Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[csp] Telemetry for csp configuration #43223

Merged
merged 3 commits into from
Aug 14, 2019
Merged

[csp] Telemetry for csp configuration #43223

merged 3 commits into from
Aug 14, 2019

Conversation

epixa
Copy link
Contributor

@epixa epixa commented Aug 13, 2019

Summary

We collect the boolean configurations which can be derived by any
end-user of Kibana by making any HTTP request. Since the rules
configuration involves strings that can leak identifiable information,
we only collect whether the rules have been changed from their defaults.

The following shape is added to the telemetry payload:

csp: {
  strict: Boolean,
  warnLegacyBrowsers: Boolean,
  rulesChangedFromDefault: Boolean,
}

@epixa
csp: telemetry for csp configuration
49aa1dd 
We collect the boolean configurations which can be derived by any
end-user of Kibana by making any HTTP request. Since the rules
configuration involves strings that can leak identifiable information,
we only collect whether the rules have been changed from their defaults.
@epixa epixa added release_note:enhancement Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.0.0 Feature:Security/CSP Platform Security - Content Security Policy v7.4.0 labels Aug 13, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@epixa epixa marked this pull request as ready for review August 14, 2019 00:26
@epixa epixa requested a review from a team August 14, 2019 00:26
@kobelb kobelb self-requested a review August 14, 2019 00:30
Bamieh
Bamieh approved these changes Aug 14, 2019
View reviewed changes
Copy link
Member

@Bamieh Bamieh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

code LGTM

@epixa
Copy link
Contributor Author

epixa commented Aug 14, 2019

I relaxed the reliance on the constant defaults and switched the rule check over to a snapshot.

kobelb
kobelb approved these changes Aug 14, 2019
View reviewed changes
Copy link
Contributor

@kobelb kobelb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - apologies for all the nits

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

@epixa epixa merged commit e2e1941 into elastic:master Aug 14, 2019
@epixa epixa deleted the csp-telemetry branch August 14, 2019 20:03
@epixa epixa mentioned this pull request Aug 14, 2019
Merged
epixa added a commit that referenced this pull request Aug 14, 2019
@epixa
[csp] Telemetry for csp configuration (#43223) (#43313)
3cef021 
We collect the boolean configurations which can be derived by any
end-user of Kibana by making any HTTP request. Since the rules
configuration involves strings that can leak identifiable information,
we only collect whether the rules have been changed from their defaults.
jloleysens added a commit to jloleysens/kibana that referenced this pull request Aug 15, 2019
@jloleysens
Merge branch 'master' of github.com:elastic/kibana into feature/rollu…
0e96e99 
…p-metrics-selectall

* 'master' of github.com:elastic/kibana: (50 commits)
  [Uptime] update monitor list configs for mobile view (elastic#43218)
  [APM] Local UI filters (elastic#41588)
  [Code] Upgrade ctags langserver (elastic#43252)
  [Code] show multiple definition results in panel (elastic#43249)
  Adds Metric Type to full screen launch tracking (elastic#42692)
  [Canvas] Convert Autocomplete to Typescript (elastic#42502)
  [telemetry] add spacesEnabled config back to xpack_main (elastic#43312)
  [ML] Adds DF Transform Analytics list to Kibana management (elastic#43151)
  Add TLS client authentication support. (elastic#43090)
  [csp] Telemetry for csp configuration (elastic#43223)
  [SIEM] Run Cypress Tests Against Elastic Cloud & Cypress Command Line / Reporting (elastic#42804)
  docs: add tip on agent config in a dt (elastic#43301)
  [ML] Adding bucket span estimator to new wizards (elastic#43288)
  disable flaky tests (elastic#43017)
  Fix percy target branch for PRs (elastic#43160)
  [ML] Adding post create job options (elastic#43205)
  Restore discover histogram selection triggering fetch (elastic#43097)
  Per panel time range (elastic#43153)
  [Infra UI] Add APM to Metadata Endpoint (elastic#42197)
  Sentence case copy changes (elastic#43215)
  ...
chrisronline pushed a commit to chrisronline/kibana that referenced this pull request Aug 15, 2019
@epixa @chrisronline
[csp] Telemetry for csp configuration (elastic#43223)
ddd48e8 
We collect the boolean configurations which can be derived by any
end-user of Kibana by making any HTTP request. Since the rules
configuration involves strings that can leak identifiable information,
we only collect whether the rules have been changed from their defaults.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kobelb kobelb kobelb approved these changes

@Bamieh Bamieh Bamieh approved these changes

Assignees
No one assigned
Labels
Feature:Security/CSP Platform Security - Content Security Policy release_note:enhancement Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.4.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@epixa @elasticmachine @kobelb @Bamieh