diff --git a/docs/dev-tools/grokdebugger/index.asciidoc b/docs/dev-tools/grokdebugger/index.asciidoc index 5162e806edd078..994836de7a1a23 100644 --- a/docs/dev-tools/grokdebugger/index.asciidoc +++ b/docs/dev-tools/grokdebugger/index.asciidoc @@ -32,7 +32,7 @@ in ingest node and Logstash. This example walks you through using the *Grok Debugger*. This tool is automatically enabled in {kib}. -NOTE: If you're using {security}, you must have the `manage_pipeline` +NOTE: If you're using {stack-security-features}, you must have the `manage_pipeline` permission to use the Grok Debugger. . Open the menu, go to *Dev Tools*, then click *Grok Debugger*. diff --git a/docs/settings/monitoring-settings.asciidoc b/docs/settings/monitoring-settings.asciidoc index 48b5b5eb5d0c03..5b8fa0725d96b3 100644 --- a/docs/settings/monitoring-settings.asciidoc +++ b/docs/settings/monitoring-settings.asciidoc @@ -7,7 +7,7 @@ By default, the Monitoring application is enabled, but data collection is disabled. When you first start {kib} monitoring, you are prompted to -enable data collection. If you are using {security}, you must be +enable data collection. If you are using {stack-security-features}, you must be signed in as a user with the `cluster:manage` privilege to enable data collection. The built-in `superuser` role has this privilege and the built-in `elastic` user has this role. diff --git a/docs/setup/install.asciidoc b/docs/setup/install.asciidoc index 73036da8f1390b..cb47210cb3f089 100644 --- a/docs/setup/install.asciidoc +++ b/docs/setup/install.asciidoc @@ -53,8 +53,8 @@ Formulae are available from the Elastic Homebrew tap for installing {kib} on mac <> IMPORTANT: If your Elasticsearch installation is protected by -{ref}/elasticsearch-security.html[{security}] see -{kibana-ref}/using-kibana-with-security.html[Configuring security in Kibana] for +{ref}/elasticsearch-security.html[{stack-security-features}] see +{kibana-ref}/using-kibana-with-security.html[Configuring security in {kib}] for additional setup instructions. include::install/targz.asciidoc[] diff --git a/docs/user/monitoring/monitoring-kibana.asciidoc b/docs/user/monitoring/monitoring-kibana.asciidoc index b9ec3982eb3c55..bb8b3e5d42851b 100644 --- a/docs/user/monitoring/monitoring-kibana.asciidoc +++ b/docs/user/monitoring/monitoring-kibana.asciidoc @@ -20,9 +20,10 @@ node in the production cluster. By default, it is is disabled (`false`). + -- NOTE: You can specify this setting in either the `elasticsearch.yml` on each -node or across the cluster as a dynamic cluster setting. If {es} -{security-features} are enabled, you must have `monitor` cluster privileges to -view the cluster settings and `manage` cluster privileges to change them. +node or across the cluster as a dynamic cluster setting. If +{stack-security-features} are enabled, you must have `monitor` cluster +privileges to view the cluster settings and `manage` cluster privileges to +change them. -- @@ -33,7 +34,7 @@ view the cluster settings and `manage` cluster privileges to change them. -- By default, if you are running {kib} locally, go to `http://localhost:5601/`. -If {es} {security-features} are enabled, log in. +If {security-features} are enabled, log in. -- ... Open the menu, then go to *Stack Monitoring*. If data collection is @@ -80,13 +81,13 @@ monitoring cluster prevents production cluster outages from impacting your ability to access your monitoring data. It also prevents monitoring activities from impacting the performance of your production cluster. -If {security} is enabled on the production cluster, use an HTTPS URL such -as `https://:9200` in this setting. +If {security-features} are enabled on the production cluster, use an HTTPS +URL such as `https://:9200` in this setting. =============================== -- -. If the Elastic {security-features} are enabled on the production cluster: +. If {security-features} are enabled on the production cluster: .. Verify that there is a valid user ID and password in the `elasticsearch.username` and diff --git a/docs/user/reporting/chromium-sandbox.asciidoc b/docs/user/reporting/chromium-sandbox.asciidoc index bfef5b8b86c6b1..dcb421261c0678 100644 --- a/docs/user/reporting/chromium-sandbox.asciidoc +++ b/docs/user/reporting/chromium-sandbox.asciidoc @@ -2,14 +2,16 @@ [[reporting-chromium-sandbox]] === Chromium sandbox -When {reporting} uses the Chromium browser for generating PDF reports, it's recommended to use the sandbox for -an additional layer of security. The Chromium sandbox uses operating system provided mechanisms to ensure that -code execution cannot make persistent changes to the computer or access confidential information. The specific -sandboxing techniques differ for each operating system. +When {report-features} uses the Chromium browser for generating PDF reports, +it's recommended to use the sandbox for an additional layer of security. The +Chromium sandbox uses operating system provided mechanisms to ensure that +code execution cannot make persistent changes to the computer or access +confidential information. The specific sandboxing techniques differ for each +operating system. ==== Linux sandbox The Linux sandbox depends on user namespaces, which were introduced with the 3.8 Linux kernel. However, many -distributions don't have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. {reporting} +distributions don't