Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 437: Maintenance permission #492

Merged
merged 8 commits into from
Feb 24, 2021
+17 −9
Merged

Issue 437: Maintenance permission #492

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
9a7c0e7
Issue #437: Add maintenance permission for SIEM index
narcher7 Feb 3, 2021
5688888
Merge branch 'master' of github.com:elastic/security-docs into Issue-…
narcher7 Feb 5, 2021
5f8e162
Rework detections section
Feb 23, 2021
660ccfc
Add slight edits to the new section.
Feb 24, 2021
11d45ea
Add a couple more grammar edits.
narcher7 Feb 24, 2021
60c1726
Update docs/getting-started/detections-req.asciidoc
narcher7 Feb 24, 2021
473007a
Add back in accidental deletion
narcher7 Feb 24, 2021
559e6f6
Fix conflicts
narcher7 Feb 24, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 17 additions & 9 deletions docs/getting-started/detections-req.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ and restarting {kib}, you must restart all detection rules.
To enable the <<detection-engine-overview, Detections feature>>, a user with
these privileges must visit (click on) the *Detections* page:

* The `manage` cluster privilege
* The `manage` cluster privilege.
* {kib} space `All` privileges for the `Security` feature (see
{kibana-ref}/xpack-spaces.html#spaces-control-user-access[Feature access based on user privileges]).
* The `manage`, `write`,`read`, and `view_index_metadata` index privileges for all of these system indices:
Expand Down Expand Up @@ -74,24 +74,32 @@ image::images/sec-admin-user.png[]
[[access-detections-ui]]
== Access and use Detections

After enabling Detections, only users with these permission can view and use the
*Detections* page:
After enabling Detections, only users with these permissions can view and use rules and alerts on the *Detections* page:

* {kib} space `All` privileges for the `Security` and `Saved Objects
Management` features
* The `read`, `write`, and `view_index_metadata` index privileges for all of these system indices:
**All**

These permissions are required for both rule and alert management:

* {kib} space with `All` privileges enabled for `Security`.
narcher7 marked this conversation as resolved.
Show resolved Hide resolved
* The `read`, `write`, `view_index_metadata`, and `maintenance` index privileges for all of these system indices:
** `.siem-signals-<kib-space>`
spong marked this conversation as resolved.
Show resolved Hide resolved
** `.lists-<kib-space>`
** `.items-<kib-space>`
+
Where `<kib-space>` is the {kib} space name.

Here's a screenshot of a user role that can view and create detection rules in all {kib}
spaces:

[role="screenshot"]
image::images/sec-user.png[]

**Rule**

For rule management, make sure {kib} space with `All` privileges is enabled for both `Security` and `Saved Objects Management` features.

**Alert**

If you only want a user to update the status of alerts but not rule, only {kib} space with `All` privileges enabled for `Security` is required.


[discrete]
[[adv-list-settings]]
== Configure list upload limits
Expand Down