Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request]: Privileges created using Security Solution's alerts dataview pattern #599

Open
rylnd opened this issue Feb 25, 2025 · 0 comments
Open

[Request]: Privileges created using Security Solution's alerts dataview pattern #599

rylnd opened this issue Feb 25, 2025 · 0 comments
Assignees
@nastasha-solomon

Comments

@rylnd
Copy link

rylnd commented Feb 25, 2025

What documentation page is affected

Troubleshoot Detection Rules (https://www.elastic.co/guide/en/security/current/ts-detection-rules.html)

What change would you like to see?

The broader issue with this UI creating misconfigured roles is captured here; this issue is requesting that we add a callout in our troubleshooting documentation that would allow users to diagnose/correct this situation.

As demonstrated in the inciting issue, the user would likely see a

This rule may not have the required read privileges

warning where they would otherwise not expect one, and as mentioned in the kibana issue the solution is to "itemize" their index privileges, i.e.:

  • auditbeat-*,filebeat-*: read/write becomes:
    • auditbeat-*: read/write and
    • filebeat-*: read/write

Additional info

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nastasha-solomon nastasha-solomon

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rylnd @nastasha-solomon