have user namespaces enabled by default, or they require the CAP_SYS_ADMIN capability. The {report-features} will automatically disable the sandbox when it is running on Debian and CentOS as additional steps are required to enable unprivileged usernamespaces. In these situations, you'll see the following message in your {kib} startup logs: `Chromium sandbox provides an additional layer of protection, but is not supported for your OS. diff --git a/docs/user/reporting/configuring-reporting.asciidoc b/docs/user/reporting/configuring-reporting.asciidoc index 7489e2cf51f614..ca2d79bb2dec0b 100644 --- a/docs/user/reporting/configuring-reporting.asciidoc +++ b/docs/user/reporting/configuring-reporting.asciidoc @@ -2,8 +2,8 @@ [[configuring-reporting]] == Reporting configuration -You can configure settings in `kibana.yml` to control how {reporting} -communicates with the {kib} server, manages background jobs, and captures +You can configure settings in `kibana.yml` to control how the {report-features} +communicate with the {kib} server, manages background jobs, and captures screenshots. See <> for the complete list of settings. @@ -11,9 +11,9 @@ list of settings. [[encryption-keys]] === Encryption keys for multiple {kib} instances -By default, a new encryption key is generated for {reporting} each time -you start {kib}. This means if a static encryption key is not persisted in the -{kib} configuration, any pending reports will fail when you restart {kib}. +By default, a new encryption key is generated for the {report-features} each +time you start {kib}. This means if a static encryption key is not persisted in +the {kib} configuration, any pending reports will fail when you restart {kib}. If you are load balancing across multiple {kib} instances, they need to have the same reporting encryption key. Otherwise, report generation will fail if a diff --git a/docs/user/reporting/development/index.asciidoc b/docs/user/reporting/development/index.asciidoc index a64e540da0c70e..4e86c803bd82d0 100644 --- a/docs/user/reporting/development/index.asciidoc +++ b/docs/user/reporting/development/index.asciidoc @@ -1,9 +1,11 @@ [role="xpack"] [[reporting-integration]] == Reporting integration -Integrating a {kib} application with {reporting} requires a minimum amount of code, and the goal is to not have to -modify the Reporting code as we add additional applications. Instead, applications abide by a contract that Reporting -uses to determine the information that is required to export CSVs and PDFs. +Integrating a {kib} application with the {report-features} requires a minimum +amount of code, and the goal is to not have to modify the reporting code as we +add additional applications. Instead, applications abide by a contract that +{report-features} use to determine the information that is required to export +CSVs and PDFs. [IMPORTANT] ============================================== @@ -18,7 +20,7 @@ X-Pack uses the `share` plugin of the Kibana platform to register actions in the [float] === Generate job URL -To generate a new {reporting} job, different export types require different `jobParams` that are Rison encoded into a URL +To generate a new reporting job, different export types require different `jobParams` that are Rison encoded into a URL that abide by the following convention: `/api/reporting/generate?jobParams=${rison.encode(jobParams)}`. If you use the aforementioned <> then this detail will be abstracted away, but if you provide a custom UI for generating the report, you will have to generate the URL and create a POST request to the URL. diff --git a/docs/user/reporting/gs-index.asciidoc b/docs/user/reporting/gs-index.asciidoc index 87918ee76340e0..46c1fd38b7d69b 100644 --- a/docs/user/reporting/gs-index.asciidoc +++ b/docs/user/reporting/gs-index.asciidoc @@ -21,7 +21,7 @@ You can also <>. IMPORTANT: Reports are stored in the `.reporting-*` indices. Any user with access to these indices has access to every report generated by all users. -To use {reporting} in a production environment, +To use {report-features} in a production environment, <>. -- diff --git a/docs/user/reporting/index.asciidoc b/docs/user/reporting/index.asciidoc index 6acdbbe3f0a99e..e4e4b461ac2bd3 100644 --- a/docs/user/reporting/index.asciidoc +++ b/docs/user/reporting/index.asciidoc @@ -19,7 +19,7 @@ image::user/reporting/images/share-button.png["Share"] [float] == Setup -{reporting} is automatically enabled in {kib}. It runs a custom build of the Chromium web browser, which +The {report-features} are automatically enabled in {kib}. It runs a custom build of the Chromium web browser, which runs on the server in headless mode to load {kib} and capture the rendered {kib} charts as images. Chromium is an open-source project not related to Elastic, but the Chromium binary for {kib} has been custom-built by Elastic to ensure it diff --git a/docs/user/reporting/script-example.asciidoc b/docs/user/reporting/script-example.asciidoc index 88f48ad1d3182e..94301fc6fb4486 100644 --- a/docs/user/reporting/script-example.asciidoc +++ b/docs/user/reporting/script-example.asciidoc @@ -19,7 +19,8 @@ curl \ // CONSOLE <1> `POST` method is required. -<2> Provide user credentials for a user with permission to access Kibana and X-Pack reporting. +<2> Provide user credentials for a user with permission to access Kibana and +{report-features}. <3> The `kbn-version` header is required for all `POST` requests to Kibana. **The value must match the dotted-numeral version of the Kibana instance.