siemV4/writeTrustedApplications", - "ui:siemV4/readTrustedApplications", + "ui:siemV5/writeTrustedApplications", + "ui:siemV5/readTrustedApplications", ], "trusted_applications_read": Array [ "login:", @@ -8732,7 +8835,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readTrustedApplications", "ui:siemV3/readTrustedApplications", - "ui:siemV4/readTrustedApplications", + "ui:siemV5/readTrustedApplications", ], "trusted_devices_all": Array [ "login:", @@ -8755,8 +8858,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV3/writeTrustedDevices", "ui:siemV3/readTrustedDevices", - "ui:siemV4/writeTrustedDevices", - "ui:siemV4/readTrustedDevices", + "ui:siemV5/writeTrustedDevices", + "ui:siemV5/readTrustedDevices", ], "trusted_devices_read": Array [ "login:", @@ -8764,7 +8867,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readTrustedDevices", "ui:siemV3/readTrustedDevices", - "ui:siemV4/readTrustedDevices", + "ui:siemV5/readTrustedDevices", ], "workflow_insights_all": Array [ "login:", @@ -8772,14 +8875,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readWorkflowInsights", "ui:siemV3/writeWorkflowInsights", "ui:siemV3/readWorkflowInsights", - "ui:siemV4/writeWorkflowInsights", - "ui:siemV4/readWorkflowInsights", + "ui:siemV5/writeWorkflowInsights", + "ui:siemV5/readWorkflowInsights", ], "workflow_insights_read": Array [ "login:", "api:securitySolution-readWorkflowInsights", "ui:siemV3/readWorkflowInsights", - "ui:siemV4/readWorkflowInsights", + "ui:siemV5/readWorkflowInsights", ], }, "siemV4": Object { @@ -8789,11 +8892,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readActionsLogManagement", "ui:siemV4/writeActionsLogManagement", "ui:siemV4/readActionsLogManagement", + "ui:siemV5/writeActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "actions_log_management_read": Array [ "login:", "api:securitySolution-readActionsLogManagement", "ui:siemV4/readActionsLogManagement", + "ui:siemV5/readActionsLogManagement", ], "all": Array [ "login:", @@ -8802,11 +8908,17 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -8867,6 +8979,42 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -9023,42 +9171,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -9627,6 +9739,17 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/save", "ui:visualize_v2/createShortUrl", "ui:visualize_v2/generateScreenshot", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "blocklist_all": Array [ "login:", @@ -9649,6 +9772,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV4/writeBlocklist", "ui:siemV4/readBlocklist", + "ui:siemV5/writeBlocklist", + "ui:siemV5/readBlocklist", ], "blocklist_read": Array [ "login:", @@ -9656,6 +9781,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readBlocklist", "ui:siemV4/readBlocklist", + "ui:siemV5/readBlocklist", ], "endpoint_exceptions_all": Array [ "login:", @@ -9678,6 +9804,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV4/showEndpointExceptions", "ui:siemV4/crudEndpointExceptions", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", ], "endpoint_exceptions_read": Array [ "login:", @@ -9685,6 +9813,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-showEndpointExceptions", "ui:siemV4/showEndpointExceptions", + "ui:siemV5/showEndpointExceptions", ], "endpoint_list_all": Array [ "login:", @@ -9692,11 +9821,14 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readEndpointList", "ui:siemV4/writeEndpointList", "ui:siemV4/readEndpointList", + "ui:siemV5/writeEndpointList", + "ui:siemV5/readEndpointList", ], "endpoint_list_read": Array [ "login:", "api:securitySolution-readEndpointList", "ui:siemV4/readEndpointList", + "ui:siemV5/readEndpointList", ], "event_filters_all": Array [ "login:", @@ -9719,6 +9851,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV4/writeEventFilters", "ui:siemV4/readEventFilters", + "ui:siemV5/writeEventFilters", + "ui:siemV5/readEventFilters", ], "event_filters_read": Array [ "login:", @@ -9726,21 +9860,25 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readEventFilters", "ui:siemV4/readEventFilters", + "ui:siemV5/readEventFilters", ], "execute_operations_all": Array [ "login:", "api:securitySolution-writeExecuteOperations", "ui:siemV4/writeExecuteOperations", + "ui:siemV5/writeExecuteOperations", ], "file_operations_all": Array [ "login:", "api:securitySolution-writeFileOperations", "ui:siemV4/writeFileOperations", + "ui:siemV5/writeFileOperations", ], "global_artifact_management_all": Array [ "login:", "api:securitySolution-writeGlobalArtifacts", "ui:siemV4/writeGlobalArtifacts", + "ui:siemV5/writeGlobalArtifacts", ], "host_isolation_all": Array [ "login:", @@ -9748,6 +9886,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-writeHostIsolation", "ui:siemV4/writeHostIsolationRelease", "ui:siemV4/writeHostIsolation", + "ui:siemV5/writeHostIsolationRelease", + "ui:siemV5/writeHostIsolation", ], "host_isolation_exceptions_all": Array [ "login:", @@ -9774,6 +9914,10 @@ export default function ({ getService }: FtrProviderContext) { "ui:siemV4/deleteHostIsolationExceptions", "ui:siemV4/accessHostIsolationExceptions", "ui:siemV4/writeHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/deleteHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", + "ui:siemV5/writeHostIsolationExceptions", ], "host_isolation_exceptions_read": Array [ "login:", @@ -9783,6 +9927,8 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-accessHostIsolationExceptions", "ui:siemV4/readHostIsolationExceptions", "ui:siemV4/accessHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", ], "minimal_all": Array [ "login:", @@ -9791,11 +9937,17 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-all", "api:lists-read", "api:lists-summary", + "api:rules-all", + "api:rules-read", + "api:alerts-all", + "api:alerts-read", + "api:exceptions-all", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-all", "api:cloud-security-posture-read", - "api:cloud-defend-all", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -9856,6 +10008,42 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/delete", "saved_object:index-pattern/bulk_delete", "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -10012,42 +10200,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/delete", "saved_object:security:reference-data/bulk_delete", "saved_object:security:reference-data/share_to_space", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:csp_rule/create", - "saved_object:csp_rule/bulk_create", - "saved_object:csp_rule/update", - "saved_object:csp_rule/bulk_update", - "saved_object:csp_rule/delete", - "saved_object:csp_rule/bulk_delete", - "saved_object:csp_rule/share_to_space", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:cloud-security-posture-settings/create", - "saved_object:cloud-security-posture-settings/bulk_create", - "saved_object:cloud-security-posture-settings/update", - "saved_object:cloud-security-posture-settings/bulk_update", - "saved_object:cloud-security-posture-settings/delete", - "saved_object:cloud-security-posture-settings/bulk_delete", - "saved_object:cloud-security-posture-settings/share_to_space", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", - "saved_object:csp-rule-template/create", - "saved_object:csp-rule-template/bulk_create", - "saved_object:csp-rule-template/update", - "saved_object:csp-rule-template/bulk_update", - "saved_object:csp-rule-template/delete", - "saved_object:csp-rule-template/bulk_delete", - "saved_object:csp-rule-template/share_to_space", "saved_object:telemetry/bulk_get", "saved_object:telemetry/get", "saved_object:telemetry/find", @@ -10616,15 +10768,30 @@ export default function ({ getService }: FtrProviderContext) { "ui:visualize_v2/save", "ui:visualize_v2/createShortUrl", "ui:visualize_v2/generateScreenshot", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/edit_rules", + "ui:securitySolutionRulesV1/detections", ], "minimal_read": Array [ "login:", "api:securitySolution", "api:rac", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -10652,6 +10819,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -10717,21 +10899,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -11008,6 +11175,15 @@ export default function ({ getService }: FtrProviderContext) { "ui:navLinks/lens", "ui:visualize_v2/show", "ui:visualize_v2/createShortUrl", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "policy_management_all": Array [ "login:", @@ -11027,6 +11203,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/share_to_space", "ui:siemV4/writePolicyManagement", "ui:siemV4/readPolicyManagement", + "ui:siemV5/writePolicyManagement", + "ui:siemV5/readPolicyManagement", ], "policy_management_read": Array [ "login:", @@ -11037,20 +11215,26 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:policy-settings-protection-updates-note/open_point_in_time", "saved_object:policy-settings-protection-updates-note/close_point_in_time", "ui:siemV4/readPolicyManagement", + "ui:siemV5/readPolicyManagement", ], "process_operations_all": Array [ "login:", "api:securitySolution-writeProcessOperations", "ui:siemV4/writeProcessOperations", + "ui:siemV5/writeProcessOperations", ], "read": Array [ "login:", "api:securitySolution", "api:rac", "api:lists-read", + "api:rules-read", + "api:alerts-read", + "api:exceptions-read", + "api:users-read", + "api:initialize-security-solution", "api:securitySolution-entity-analytics", "api:cloud-security-posture-read", - "api:cloud-defend-read", "api:bulkGetUserProfiles", "api:securitySolution-threat-intelligence", "app:securitySolution", @@ -11078,6 +11262,21 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:index-pattern/find", "saved_object:index-pattern/open_point_in_time", "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", "saved_object:siem-detection-engine-rule-actions/bulk_get", "saved_object:siem-detection-engine-rule-actions/get", "saved_object:siem-detection-engine-rule-actions/find", @@ -11143,21 +11342,6 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:security:reference-data/find", "saved_object:security:reference-data/open_point_in_time", "saved_object:security:reference-data/close_point_in_time", - "saved_object:csp_rule/bulk_get", - "saved_object:csp_rule/get", - "saved_object:csp_rule/find", - "saved_object:csp_rule/open_point_in_time", - "saved_object:csp_rule/close_point_in_time", - "saved_object:cloud-security-posture-settings/bulk_get", - "saved_object:cloud-security-posture-settings/get", - "saved_object:cloud-security-posture-settings/find", - "saved_object:cloud-security-posture-settings/open_point_in_time", - "saved_object:cloud-security-posture-settings/close_point_in_time", - "saved_object:csp-rule-template/bulk_get", - "saved_object:csp-rule-template/get", - "saved_object:csp-rule-template/find", - "saved_object:csp-rule-template/open_point_in_time", - "saved_object:csp-rule-template/close_point_in_time", "saved_object:config/bulk_get", "saved_object:config/get", "saved_object:config/find", @@ -11434,16 +11618,27 @@ export default function ({ getService }: FtrProviderContext) { "ui:navLinks/lens", "ui:visualize_v2/show", "ui:visualize_v2/createShortUrl", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "ui:navLinks/securitySolutionRulesV1", + "ui:securitySolutionRulesV1/read_rules", + "ui:securitySolutionRulesV1/detections", ], "scan_operations_all": Array [ "login:", "api:securitySolution-writeScanOperations", "ui:siemV4/writeScanOperations", + "ui:siemV5/writeScanOperations", ], "soc_management_all": Array [ "login:", "api:securitySolution-socManagement", "ui:siemV4/socManagement", + "ui:siemV5/socManagement", ], "trusted_applications_all": Array [ "login:", @@ -11466,6 +11661,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV4/writeTrustedApplications", "ui:siemV4/readTrustedApplications", + "ui:siemV5/writeTrustedApplications", + "ui:siemV5/readTrustedApplications", ], "trusted_applications_read": Array [ "login:", @@ -11473,6 +11670,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readTrustedApplications", "ui:siemV4/readTrustedApplications", + "ui:siemV5/readTrustedApplications", ], "trusted_devices_all": Array [ "login:", @@ -11495,6 +11693,8 @@ export default function ({ getService }: FtrProviderContext) { "saved_object:exception-list-agnostic/share_to_space", "ui:siemV4/writeTrustedDevices", "ui:siemV4/readTrustedDevices", + "ui:siemV5/writeTrustedDevices", + "ui:siemV5/readTrustedDevices", ], "trusted_devices_read": Array [ "login:", @@ -11502,6 +11702,7 @@ export default function ({ getService }: FtrProviderContext) { "api:lists-summary", "api:securitySolution-readTrustedDevices", "ui:siemV4/readTrustedDevices", + "ui:siemV5/readTrustedDevices", ], "workflow_insights_all": Array [ "login:", @@ -11509,11 +11710,1580 @@ export default function ({ getService }: FtrProviderContext) { "api:securitySolution-readWorkflowInsights", "ui:siemV4/writeWorkflowInsights", "ui:siemV4/readWorkflowInsights", + "ui:siemV5/writeWorkflowInsights", + "ui:siemV5/readWorkflowInsights", ], "workflow_insights_read": Array [ "login:", "api:securitySolution-readWorkflowInsights", "ui:siemV4/readWorkflowInsights", + "ui:siemV5/readWorkflowInsights", + ], + }, + "siemV5": Object { + "actions_log_management_all": Array [ + "login:", + "api:securitySolution-writeActionsLogManagement", + "api:securitySolution-readActionsLogManagement", + "ui:siemV5/writeActionsLogManagement", + "ui:siemV5/readActionsLogManagement", + ], + "actions_log_management_read": Array [ + "login:", + "api:securitySolution-readActionsLogManagement", + "ui:siemV5/readActionsLogManagement", + ], + "all": Array [ + "login:", + "api:securitySolution", + "api:rac", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:users-read", + "api:initialize-security-solution", + "api:securitySolution-entity-analytics", + "api:cloud-security-posture-all", + "api:cloud-security-posture-read", + "api:bulkGetUserProfiles", + "api:securitySolution-threat-intelligence", + "app:securitySolution", + "app:csp", + "app:cloudDefend", + "app:kibana", + "ui:catalogue/securitySolution", + "ui:navLinks/securitySolution", + "ui:navLinks/csp", + "ui:navLinks/cloudDefend", + "ui:navLinks/kibana", + "saved_object:alert/bulk_get", + "saved_object:alert/get", + "saved_object:alert/find", + "saved_object:alert/open_point_in_time", + "saved_object:alert/close_point_in_time", + "saved_object:alert/create", + "saved_object:alert/bulk_create", + "saved_object:alert/update", + "saved_object:alert/bulk_update", + "saved_object:alert/delete", + "saved_object:alert/bulk_delete", + "saved_object:alert/share_to_space", + "saved_object:index-pattern/bulk_get", + "saved_object:index-pattern/get", + "saved_object:index-pattern/find", + "saved_object:index-pattern/open_point_in_time", + "saved_object:index-pattern/close_point_in_time", + "saved_object:index-pattern/create", + "saved_object:index-pattern/bulk_create", + "saved_object:index-pattern/update", + "saved_object:index-pattern/bulk_update", + "saved_object:index-pattern/delete", + "saved_object:index-pattern/bulk_delete", + "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "saved_object:siem-detection-engine-rule-actions/bulk_get", + "saved_object:siem-detection-engine-rule-actions/get", + "saved_object:siem-detection-engine-rule-actions/find", + "saved_object:siem-detection-engine-rule-actions/open_point_in_time", + "saved_object:siem-detection-engine-rule-actions/close_point_in_time", + "saved_object:siem-detection-engine-rule-actions/create", + "saved_object:siem-detection-engine-rule-actions/bulk_create", + "saved_object:siem-detection-engine-rule-actions/update", + "saved_object:siem-detection-engine-rule-actions/bulk_update", + "saved_object:siem-detection-engine-rule-actions/delete", + "saved_object:siem-detection-engine-rule-actions/bulk_delete", + "saved_object:siem-detection-engine-rule-actions/share_to_space", + "saved_object:endpoint:user-artifact-manifest/bulk_get", + "saved_object:endpoint:user-artifact-manifest/get", + "saved_object:endpoint:user-artifact-manifest/find", + "saved_object:endpoint:user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:user-artifact-manifest/create", + "saved_object:endpoint:user-artifact-manifest/bulk_create", + "saved_object:endpoint:user-artifact-manifest/update", + "saved_object:endpoint:user-artifact-manifest/bulk_update", + "saved_object:endpoint:user-artifact-manifest/delete", + "saved_object:endpoint:user-artifact-manifest/bulk_delete", + "saved_object:endpoint:user-artifact-manifest/share_to_space", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_get", + "saved_object:endpoint:unified-user-artifact-manifest/get", + "saved_object:endpoint:unified-user-artifact-manifest/find", + "saved_object:endpoint:unified-user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/create", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_create", + "saved_object:endpoint:unified-user-artifact-manifest/update", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_update", + "saved_object:endpoint:unified-user-artifact-manifest/delete", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_delete", + "saved_object:endpoint:unified-user-artifact-manifest/share_to_space", + "saved_object:security-solution-signals-migration/bulk_get", + "saved_object:security-solution-signals-migration/get", + "saved_object:security-solution-signals-migration/find", + "saved_object:security-solution-signals-migration/open_point_in_time", + "saved_object:security-solution-signals-migration/close_point_in_time", + "saved_object:security-solution-signals-migration/create", + "saved_object:security-solution-signals-migration/bulk_create", + "saved_object:security-solution-signals-migration/update", + "saved_object:security-solution-signals-migration/bulk_update", + "saved_object:security-solution-signals-migration/delete", + "saved_object:security-solution-signals-migration/bulk_delete", + "saved_object:security-solution-signals-migration/share_to_space", + "saved_object:risk-engine-configuration/bulk_get", + "saved_object:risk-engine-configuration/get", + "saved_object:risk-engine-configuration/find", + "saved_object:risk-engine-configuration/open_point_in_time", + "saved_object:risk-engine-configuration/close_point_in_time", + "saved_object:risk-engine-configuration/create", + "saved_object:risk-engine-configuration/bulk_create", + "saved_object:risk-engine-configuration/update", + "saved_object:risk-engine-configuration/bulk_update", + "saved_object:risk-engine-configuration/delete", + "saved_object:risk-engine-configuration/bulk_delete", + "saved_object:risk-engine-configuration/share_to_space", + "saved_object:entity-engine-status/bulk_get", + "saved_object:entity-engine-status/get", + "saved_object:entity-engine-status/find", + "saved_object:entity-engine-status/open_point_in_time", + "saved_object:entity-engine-status/close_point_in_time", + "saved_object:entity-engine-status/create", + "saved_object:entity-engine-status/bulk_create", + "saved_object:entity-engine-status/update", + "saved_object:entity-engine-status/bulk_update", + "saved_object:entity-engine-status/delete", + "saved_object:entity-engine-status/bulk_delete", + "saved_object:entity-engine-status/share_to_space", + "saved_object:privilege-monitoring-status/bulk_get", + "saved_object:privilege-monitoring-status/get", + "saved_object:privilege-monitoring-status/find", + "saved_object:privilege-monitoring-status/open_point_in_time", + "saved_object:privilege-monitoring-status/close_point_in_time", + "saved_object:privilege-monitoring-status/create", + "saved_object:privilege-monitoring-status/bulk_create", + "saved_object:privilege-monitoring-status/update", + "saved_object:privilege-monitoring-status/bulk_update", + "saved_object:privilege-monitoring-status/delete", + "saved_object:privilege-monitoring-status/bulk_delete", + "saved_object:privilege-monitoring-status/share_to_space", + "saved_object:privmon-api-key/bulk_get", + "saved_object:privmon-api-key/get", + "saved_object:privmon-api-key/find", + "saved_object:privmon-api-key/open_point_in_time", + "saved_object:privmon-api-key/close_point_in_time", + "saved_object:privmon-api-key/create", + "saved_object:privmon-api-key/bulk_create", + "saved_object:privmon-api-key/update", + "saved_object:privmon-api-key/bulk_update", + "saved_object:privmon-api-key/delete", + "saved_object:privmon-api-key/bulk_delete", + "saved_object:privmon-api-key/share_to_space", + "saved_object:entity-analytics-monitoring-entity-source/bulk_get", + "saved_object:entity-analytics-monitoring-entity-source/get", + "saved_object:entity-analytics-monitoring-entity-source/find", + "saved_object:entity-analytics-monitoring-entity-source/open_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/close_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/create", + "saved_object:entity-analytics-monitoring-entity-source/bulk_create", + "saved_object:entity-analytics-monitoring-entity-source/update", + "saved_object:entity-analytics-monitoring-entity-source/bulk_update", + "saved_object:entity-analytics-monitoring-entity-source/delete", + "saved_object:entity-analytics-monitoring-entity-source/bulk_delete", + "saved_object:entity-analytics-monitoring-entity-source/share_to_space", + "saved_object:policy-settings-protection-updates-note/bulk_get", + "saved_object:policy-settings-protection-updates-note/get", + "saved_object:policy-settings-protection-updates-note/find", + "saved_object:policy-settings-protection-updates-note/open_point_in_time", + "saved_object:policy-settings-protection-updates-note/close_point_in_time", + "saved_object:policy-settings-protection-updates-note/create", + "saved_object:policy-settings-protection-updates-note/bulk_create", + "saved_object:policy-settings-protection-updates-note/update", + "saved_object:policy-settings-protection-updates-note/bulk_update", + "saved_object:policy-settings-protection-updates-note/delete", + "saved_object:policy-settings-protection-updates-note/bulk_delete", + "saved_object:policy-settings-protection-updates-note/share_to_space", + "saved_object:security-ai-prompt/bulk_get", + "saved_object:security-ai-prompt/get", + "saved_object:security-ai-prompt/find", + "saved_object:security-ai-prompt/open_point_in_time", + "saved_object:security-ai-prompt/close_point_in_time", + "saved_object:security-ai-prompt/create", + "saved_object:security-ai-prompt/bulk_create", + "saved_object:security-ai-prompt/update", + "saved_object:security-ai-prompt/bulk_update", + "saved_object:security-ai-prompt/delete", + "saved_object:security-ai-prompt/bulk_delete", + "saved_object:security-ai-prompt/share_to_space", + "saved_object:security:reference-data/bulk_get", + "saved_object:security:reference-data/get", + "saved_object:security:reference-data/find", + "saved_object:security:reference-data/open_point_in_time", + "saved_object:security:reference-data/close_point_in_time", + "saved_object:security:reference-data/create", + "saved_object:security:reference-data/bulk_create", + "saved_object:security:reference-data/update", + "saved_object:security:reference-data/bulk_update", + "saved_object:security:reference-data/delete", + "saved_object:security:reference-data/bulk_delete", + "saved_object:security:reference-data/share_to_space", + "saved_object:telemetry/bulk_get", + "saved_object:telemetry/get", + "saved_object:telemetry/find", + "saved_object:telemetry/open_point_in_time", + "saved_object:telemetry/close_point_in_time", + "saved_object:telemetry/create", + "saved_object:telemetry/bulk_create", + "saved_object:telemetry/update", + "saved_object:telemetry/bulk_update", + "saved_object:telemetry/delete", + "saved_object:telemetry/bulk_delete", + "saved_object:telemetry/share_to_space", + "saved_object:config/bulk_get", + "saved_object:config/get", + "saved_object:config/find", + "saved_object:config/open_point_in_time", + "saved_object:config/close_point_in_time", + "saved_object:config-global/bulk_get", + "saved_object:config-global/get", + "saved_object:config-global/find", + "saved_object:config-global/open_point_in_time", + "saved_object:config-global/close_point_in_time", + "saved_object:url/bulk_get", + "saved_object:url/get", + "saved_object:url/find", + "saved_object:url/open_point_in_time", + "saved_object:url/close_point_in_time", + "saved_object:tag/bulk_get", + "saved_object:tag/get", + "saved_object:tag/find", + "saved_object:tag/open_point_in_time", + "saved_object:tag/close_point_in_time", + "saved_object:cloud/bulk_get", + "saved_object:cloud/get", + "saved_object:cloud/find", + "saved_object:cloud/open_point_in_time", + "saved_object:cloud/close_point_in_time", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "api:fileUpload:analyzeFile", + "api:store_search_session", + "api:generateReport", + "app:discover", + "ui:catalogue/discover", + "ui:management/kibana/search_sessions", + "ui:management/insightsAndAlerting/reporting", + "ui:navLinks/discover", + "saved_object:search/bulk_get", + "saved_object:search/get", + "saved_object:search/find", + "saved_object:search/open_point_in_time", + "saved_object:search/close_point_in_time", + "saved_object:search/create", + "saved_object:search/bulk_create", + "saved_object:search/update", + "saved_object:search/bulk_update", + "saved_object:search/delete", + "saved_object:search/bulk_delete", + "saved_object:search/share_to_space", + "saved_object:url/create", + "saved_object:url/bulk_create", + "saved_object:url/update", + "saved_object:url/bulk_update", + "saved_object:url/delete", + "saved_object:url/bulk_delete", + "saved_object:url/share_to_space", + "saved_object:search-session/bulk_get", + "saved_object:search-session/get", + "saved_object:search-session/find", + "saved_object:search-session/open_point_in_time", + "saved_object:search-session/close_point_in_time", + "saved_object:search-session/create", + "saved_object:search-session/bulk_create", + "saved_object:search-session/update", + "saved_object:search-session/bulk_update", + "saved_object:search-session/delete", + "saved_object:search-session/bulk_delete", + "saved_object:search-session/share_to_space", + "saved_object:scheduled_report/bulk_get", + "saved_object:scheduled_report/get", + "saved_object:scheduled_report/find", + "saved_object:scheduled_report/open_point_in_time", + "saved_object:scheduled_report/close_point_in_time", + "saved_object:scheduled_report/create", + "saved_object:scheduled_report/bulk_create", + "saved_object:scheduled_report/update", + "saved_object:scheduled_report/bulk_update", + "saved_object:scheduled_report/delete", + "saved_object:scheduled_report/bulk_delete", + "saved_object:scheduled_report/share_to_space", + "ui:discover_v2/show", + "ui:discover_v2/save", + "ui:discover_v2/createShortUrl", + "ui:discover_v2/storeSearchSession", + "ui:discover_v2/generateCsv", + "api:dashboardUsageStats", + "api:downloadCsv", + "app:dashboards", + "ui:catalogue/dashboard", + "ui:navLinks/dashboards", + "saved_object:dashboard/bulk_get", + "saved_object:dashboard/get", + "saved_object:dashboard/find", + "saved_object:dashboard/open_point_in_time", + "saved_object:dashboard/close_point_in_time", + "saved_object:dashboard/create", + "saved_object:dashboard/bulk_create", + "saved_object:dashboard/update", + "saved_object:dashboard/bulk_update", + "saved_object:dashboard/delete", + "saved_object:dashboard/bulk_delete", + "saved_object:dashboard/share_to_space", + "saved_object:visualization/bulk_get", + "saved_object:visualization/get", + "saved_object:visualization/find", + "saved_object:visualization/open_point_in_time", + "saved_object:visualization/close_point_in_time", + "saved_object:canvas-workpad/bulk_get", + "saved_object:canvas-workpad/get", + "saved_object:canvas-workpad/find", + "saved_object:canvas-workpad/open_point_in_time", + "saved_object:canvas-workpad/close_point_in_time", + "saved_object:event-annotation-group/bulk_get", + "saved_object:event-annotation-group/get", + "saved_object:event-annotation-group/find", + "saved_object:event-annotation-group/open_point_in_time", + "saved_object:event-annotation-group/close_point_in_time", + "saved_object:lens/bulk_get", + "saved_object:lens/get", + "saved_object:lens/find", + "saved_object:lens/open_point_in_time", + "saved_object:lens/close_point_in_time", + "saved_object:links/bulk_get", + "saved_object:links/get", + "saved_object:links/find", + "saved_object:links/open_point_in_time", + "saved_object:links/close_point_in_time", + "saved_object:map/bulk_get", + "saved_object:map/get", + "saved_object:map/find", + "saved_object:map/open_point_in_time", + "saved_object:map/close_point_in_time", + "ui:dashboard_v2/createNew", + "ui:dashboard_v2/show", + "ui:dashboard_v2/showWriteControls", + "ui:dashboard_v2/createShortUrl", + "ui:dashboard_v2/storeSearchSession", + "ui:dashboard_v2/generateScreenshot", + "ui:dashboard_v2/downloadCsv", + "app:maps", + "ui:catalogue/maps", + "ui:navLinks/maps", + "saved_object:map/create", + "saved_object:map/bulk_create", + "saved_object:map/update", + "saved_object:map/bulk_update", + "saved_object:map/delete", + "saved_object:map/bulk_delete", + "saved_object:map/share_to_space", + "ui:maps_v2/save", + "ui:maps_v2/show", + "app:visualize", + "app:lens", + "ui:catalogue/visualize", + "ui:navLinks/visualize", + "ui:navLinks/lens", + "saved_object:visualization/create", + "saved_object:visualization/bulk_create", + "saved_object:visualization/update", + "saved_object:visualization/bulk_update", + "saved_object:visualization/delete", + "saved_object:visualization/bulk_delete", + "saved_object:visualization/share_to_space", + "saved_object:lens/create", + "saved_object:lens/bulk_create", + "saved_object:lens/update", + "saved_object:lens/bulk_update", + "saved_object:lens/delete", + "saved_object:lens/bulk_delete", + "saved_object:lens/share_to_space", + "ui:visualize_v2/show", + "ui:visualize_v2/delete", + "ui:visualize_v2/save", + "ui:visualize_v2/createShortUrl", + "ui:visualize_v2/generateScreenshot", + ], + "blocklist_all": Array [ + "login:", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-writeBlocklist", + "api:securitySolution-readBlocklist", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "ui:siemV5/writeBlocklist", + "ui:siemV5/readBlocklist", + ], + "blocklist_read": Array [ + "login:", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-readBlocklist", + "ui:siemV5/readBlocklist", + ], + "endpoint_exceptions_all": Array [ + "login:", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-showEndpointExceptions", + "api:securitySolution-crudEndpointExceptions", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "ui:siemV5/showEndpointExceptions", + "ui:siemV5/crudEndpointExceptions", + ], + "endpoint_exceptions_read": Array [ + "login:", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-showEndpointExceptions", + "ui:siemV5/showEndpointExceptions", + ], + "endpoint_list_all": Array [ + "login:", + "api:securitySolution-writeEndpointList", + "api:securitySolution-readEndpointList", + "ui:siemV5/writeEndpointList", + "ui:siemV5/readEndpointList", + ], + "endpoint_list_read": Array [ + "login:", + "api:securitySolution-readEndpointList", + "ui:siemV5/readEndpointList", + ], + "event_filters_all": Array [ + "login:", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-writeEventFilters", + "api:securitySolution-readEventFilters", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "ui:siemV5/writeEventFilters", + "ui:siemV5/readEventFilters", + ], + "event_filters_read": Array [ + "login:", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-readEventFilters", + "ui:siemV5/readEventFilters", + ], + "execute_operations_all": Array [ + "login:", + "api:securitySolution-writeExecuteOperations", + "ui:siemV5/writeExecuteOperations", + ], + "file_operations_all": Array [ + "login:", + "api:securitySolution-writeFileOperations", + "ui:siemV5/writeFileOperations", + ], + "global_artifact_management_all": Array [ + "login:", + "api:securitySolution-writeGlobalArtifacts", + "ui:siemV5/writeGlobalArtifacts", + ], + "host_isolation_all": Array [ + "login:", + "api:securitySolution-writeHostIsolationRelease", + "api:securitySolution-writeHostIsolation", + "ui:siemV5/writeHostIsolationRelease", + "ui:siemV5/writeHostIsolation", + ], + "host_isolation_exceptions_all": Array [ + "login:", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-deleteHostIsolationExceptions", + "api:securitySolution-readHostIsolationExceptions", + "api:securitySolution-accessHostIsolationExceptions", + "api:securitySolution-writeHostIsolationExceptions", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/deleteHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", + "ui:siemV5/writeHostIsolationExceptions", + ], + "host_isolation_exceptions_read": Array [ + "login:", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-readHostIsolationExceptions", + "api:securitySolution-accessHostIsolationExceptions", + "ui:siemV5/readHostIsolationExceptions", + "ui:siemV5/accessHostIsolationExceptions", + ], + "minimal_all": Array [ + "login:", + "api:securitySolution", + "api:rac", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:users-read", + "api:initialize-security-solution", + "api:securitySolution-entity-analytics", + "api:cloud-security-posture-all", + "api:cloud-security-posture-read", + "api:bulkGetUserProfiles", + "api:securitySolution-threat-intelligence", + "app:securitySolution", + "app:csp", + "app:cloudDefend", + "app:kibana", + "ui:catalogue/securitySolution", + "ui:navLinks/securitySolution", + "ui:navLinks/csp", + "ui:navLinks/cloudDefend", + "ui:navLinks/kibana", + "saved_object:alert/bulk_get", + "saved_object:alert/get", + "saved_object:alert/find", + "saved_object:alert/open_point_in_time", + "saved_object:alert/close_point_in_time", + "saved_object:alert/create", + "saved_object:alert/bulk_create", + "saved_object:alert/update", + "saved_object:alert/bulk_update", + "saved_object:alert/delete", + "saved_object:alert/bulk_delete", + "saved_object:alert/share_to_space", + "saved_object:index-pattern/bulk_get", + "saved_object:index-pattern/get", + "saved_object:index-pattern/find", + "saved_object:index-pattern/open_point_in_time", + "saved_object:index-pattern/close_point_in_time", + "saved_object:index-pattern/create", + "saved_object:index-pattern/bulk_create", + "saved_object:index-pattern/update", + "saved_object:index-pattern/bulk_update", + "saved_object:index-pattern/delete", + "saved_object:index-pattern/bulk_delete", + "saved_object:index-pattern/share_to_space", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:csp_rule/create", + "saved_object:csp_rule/bulk_create", + "saved_object:csp_rule/update", + "saved_object:csp_rule/bulk_update", + "saved_object:csp_rule/delete", + "saved_object:csp_rule/bulk_delete", + "saved_object:csp_rule/share_to_space", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:cloud-security-posture-settings/create", + "saved_object:cloud-security-posture-settings/bulk_create", + "saved_object:cloud-security-posture-settings/update", + "saved_object:cloud-security-posture-settings/bulk_update", + "saved_object:cloud-security-posture-settings/delete", + "saved_object:cloud-security-posture-settings/bulk_delete", + "saved_object:cloud-security-posture-settings/share_to_space", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:csp-rule-template/create", + "saved_object:csp-rule-template