Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Solution][Detections] Manage Alerts persona can only manage alerts on Rule Details, not the Alerts page #125868

Closed
spong opened this issue Feb 16, 2022 · 8 comments
Closed

[Security Solution][Detections] Manage Alerts persona can only manage alerts on Rule Details, not the Alerts page #125868

spong opened this issue Feb 16, 2022 · 8 comments
Assignees
@dplumlee
Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.17.0 v8.0.0 v8.1.0

Comments

@spong
Copy link
Member

spong commented Feb 16, 2022
edited
Loading

Verified on 7.17.0 cloud (and later verified in 8.x), when having read Kibana Space Security feature privileges (along with the ES index privileges outlined in the docs for the manage alerts action) the user should be able to mark alerts as open/ack/closed. In testing I'm seeing that on the main Alerts page the checkbox and utility bar action is missing (and so you can't interact with alerts), however when navigating to a specific Rule Details, you can indeed interact with the alerts.

Alerts Page

Rule Details

Note: there is an open 7.x docs issue for clarifying that read Kibana Space Security feature privileges are required to prevent the managing of Rules but still allow managing alerts.

cc @MadameSheema @peluja1012 @jethr0null @rylnd
@spong spong added bug Fixes for quality problems that affect the customer experience triage_needed impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.17.0 labels Feb 16, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@ghost
Copy link

ghost commented Feb 17, 2022

Hi @spong,

We have validated above issue on 8.1.0 BC2 build and it is occurring here as well.

Build Info:
Version: 8.1.0
Build: 50222
Commit: ee89ebfddeda3baaf6cd87c0299247c5248cb952

Screenshots:

image

image

image

Thanks !

@MadameSheema MadameSheema added the Team:Detections and Resp Security Detection Response Team label Feb 28, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detections-response (Team:Detections and Resp)

@MadameSheema MadameSheema added the Team:Detection Alerts Security Detection Alerts Area Team label Feb 28, 2022
@spong
Copy link
Member Author

spong commented Feb 28, 2022

Linking @dhurley14's POC around improving privilege checks in code: #126165.

@dplumlee dplumlee mentioned this issue Feb 28, 2022
Merged
3 tasks
@MadameSheema
Copy link
Member

@marshallmain as the last 8.1.0BC has been already built, please update version labels ;)

@marshallmain
Copy link
Contributor

Closing as the linked PR fixes this issue

@marshallmain
Copy link
Contributor

@karanverma-qasource Can you verify the fix on 7.17.2, 8.1.1, and 8.2?

@ghost
Copy link

ghost commented Jun 2, 2022

Hi @marshallmain ,

we have validated above issue on 7.17.2, 8.1.1 and 8.2.0 builds, and it's working fine. 🟢

Build Details:

Version: 7.17.2
Build: 46734
Commit: 07cff2b713ccaea7caa78c054848de6cc2ba0331

Version: 8.1.1
Build: 50609
Commit: 0a94c82a3656a1600666ba9beb0f0b18ceb7464f

Version: 8.2.0
Build: 52005
Commit: 9a5003d8cf0062bf24ef64d6712b44823888cc03

Screenshots:

7.17.2

Annotation 2022-06-02 134919

Annotation 2022-06-02 134937

Annotation 2022-06-02 135004

8.1.1

Annotation 2022-06-02 132637

Annotation 2022-06-02 132733

Annotation 2022-06-02 132812

8.2.0
Annotation 2022-06-02 133707

Annotation 2022-06-02 133738

Annotation 2022-06-02 133800

Ticket got missed from our tracking so got delayed to share the observation.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dplumlee dplumlee

Labels
bug Fixes for quality problems that affect the customer experience impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. Team:Detection Alerts Security Detection Alerts Area Team Team:Detections and Resp Security Detection Response Team Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v7.17.0 v8.0.0 v8.1.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@spong @elasticmachine @MadameSheema @marshallmain @dplumlee