** <4> The POST URL. You can copy and paste the URL for any report from the Kibana UI. diff --git a/docs/user/reporting/watch-example.asciidoc b/docs/user/reporting/watch-example.asciidoc index 627e31017230c9..253722fefecc0e 100644 --- a/docs/user/reporting/watch-example.asciidoc +++ b/docs/user/reporting/watch-example.asciidoc @@ -52,7 +52,7 @@ report from the Kibana UI. <3> Optional, default is 40 <4> Optional, default is 15s <5> Provide user credentials for a user with permission to access Kibana and -{reporting}. +the {report-features}. //For more information, see <>. //<>. diff --git a/docs/user/security/reporting.asciidoc b/docs/user/security/reporting.asciidoc index 30340e1db989a4..4e02759ce99cbd 100644 --- a/docs/user/security/reporting.asciidoc +++ b/docs/user/security/reporting.asciidoc @@ -5,8 +5,8 @@ Reporting operates by creating and updating documents in {es} in response to user actions in {kib}. -To use {reporting} with {security} enabled, you need to -<>. +To use {report-features} with {security-features} enabled, you need to +<>. If you are automatically generating reports with {ref}/xpack-alerting.html[{watcher}], you also need to configure {watcher} to trust the {kib} server's certificate. @@ -118,10 +118,10 @@ reporting_user: === Secure the reporting endpoints In a production environment, you should restrict access to -the {reporting} endpoints to authorized users. This requires that you: +the reporting endpoints to authorized users. This requires that you: -. Enable {security} on your {es} cluster. For more information, -see {ref}/security-getting-started.html[Getting Started with Security]. +. Enable {stack-security-features} on your {es} cluster. For more information, +see {ref}/security-getting-started.html[Getting started with security]. . Configure TLS/SSL encryption for the {kib} server. For more information, see <>. . Specify the {kib} server's CA certificate chain in `elasticsearch.yml`: @@ -150,13 +150,13 @@ For more information, see {ref}/notification-settings.html#ssl-notification-sett -- . Add one or more users who have the permissions -necessary to use {kib} and {reporting}. For more information, see +necessary to use {kib} and {report-features}. For more information, see <>. -Once you've enabled SSL for {kib}, all requests to the {reporting} endpoints +Once you've enabled SSL for {kib}, all requests to the reporting endpoints must include valid credentials. For example, see the following page which includes a watch that submits requests as the built-in `elastic` user: <>. For more information about configuring watches, see -{ref}/how-watcher-works.html[How Watcher works]. +{ref}/how-watcher-works.html[How {watcher} works]. diff --git a/docs/user/security/securing-kibana.asciidoc b/docs/user/security/securing-kibana.asciidoc index b30acd0ed2e53e..0177ac94bd402f 100644 --- a/docs/user/security/securing-kibana.asciidoc +++ b/docs/user/security/securing-kibana.asciidoc @@ -5,21 +5,21 @@ Configure security ++++ -{kib} users have to log in when {security} is enabled on your cluster. You -configure {security} roles for your {kib} users to control what data those users -can access. +{kib} users have to log in when {stack-security-features} are enabled on your +cluster. You configure roles for your {kib} users to control what data those +users can access. Most requests made through {kib} to {es} are authenticated by using the credentials of the logged-in user. There are, however, a few internal requests that the {kib} server needs to make to the {es} cluster. For this reason, you must configure credentials for the {kib} server to use for those requests. -With {security} enabled, if you load a {kib} dashboard that accesses data in an -index that you are not authorized to view, you get an error that indicates the -index does not exist. {security} do not currently provide a way to control which -users can load which dashboards. +With {security-features} enabled, if you load a {kib} dashboard that accesses +data in an index that you are not authorized to view, you get an error that +indicates the index does not exist. The {security-features} do not currently +provide a way to control which users can load which dashboards. -To use {kib} with {security}: +To use {kib} with {security-features}: . {ref}/configuring-security.html[Configure security in {es}]. @@ -38,8 +38,8 @@ elasticsearch.password: "kibanapassword" The {kib} server submits requests as this user to access the cluster monitoring APIs and the `.kibana` index. The server does _not_ need access to user indices. -The password for the built-in `kibana_system` user is typically set as part of the -{security} configuration process on {es}. For more information, see +The password for the built-in `kibana_system` user is typically set as part of +the security configuration process on {es}. For more information, see {ref}/built-in-users.html[Built-in users]. -- @@ -53,7 +53,7 @@ as the encryption key. xpack.security.encryptionKey: "something_at_least_32_characters" -------------------------------------------------------------------------------- -For more information, see <>. +For more information, see <>. -- . Optional: Set a timeout to expire idle sessions. By default, a session stays