/bulk_create", + "saved_object:csp-rule-template/update", + "saved_object:csp-rule-template/bulk_update", + "saved_object:csp-rule-template/delete", + "saved_object:csp-rule-template/bulk_delete", + "saved_object:csp-rule-template/share_to_space", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "saved_object:siem-detection-engine-rule-actions/bulk_get", + "saved_object:siem-detection-engine-rule-actions/get", + "saved_object:siem-detection-engine-rule-actions/find", + "saved_object:siem-detection-engine-rule-actions/open_point_in_time", + "saved_object:siem-detection-engine-rule-actions/close_point_in_time", + "saved_object:siem-detection-engine-rule-actions/create", + "saved_object:siem-detection-engine-rule-actions/bulk_create", + "saved_object:siem-detection-engine-rule-actions/update", + "saved_object:siem-detection-engine-rule-actions/bulk_update", + "saved_object:siem-detection-engine-rule-actions/delete", + "saved_object:siem-detection-engine-rule-actions/bulk_delete", + "saved_object:siem-detection-engine-rule-actions/share_to_space", + "saved_object:endpoint:user-artifact-manifest/bulk_get", + "saved_object:endpoint:user-artifact-manifest/get", + "saved_object:endpoint:user-artifact-manifest/find", + "saved_object:endpoint:user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:user-artifact-manifest/create", + "saved_object:endpoint:user-artifact-manifest/bulk_create", + "saved_object:endpoint:user-artifact-manifest/update", + "saved_object:endpoint:user-artifact-manifest/bulk_update", + "saved_object:endpoint:user-artifact-manifest/delete", + "saved_object:endpoint:user-artifact-manifest/bulk_delete", + "saved_object:endpoint:user-artifact-manifest/share_to_space", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_get", + "saved_object:endpoint:unified-user-artifact-manifest/get", + "saved_object:endpoint:unified-user-artifact-manifest/find", + "saved_object:endpoint:unified-user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/create", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_create", + "saved_object:endpoint:unified-user-artifact-manifest/update", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_update", + "saved_object:endpoint:unified-user-artifact-manifest/delete", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_delete", + "saved_object:endpoint:unified-user-artifact-manifest/share_to_space", + "saved_object:security-solution-signals-migration/bulk_get", + "saved_object:security-solution-signals-migration/get", + "saved_object:security-solution-signals-migration/find", + "saved_object:security-solution-signals-migration/open_point_in_time", + "saved_object:security-solution-signals-migration/close_point_in_time", + "saved_object:security-solution-signals-migration/create", + "saved_object:security-solution-signals-migration/bulk_create", + "saved_object:security-solution-signals-migration/update", + "saved_object:security-solution-signals-migration/bulk_update", + "saved_object:security-solution-signals-migration/delete", + "saved_object:security-solution-signals-migration/bulk_delete", + "saved_object:security-solution-signals-migration/share_to_space", + "saved_object:risk-engine-configuration/bulk_get", + "saved_object:risk-engine-configuration/get", + "saved_object:risk-engine-configuration/find", + "saved_object:risk-engine-configuration/open_point_in_time", + "saved_object:risk-engine-configuration/close_point_in_time", + "saved_object:risk-engine-configuration/create", + "saved_object:risk-engine-configuration/bulk_create", + "saved_object:risk-engine-configuration/update", + "saved_object:risk-engine-configuration/bulk_update", + "saved_object:risk-engine-configuration/delete", + "saved_object:risk-engine-configuration/bulk_delete", + "saved_object:risk-engine-configuration/share_to_space", + "saved_object:entity-engine-status/bulk_get", + "saved_object:entity-engine-status/get", + "saved_object:entity-engine-status/find", + "saved_object:entity-engine-status/open_point_in_time", + "saved_object:entity-engine-status/close_point_in_time", + "saved_object:entity-engine-status/create", + "saved_object:entity-engine-status/bulk_create", + "saved_object:entity-engine-status/update", + "saved_object:entity-engine-status/bulk_update", + "saved_object:entity-engine-status/delete", + "saved_object:entity-engine-status/bulk_delete", + "saved_object:entity-engine-status/share_to_space", + "saved_object:privilege-monitoring-status/bulk_get", + "saved_object:privilege-monitoring-status/get", + "saved_object:privilege-monitoring-status/find", + "saved_object:privilege-monitoring-status/open_point_in_time", + "saved_object:privilege-monitoring-status/close_point_in_time", + "saved_object:privilege-monitoring-status/create", + "saved_object:privilege-monitoring-status/bulk_create", + "saved_object:privilege-monitoring-status/update", + "saved_object:privilege-monitoring-status/bulk_update", + "saved_object:privilege-monitoring-status/delete", + "saved_object:privilege-monitoring-status/bulk_delete", + "saved_object:privilege-monitoring-status/share_to_space", + "saved_object:privmon-api-key/bulk_get", + "saved_object:privmon-api-key/get", + "saved_object:privmon-api-key/find", + "saved_object:privmon-api-key/open_point_in_time", + "saved_object:privmon-api-key/close_point_in_time", + "saved_object:privmon-api-key/create", + "saved_object:privmon-api-key/bulk_create", + "saved_object:privmon-api-key/update", + "saved_object:privmon-api-key/bulk_update", + "saved_object:privmon-api-key/delete", + "saved_object:privmon-api-key/bulk_delete", + "saved_object:privmon-api-key/share_to_space", + "saved_object:entity-analytics-monitoring-entity-source/bulk_get", + "saved_object:entity-analytics-monitoring-entity-source/get", + "saved_object:entity-analytics-monitoring-entity-source/find", + "saved_object:entity-analytics-monitoring-entity-source/open_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/close_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/create", + "saved_object:entity-analytics-monitoring-entity-source/bulk_create", + "saved_object:entity-analytics-monitoring-entity-source/update", + "saved_object:entity-analytics-monitoring-entity-source/bulk_update", + "saved_object:entity-analytics-monitoring-entity-source/delete", + "saved_object:entity-analytics-monitoring-entity-source/bulk_delete", + "saved_object:entity-analytics-monitoring-entity-source/share_to_space", + "saved_object:policy-settings-protection-updates-note/bulk_get", + "saved_object:policy-settings-protection-updates-note/get", + "saved_object:policy-settings-protection-updates-note/find", + "saved_object:policy-settings-protection-updates-note/open_point_in_time", + "saved_object:policy-settings-protection-updates-note/close_point_in_time", + "saved_object:policy-settings-protection-updates-note/create", + "saved_object:policy-settings-protection-updates-note/bulk_create", + "saved_object:policy-settings-protection-updates-note/update", + "saved_object:policy-settings-protection-updates-note/bulk_update", + "saved_object:policy-settings-protection-updates-note/delete", + "saved_object:policy-settings-protection-updates-note/bulk_delete", + "saved_object:policy-settings-protection-updates-note/share_to_space", + "saved_object:security-ai-prompt/bulk_get", + "saved_object:security-ai-prompt/get", + "saved_object:security-ai-prompt/find", + "saved_object:security-ai-prompt/open_point_in_time", + "saved_object:security-ai-prompt/close_point_in_time", + "saved_object:security-ai-prompt/create", + "saved_object:security-ai-prompt/bulk_create", + "saved_object:security-ai-prompt/update", + "saved_object:security-ai-prompt/bulk_update", + "saved_object:security-ai-prompt/delete", + "saved_object:security-ai-prompt/bulk_delete", + "saved_object:security-ai-prompt/share_to_space", + "saved_object:security:reference-data/bulk_get", + "saved_object:security:reference-data/get", + "saved_object:security:reference-data/find", + "saved_object:security:reference-data/open_point_in_time", + "saved_object:security:reference-data/close_point_in_time", + "saved_object:security:reference-data/create", + "saved_object:security:reference-data/bulk_create", + "saved_object:security:reference-data/update", + "saved_object:security:reference-data/bulk_update", + "saved_object:security:reference-data/delete", + "saved_object:security:reference-data/bulk_delete", + "saved_object:security:reference-data/share_to_space", + "saved_object:telemetry/bulk_get", + "saved_object:telemetry/get", + "saved_object:telemetry/find", + "saved_object:telemetry/open_point_in_time", + "saved_object:telemetry/close_point_in_time", + "saved_object:telemetry/create", + "saved_object:telemetry/bulk_create", + "saved_object:telemetry/update", + "saved_object:telemetry/bulk_update", + "saved_object:telemetry/delete