Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Users in the alerting context #64588

Closed
rylnd opened this issue Apr 27, 2020 · 8 comments
Closed

Users in the alerting context #64588

rylnd opened this issue Apr 27, 2020 · 8 comments
Labels
enhancement New value added to drive a business result Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Alerting NeededFor:Detections and Resp NeededFor:ML Project:MoreRuleTypes Alerting team project for providing more ways to construct rules. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@rylnd
Copy link
Contributor

rylnd commented Apr 27, 2020

I started this discussion with #62886, but I believe that there's a broader need for user information within alerting. The simplest use case is retrieving user information for auditing purposes.

User retrieval is (to my knowledge) only accessible via security.authc.getCurrentUser, which itself requires a KibanaRequest object, so we're back to where we were with #62886, where alerting must either provide a request or its own interface to accomplish the same.

Another aspect of this issue: in the auditing scenario, the distinction between "user-initiated request" and "alert-initiated request" may be a meaningful one worth codifying (although it could also be done downstream).
@rylnd rylnd added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Apr 27, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@rylnd
Copy link
Contributor Author

rylnd commented Apr 30, 2020
edited
Loading

After talking with @jgowdyelastic it sounds like ML is intending to add capabilities checks to all of their plugin's services. In the current implementation, that would require a KibanaRequest in addition to the scoped client provided by #62886.

TL;DR this is about to become a blocker on either the ML capabilities work, or SIEM's integration with ML and Alerting.

This was referenced Apr 30, 2020
Open
Merged
@mikecote
Copy link
Contributor

mikecote commented May 6, 2020
edited
Loading

Note for alerting team:

Based on the menton here: #39430 (comment), this issue will expose the fake request object to alert and action executors and have clear documentation what breaking changes are coming that will remove the fake request and explain why its exposed in the meantime. This should help developers understand possible debt they're taking on with the usage of the fake request.

This issue should also remove the getScopedCallCluster service from alert and actions.

@mikecote mikecote mentioned this issue Jun 2, 2020
Open
59 tasks
@jgowdyelastic jgowdyelastic mentioned this issue Jul 3, 2020
Closed
26 tasks
@mikecote mikecote added the enhancement New value added to drive a business result label Aug 19, 2020
@jgowdyelastic jgowdyelastic mentioned this issue Aug 25, 2020
Merged
@jgowdyelastic jgowdyelastic mentioned this issue Sep 1, 2020
Merged
3 tasks
@jgowdyelastic jgowdyelastic mentioned this issue Oct 29, 2020
Merged
3 tasks
@mikecote
Copy link
Contributor

cc @arisonl

@mikecote
Copy link
Contributor

@rylnd the alerting team is doing some 7.12 release planning and I was wondering if SIEM was still waiting on this issue to integrate with ML? We will work on it in 7.12 if that is the case 🙏 but wanted to make sure

@peteharverson peteharverson mentioned this issue Dec 22, 2020
Closed
13 tasks
@mikecote
Copy link
Contributor

Moving from 7.12 - Candidates to 7.x - Candidates.

@mikecote
Copy link
Contributor

mikecote commented Feb 4, 2021

Moving from 7.x - Candidates to 8.x - Candidates (Backlog) after the latest 7.x planning session.

@ymao1 ymao1 mentioned this issue Apr 23, 2021
Closed
@gmmorris gmmorris added Project:MoreRuleTypes Alerting team project for providing more ways to construct rules. NeededFor:Detections and Resp Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework labels Jun 30, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
@jgowdyelastic jgowdyelastic mentioned this issue Feb 1, 2022
Open
6 tasks
@dplumlee dplumlee mentioned this issue Mar 1, 2022
Merged
3 tasks
@mikecote
Copy link
Contributor

mikecote commented May 4, 2023

Closing due to lack of request. Let's re-open if we have some recent use cases and we can explore exposing the request object.

@mikecote mikecote closed this as completed May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Alerting NeededFor:Detections and Resp NeededFor:ML Project:MoreRuleTypes Alerting team project for providing more ways to construct rules. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Status: Done
Milestone
No milestone
Development

No branches or pull requests
5 participants
@gmmorris @kobelb @rylnd @mikecote @elasticmachine