Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Request] Permissions for alert suppression in machine learning rules #5492

Open
joepeeples opened this issue Jul 2, 2024 · 2 comments · May be fixed by #5819
Open

[Request] Permissions for alert suppression in machine learning rules #5492

joepeeples opened this issue Jul 2, 2024 · 2 comments · May be fixed by #5819
Assignees
@joepeeples
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alerts Feature: Machine Learning Feature: Rules Team: Detection Engine v8.15.0

Comments

@joepeeples
Copy link
Contributor

joepeeples commented Jul 2, 2024
edited
Loading

Description

Users need a read permission for the .ml-anomalies-* index if the user in question is going to be authoring/managing ML Rules with Alert Suppression.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

Unknown

Feature differences

Unknown. Since it's a privileges thing, I assume there's an equivalent serverless prebuilt role that provides read access to the .ml-anomalies-* index pattern, but that isn't clear from the thread. @rylnd could you confirm which serverless roles are required?

API docs impact

Unknown

Prerequisites, privileges, feature flags

Unknown
@joepeeples joepeeples self-assigned this Jul 2, 2024
@rylnd
Copy link
Contributor

rylnd commented Jul 2, 2024

Thanks for filing this, @joepeeples! I think I can provide the missing context here:

  1. This is a UI feature: if they do not have read permission to that pattern, we are unable to populate field options in the "suppress by" section of the rule creation form, and it will be disabled.
  2. I believe all of our prebuilt security roles will now contain this permission, as per this PR

@joepeeples
Copy link
Contributor Author

joepeeples commented Sep 12, 2024
edited
Loading

@joepeeples joepeeples linked a pull request Sep 12, 2024 that will close this issue
Draft
@joepeeples joepeeples added the Effort: Medium Issues that take moderate but not substantial time to complete label Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joepeeples joepeeples

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Effort: Medium Issues that take moderate but not substantial time to complete Feature: Alerts Feature: Machine Learning Feature: Rules Team: Detection Engine v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Permissions for alert suppression in machine learning rules elastic/security-docs
2 participants
@rylnd @joepeeples