", + "saved_object:telemetry/bulk_delete", + "saved_object:telemetry/share_to_space", + "saved_object:config/bulk_get", + "saved_object:config/get", + "saved_object:config/find", + "saved_object:config/open_point_in_time", + "saved_object:config/close_point_in_time", + "saved_object:config-global/bulk_get", + "saved_object:config-global/get", + "saved_object:config-global/find", + "saved_object:config-global/open_point_in_time", + "saved_object:config-global/close_point_in_time", + "saved_object:url/bulk_get", + "saved_object:url/get", + "saved_object:url/find", + "saved_object:url/open_point_in_time", + "saved_object:url/close_point_in_time", + "saved_object:tag/bulk_get", + "saved_object:tag/get", + "saved_object:tag/find", + "saved_object:tag/open_point_in_time", + "saved_object:tag/close_point_in_time", + "saved_object:cloud/bulk_get", + "saved_object:cloud/get", + "saved_object:cloud/find", + "saved_object:cloud/open_point_in_time", + "saved_object:cloud/close_point_in_time", + "ui:siemV5/show", + "ui:siemV5/crud", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "api:fileUpload:analyzeFile", + "api:store_search_session", + "api:generateReport", + "app:discover", + "ui:catalogue/discover", + "ui:management/kibana/search_sessions", + "ui:management/insightsAndAlerting/reporting", + "ui:navLinks/discover", + "saved_object:search/bulk_get", + "saved_object:search/get", + "saved_object:search/find", + "saved_object:search/open_point_in_time", + "saved_object:search/close_point_in_time", + "saved_object:search/create", + "saved_object:search/bulk_create", + "saved_object:search/update", + "saved_object:search/bulk_update", + "saved_object:search/delete", + "saved_object:search/bulk_delete", + "saved_object:search/share_to_space", + "saved_object:url/create", + "saved_object:url/bulk_create", + "saved_object:url/update", + "saved_object:url/bulk_update", + "saved_object:url/delete", + "saved_object:url/bulk_delete", + "saved_object:url/share_to_space", + "saved_object:search-session/bulk_get", + "saved_object:search-session/get", + "saved_object:search-session/find", + "saved_object:search-session/open_point_in_time", + "saved_object:search-session/close_point_in_time", + "saved_object:search-session/create", + "saved_object:search-session/bulk_create", + "saved_object:search-session/update", + "saved_object:search-session/bulk_update", + "saved_object:search-session/delete", + "saved_object:search-session/bulk_delete", + "saved_object:search-session/share_to_space", + "saved_object:scheduled_report/bulk_get", + "saved_object:scheduled_report/get", + "saved_object:scheduled_report/find", + "saved_object:scheduled_report/open_point_in_time", + "saved_object:scheduled_report/close_point_in_time", + "saved_object:scheduled_report/create", + "saved_object:scheduled_report/bulk_create", + "saved_object:scheduled_report/update", + "saved_object:scheduled_report/bulk_update", + "saved_object:scheduled_report/delete", + "saved_object:scheduled_report/bulk_delete", + "saved_object:scheduled_report/share_to_space", + "ui:discover_v2/show", + "ui:discover_v2/save", + "ui:discover_v2/createShortUrl", + "ui:discover_v2/storeSearchSession", + "ui:discover_v2/generateCsv", + "api:dashboardUsageStats", + "api:downloadCsv", + "app:dashboards", + "ui:catalogue/dashboard", + "ui:navLinks/dashboards", + "saved_object:dashboard/bulk_get", + "saved_object:dashboard/get", + "saved_object:dashboard/find", + "saved_object:dashboard/open_point_in_time", + "saved_object:dashboard/close_point_in_time", + "saved_object:dashboard/create", + "saved_object:dashboard/bulk_create", + "saved_object:dashboard/update", + "saved_object:dashboard/bulk_update", + "saved_object:dashboard/delete", + "saved_object:dashboard/bulk_delete", + "saved_object:dashboard/share_to_space", + "saved_object:visualization/bulk_get", + "saved_object:visualization/get", + "saved_object:visualization/find", + "saved_object:visualization/open_point_in_time", + "saved_object:visualization/close_point_in_time", + "saved_object:canvas-workpad/bulk_get", + "saved_object:canvas-workpad/get", + "saved_object:canvas-workpad/find", + "saved_object:canvas-workpad/open_point_in_time", + "saved_object:canvas-workpad/close_point_in_time", + "saved_object:event-annotation-group/bulk_get", + "saved_object:event-annotation-group/get", + "saved_object:event-annotation-group/find", + "saved_object:event-annotation-group/open_point_in_time", + "saved_object:event-annotation-group/close_point_in_time", + "saved_object:lens/bulk_get", + "saved_object:lens/get", + "saved_object:lens/find", + "saved_object:lens/open_point_in_time", + "saved_object:lens/close_point_in_time", + "saved_object:links/bulk_get", + "saved_object:links/get", + "saved_object:links/find", + "saved_object:links/open_point_in_time", + "saved_object:links/close_point_in_time", + "saved_object:map/bulk_get", + "saved_object:map/get", + "saved_object:map/find", + "saved_object:map/open_point_in_time", + "saved_object:map/close_point_in_time", + "ui:dashboard_v2/createNew", + "ui:dashboard_v2/show", + "ui:dashboard_v2/showWriteControls", + "ui:dashboard_v2/createShortUrl", + "ui:dashboard_v2/storeSearchSession", + "ui:dashboard_v2/generateScreenshot", + "ui:dashboard_v2/downloadCsv", + "app:maps", + "ui:catalogue/maps", + "ui:navLinks/maps", + "saved_object:map/create", + "saved_object:map/bulk_create", + "saved_object:map/update", + "saved_object:map/bulk_update", + "saved_object:map/delete", + "saved_object:map/bulk_delete", + "saved_object:map/share_to_space", + "ui:maps_v2/save", + "ui:maps_v2/show", + "app:visualize", + "app:lens", + "ui:catalogue/visualize", + "ui:navLinks/visualize", + "ui:navLinks/lens", + "saved_object:visualization/create", + "saved_object:visualization/bulk_create", + "saved_object:visualization/update", + "saved_object:visualization/bulk_update", + "saved_object:visualization/delete", + "saved_object:visualization/bulk_delete", + "saved_object:visualization/share_to_space", + "saved_object:lens/create", + "saved_object:lens/bulk_create", + "saved_object:lens/update", + "saved_object:lens/bulk_update", + "saved_object:lens/delete", + "saved_object:lens/bulk_delete", + "saved_object:lens/share_to_space", + "ui:visualize_v2/show", + "ui:visualize_v2/delete", + "ui:visualize_v2/save", + "ui:visualize_v2/createShortUrl", + "ui:visualize_v2/generateScreenshot", + ], + "minimal_read": Array [ + "login:", + "api:securitySolution", + "api:rac", + "api:lists-read", + "api:users-read", + "api:initialize-security-solution", + "api:securitySolution-entity-analytics", + "api:cloud-security-posture-read", + "api:bulkGetUserProfiles", + "api:securitySolution-threat-intelligence", + "app:securitySolution", + "app:csp", + "app:cloudDefend", + "app:kibana", + "ui:catalogue/securitySolution", + "ui:navLinks/securitySolution", + "ui:navLinks/csp", + "ui:navLinks/cloudDefend", + "ui:navLinks/kibana", + "saved_object:index-pattern/bulk_get", + "saved_object:index-pattern/get", + "saved_object:index-pattern/find", + "saved_object:index-pattern/open_point_in_time", + "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:siem-detection-engine-rule-actions/bulk_get", + "saved_object:siem-detection-engine-rule-actions/get", + "saved_object:siem-detection-engine-rule-actions/find", + "saved_object:siem-detection-engine-rule-actions/open_point_in_time", + "saved_object:siem-detection-engine-rule-actions/close_point_in_time", + "saved_object:endpoint:user-artifact-manifest/bulk_get", + "saved_object:endpoint:user-artifact-manifest/get", + "saved_object:endpoint:user-artifact-manifest/find", + "saved_object:endpoint:user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_get", + "saved_object:endpoint:unified-user-artifact-manifest/get", + "saved_object:endpoint:unified-user-artifact-manifest/find", + "saved_object:endpoint:unified-user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/close_point_in_time", + "saved_object:security-solution-signals-migration/bulk_get", + "saved_object:security-solution-signals-migration/get", + "saved_object:security-solution-signals-migration/find", + "saved_object:security-solution-signals-migration/open_point_in_time", + "saved_object:security-solution-signals-migration/close_point_in_time", + "saved_object:risk-engine-configuration/bulk_get", + "saved_object:risk-engine-configuration/get", + "saved_object:risk-engine-configuration/find", + "saved_object:risk-engine-configuration/open_point_in_time", + "saved_object:risk-engine-configuration/close_point_in_time", + "saved_object:entity-engine-status/bulk_get", + "saved_object:entity-engine-status/get", + "saved_object:entity-engine-status/find", + "saved_object:entity-engine-status/open_point_in_time", + "saved_object:entity-engine-status/close_point_in_time", + "saved_object:privilege-monitoring-status/bulk_get", + "saved_object:privilege-monitoring-status/get", + "saved_object:privilege-monitoring-status/find", + "saved_object:privilege-monitoring-status/open_point_in_time", + "saved_object:privilege-monitoring-status/close_point_in_time", + "saved_object:privmon-api-key/bulk_get", + "saved_object:privmon-api-key/get", + "saved_object:privmon-api-key/find", + "saved_object:privmon-api-key/open_point_in_time", + "saved_object:privmon-api-key/close_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/bulk_get", + "saved_object:entity-analytics-monitoring-entity-source/get", + "saved_object:entity-analytics-monitoring-entity-source/find", + "saved_object:entity-analytics-monitoring-entity-source/open_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/close_point_in_time", + "saved_object:policy-settings-protection-updates-note/bulk_get", + "saved_object:policy-settings-protection-updates-note/get", + "saved_object:policy-settings-protection-updates-note/find", + "saved_object:policy-settings-protection-updates-note/open_point_in_time", + "saved_object:policy-settings-protection-updates-note/close_point_in_time", + "saved_object:security-ai-prompt/bulk_get", + "saved_object:security-ai-prompt/get", + "saved_object:security-ai-prompt/find", + "saved_object:security-ai-prompt/open_point_in_time", + "saved_object:security-ai-prompt/close_point_in_time", + "saved_object:security:reference-data/bulk_get", + "saved_object:security:reference-data/get", + "saved_object:security:reference-data/find", + "saved_object:security:reference-data/open_point_in_time", + "saved_object:security:reference-data/close_point_in_time", + "saved_object:config/bulk_get", + "saved_object:config/get", + "saved_object:config/find", + "saved_object:config/open_point_in_time", + "saved_object:config/close_point_in_time", + "saved_object:config-global/bulk_get", + "saved_object:config-global/get", + "saved_object:config-global/find", + "saved_object:config-global/open_point_in_time", + "saved_object:config-global/close_point_in_time", + "saved_object:telemetry/bulk_get", + "saved_object:telemetry/get", + "saved_object:telemetry/find", + "saved_object:telemetry/open_point_in_time", + "saved_object:telemetry/close_point_in_time", + "saved_object:url/bulk_get", + "saved_object:url/get", + "saved_object:url/find", + "saved_object:url/open_point_in_time", + "saved_object:url/close_point_in_time", + "saved_object:tag/bulk_get", + "saved_object:tag/get", + "saved_object:tag/find", + "saved_object:tag/open_point_in_time", + "saved_object:tag/close_point_in_time", + "saved_object:cloud/bulk_get", + "saved_object:cloud/get", + "saved_object:cloud/find", + "saved_object:cloud/open_point_in_time", + "saved_object:cloud/close_point_in_time", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "app:discover", + "ui:catalogue/discover", + "ui:navLinks/discover", + "saved_object:url/create", + "saved_object:url/bulk_create", + "saved_object:url/update", + "saved_object:url/bulk_update", + "saved_object:url/delete", + "saved_object:url/bulk_delete", + "saved_object:url/share_to_space", + "saved_object:search/bulk_get", + "saved_object:search/get", + "saved_object:search/find", + "saved_object:search/open_point_in_time", + "saved_object:search/close_point_in_time", + "ui:discover_v2/show", + "ui:discover_v2/createShortUrl", + "api:dashboardUsageStats", + "app:dashboards", + "ui:catalogue/dashboard", + "ui:navLinks/dashboards", + "saved_object:visualization/bulk_get", + "saved_object:visualization/get", + "saved_object:visualization/find", + "saved_object:visualization/open_point_in_time", + "saved_object:visualization/close_point_in_time", + "saved_object:canvas-workpad/bulk_get", + "saved_object:canvas-workpad/get", + "saved_object:canvas-workpad/find", + "saved_object:canvas-workpad/open_point_in_time", + "saved_object:canvas-workpad/close_point_in_time", + "saved_object:event-annotation-group/bulk_get", + "saved_object:event-annotation-group/get", + "saved_object:event-annotation-group/find", + "saved_object:event-annotation-group/open_point_in_time", + "saved_object:event-annotation-group/close_point_in_time", + "saved_object:lens/bulk_get", + "saved_object:lens/get", + "saved_object:lens/find", + "saved_object:lens/open_point_in_time", + "saved_object:lens/close_point_in_time", + "saved_object:links/bulk_get", + "saved_object:links/get", + "saved_object:links/find", + "saved_object:links/open_point_in_time", + "saved_object:links/close_point_in_time", + "saved_object:map/bulk_get", + "saved_object:map/get", + "saved_object:map/find", + "saved_object:map/open_point_in_time", + "saved_object:map/close_point_in_time", + "saved_object:dashboard/bulk_get", + "saved_object:dashboard/get", + "saved_object:dashboard/find", + "saved_object:dashboard/open_point_in_time", + "saved_object:dashboard/close_point_in_time", + "ui:dashboard_v2/show", + "ui:dashboard_v2/createShortUrl", + "app:maps", + "ui:catalogue/maps", + "ui:navLinks/maps", + "ui:maps_v2/show", + "app:visualize", + "app:lens", + "ui:catalogue/visualize", + "ui:navLinks/visualize", + "ui:navLinks/lens", + "ui:visualize_v2/show", + "ui:visualize_v2/createShortUrl", + ], + "policy_management_all": Array [ + "login:", + "api:securitySolution-writePolicyManagement", + "api:securitySolution-readPolicyManagement", + "saved_object:policy-settings-protection-updates-note/bulk_get", + "saved_object:policy-settings-protection-updates-note/get", + "saved_object:policy-settings-protection-updates-note/find", + "saved_object:policy-settings-protection-updates-note/open_point_in_time", + "saved_object:policy-settings-protection-updates-note/close_point_in_time", + "saved_object:policy-settings-protection-updates-note/create", + "saved_object:policy-settings-protection-updates-note/bulk_create", + "saved_object:policy-settings-protection-updates-note/update", + "saved_object:policy-settings-protection-updates-note/bulk_update", + "saved_object:policy-settings-protection-updates-note/delete", + "saved_object:policy-settings-protection-updates-note/bulk_delete", + "saved_object:policy-settings-protection-updates-note/share_to_space", + "ui:siemV5/writePolicyManagement", + "ui:siemV5/readPolicyManagement", + ], + "policy_management_read": Array [ + "login:", + "api:securitySolution-readPolicyManagement", + "saved_object:policy-settings-protection-updates-note/bulk_get", + "saved_object:policy-settings-protection-updates-note/get", + "saved_object:policy-settings-protection-updates-note/find", + "saved_object:policy-settings-protection-updates-note/open_point_in_time", + "saved_object:policy-settings-protection-updates-note/close_point_in_time", + "ui:siemV5/readPolicyManagement", + ], + "process_operations_all": Array [ + "login:", + "api:securitySolution-writeProcessOperations", + "ui:siemV5/writeProcessOperations", + ], + "read": Array [ + "login:", + "api:securitySolution", + "api:rac", + "api:lists-read", + "api:users-read", + "api:initialize-security-solution", + "api:securitySolution-entity-analytics", + "api:cloud-security-posture-read", + "api:bulkGetUserProfiles", + "api:securitySolution-threat-intelligence", + "app:securitySolution", + "app:csp", + "app:cloudDefend", + "app:kibana", + "ui:catalogue/securitySolution", + "ui:navLinks/securitySolution", + "ui:navLinks/csp", + "ui:navLinks/cloudDefend", + "ui:navLinks/kibana", + "saved_object:index-pattern/bulk_get", + "saved_object:index-pattern/get", + "saved_object:index-pattern/find", + "saved_object:index-pattern/open_point_in_time", + "saved_object:index-pattern/close_point_in_time", + "saved_object:csp_rule/bulk_get", + "saved_object:csp_rule/get", + "saved_object:csp_rule/find", + "saved_object:csp_rule/open_point_in_time", + "saved_object:csp_rule/close_point_in_time", + "saved_object:cloud-security-posture-settings/bulk_get", + "saved_object:cloud-security-posture-settings/get", + "saved_object:cloud-security-posture-settings/find", + "saved_object:cloud-security-posture-settings/open_point_in_time", + "saved_object:cloud-security-posture-settings/close_point_in_time", + "saved_object:csp-rule-template/bulk_get", + "saved_object:csp-rule-template/get", + "saved_object:csp-rule-template/find", + "saved_object:csp-rule-template/open_point_in_time", + "saved_object:csp-rule-template/close_point_in_time", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:siem-detection-engine-rule-actions/bulk_get", + "saved_object:siem-detection-engine-rule-actions/get", + "saved_object:siem-detection-engine-rule-actions/find", + "saved_object:siem-detection-engine-rule-actions/open_point_in_time", + "saved_object:siem-detection-engine-rule-actions/close_point_in_time", + "saved_object:endpoint:user-artifact-manifest/bulk_get", + "saved_object:endpoint:user-artifact-manifest/get", + "saved_object:endpoint:user-artifact-manifest/find", + "saved_object:endpoint:user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:user-artifact-manifest/close_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/bulk_get", + "saved_object:endpoint:unified-user-artifact-manifest/get", + "saved_object:endpoint:unified-user-artifact-manifest/find", + "saved_object:endpoint:unified-user-artifact-manifest/open_point_in_time", + "saved_object:endpoint:unified-user-artifact-manifest/close_point_in_time", + "saved_object:security-solution-signals-migration/bulk_get", + "saved_object:security-solution-signals-migration/get", + "saved_object:security-solution-signals-migration/find", + "saved_object:security-solution-signals-migration/open_point_in_time", + "saved_object:security-solution-signals-migration/close_point_in_time", + "saved_object:risk-engine-configuration/bulk_get", + "saved_object:risk-engine-configuration/get", + "saved_object:risk-engine-configuration/find", + "saved_object:risk-engine-configuration/open_point_in_time", + "saved_object:risk-engine-configuration/close_point_in_time", + "saved_object:entity-engine-status/bulk_get", + "saved_object:entity-engine-status/get", + "saved_object:entity-engine-status/find", + "saved_object:entity-engine-status/open_point_in_time", + "saved_object:entity-engine-status/close_point_in_time", + "saved_object:privilege-monitoring-status/bulk_get", + "saved_object:privilege-monitoring-status/get", + "saved_object:privilege-monitoring-status/find", + "saved_object:privilege-monitoring-status/open_point_in_time", + "saved_object:privilege-monitoring-status/close_point_in_time", + "saved_object:privmon-api-key/bulk_get", + "saved_object:privmon-api-key/get", + "saved_object:privmon-api-key/find", + "saved_object:privmon-api-key/open_point_in_time", + "saved_object:privmon-api-key/close_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/bulk_get", + "saved_object:entity-analytics-monitoring-entity-source/get", + "saved_object:entity-analytics-monitoring-entity-source/find", + "saved_object:entity-analytics-monitoring-entity-source/open_point_in_time", + "saved_object:entity-analytics-monitoring-entity-source/close_point_in_time", + "saved_object:policy-settings-protection-updates-note/bulk_get", + "saved_object:policy-settings-protection-updates-note/get", + "saved_object:policy-settings-protection-updates-note/find", + "saved_object:policy-settings-protection-updates-note/open_point_in_time", + "saved_object:policy-settings-protection-updates-note/close_point_in_time", + "saved_object:security-ai-prompt/bulk_get", + "saved_object:security-ai-prompt/get", + "saved_object:security-ai-prompt/find", + "saved_object:security-ai-prompt/open_point_in_time", + "saved_object:security-ai-prompt/close_point_in_time", + "saved_object:security:reference-data/bulk_get", + "saved_object:security:reference-data/get", + "saved_object:security:reference-data/find", + "saved_object:security:reference-data/open_point_in_time", + "saved_object:security:reference-data/close_point_in_time", + "saved_object:config/bulk_get", + "saved_object:config/get", + "saved_object:config/find", + "saved_object:config/open_point_in_time", + "saved_object:config/close_point_in_time", + "saved_object:config-global/bulk_get", + "saved_object:config-global/get", + "saved_object:config-global/find", + "saved_object:config-global/open_point_in_time", + "saved_object:config-global/close_point_in_time", + "saved_object:telemetry/bulk_get", + "saved_object:telemetry/get", + "saved_object:telemetry/find", + "saved_object:telemetry/open_point_in_time", + "saved_object:telemetry/close_point_in_time", + "saved_object:url/bulk_get", + "saved_object:url/get", + "saved_object:url/find", + "saved_object:url/open_point_in_time", + "saved_object:url/close_point_in_time", + "saved_object:tag/bulk_get", + "saved_object:tag/get", + "saved_object:tag/find", + "saved_object:tag/open_point_in_time", + "saved_object:tag/close_point_in_time", + "saved_object:cloud/bulk_get", + "saved_object:cloud/get", + "saved_object:cloud/find", + "saved_object:cloud/open_point_in_time", + "saved_object:cloud/close_point_in_time", + "ui:siemV5/show", + "ui:siemV5/entity-analytics", + "ui:siemV5/detections", + "ui:siemV5/investigation-guide", + "ui:siemV5/investigation-guide-interactions", + "ui:siemV5/threat-intelligence", + "app:discover", + "ui:catalogue/discover", + "ui:navLinks/discover", + "saved_object:url/create", + "saved_object:url/bulk_create", + "saved_object:url/update", + "saved_object:url/bulk_update", + "saved_object:url/delete", + "saved_object:url/bulk_delete", + "saved_object:url/share_to_space", + "saved_object:search/bulk_get", + "saved_object:search/get", + "saved_object:search/find", + "saved_object:search/open_point_in_time", + "saved_object:search/close_point_in_time", + "ui:discover_v2/show", + "ui:discover_v2/createShortUrl", + "api:dashboardUsageStats", + "app:dashboards", + "ui:catalogue/dashboard", + "ui:navLinks/dashboards", + "saved_object:visualization/bulk_get", + "saved_object:visualization/get", + "saved_object:visualization/find", + "saved_object:visualization/open_point_in_time", + "saved_object:visualization/close_point_in_time", + "saved_object:canvas-workpad/bulk_get", + "saved_object:canvas-workpad/get", + "saved_object:canvas-workpad/find", + "saved_object:canvas-workpad/open_point_in_time", + "saved_object:canvas-workpad/close_point_in_time", + "saved_object:event-annotation-group/bulk_get", + "saved_object:event-annotation-group/get", + "saved_object:event-annotation-group/find", + "saved_object:event-annotation-group/open_point_in_time", + "saved_object:event-annotation-group/close_point_in_time", + "saved_object:lens/bulk_get", + "saved_object:lens/get", + "saved_object:lens/find", + "saved_object:lens/open_point_in_time", + "saved_object:lens/close_point_in_time", + "saved_object:links/bulk_get", + "saved_object:links/get", + "saved_object:links/find", + "saved_object:links/open_point_in_time", + "saved_object:links/close_point_in_time", + "saved_object:map/bulk_get", + "saved_object:map/get", + "saved_object:map/find", + "saved_object:map/open_point_in_time", + "saved_object:map/close_point_in_time", + "saved_object:dashboard/bulk_get", + "saved_object:dashboard/get", + "saved_object:dashboard/find", + "saved_object:dashboard/open_point_in_time", + "saved_object:dashboard/close_point_in_time", + "ui:dashboard_v2/show", + "ui:dashboard_v2/createShortUrl", + "app:maps", + "ui:catalogue/maps", + "ui:navLinks/maps", + "ui:maps_v2/show", + "app:visualize", + "app:lens", + "ui:catalogue/visualize", + "ui:navLinks/visualize", + "ui:navLinks/lens", + "ui:visualize_v2/show", + "ui:visualize_v2/createShortUrl", + ], + "scan_operations_all": Array [ + "login:", + "api:securitySolution-writeScanOperations", + "ui:siemV5/writeScanOperations", + ], + "soc_management_all": Array [ + "login:", + "api:securitySolution-socManagement", + "ui:siemV5/socManagement", + ], + "trusted_applications_all": Array [ + "login:", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-writeTrustedApplications", + "api:securitySolution-readTrustedApplications", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "ui:siemV5/writeTrustedApplications", + "ui:siemV5/readTrustedApplications", + ], + "trusted_applications_read": Array [ + "login:", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-readTrustedApplications", + "ui:siemV5/readTrustedApplications", + ], + "trusted_devices_all": Array [ + "login:", + "api:lists-all", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-writeTrustedDevices", + "api:securitySolution-readTrustedDevices", + "saved_object:exception-list-agnostic/bulk_get", + "saved_object:exception-list-agnostic/get", + "saved_object:exception-list-agnostic/find", + "saved_object:exception-list-agnostic/open_point_in_time", + "saved_object:exception-list-agnostic/close_point_in_time", + "saved_object:exception-list-agnostic/create", + "saved_object:exception-list-agnostic/bulk_create", + "saved_object:exception-list-agnostic/update", + "saved_object:exception-list-agnostic/bulk_update", + "saved_object:exception-list-agnostic/delete", + "saved_object:exception-list-agnostic/bulk_delete", + "saved_object:exception-list-agnostic/share_to_space", + "ui:siemV5/writeTrustedDevices", + "ui:siemV5/readTrustedDevices", + ], + "trusted_devices_read": Array [ + "login:", + "api:lists-read", + "api:lists-summary", + "api:securitySolution-readTrustedDevices", + "ui:siemV5/readTrustedDevices", + ], + "workflow_insights_all": Array [ + "login:", + "api:securitySolution-writeWorkflowInsights", + "api:securitySolution-readWorkflowInsights", + "ui:siemV5/writeWorkflowInsights", + "ui:siemV5/readWorkflowInsights", + ], + "workflow_insights_read": Array [ + "login:", + "api:securitySolution-readWorkflowInsights", + "ui:siemV5/readWorkflowInsights", ], }, }