mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
a8f9e6e492
# Backport This will backport the following commits from `main` to `8.18`: - [[Security Solution] SIEM Migrations RBAC (#207087)](https://github.com/elastic/kibana/pull/207087) <!--- Backport version: 9.6.4 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Sergi Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-02-06T17:41:21Z","message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security Solution] SIEM Migrations RBAC","number":207087,"url":"https://github.com/elastic/kibana/pull/207087","mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/210086","number":210086,"state":"MERGED","mergeCommit":{"sha":"8acee959bc8252dade3aa5f2a335dbe129d962c3","message":"[9.0] [Security Solution] SIEM Migrations RBAC (#207087) (#210086)\n\n# Backport\n\nThis will backport the following commits from `main` to `9.0`:\n- [[Security Solution] SIEM Migrations RBAC\n(#207087)](https://github.com/elastic/kibana/pull/207087)\n\n<!--- Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the [Backport tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT [{\"author\":{\"name\":\"Sergi\nMassaneda\",\"email\":\"sergi.massaneda@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2025-02-06T17:41:21Z\",\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\",\"branchLabelMapping\":{\"^v9.1.0$\":\"main\",\"^v8.19.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:skip\",\"v9.0.0\",\"Team:Threat\nHunting\",\"backport:version\",\"v8.18.0\",\"v9.1.0\",\"v8.19.0\"],\"title\":\"[Security\nSolution] SIEM Migrations\nRBAC\",\"number\":207087,\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"mergeCommit\":{\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"9.0\",\"8.18\",\"8.x\"],\"targetPullRequestStates\":[{\"branch\":\"9.0\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.18\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"main\",\"label\":\"v9.1.0\",\"branchLabelMappingKey\":\"^v9.1.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"number\":207087,\"mergeCommit\":{\"message\":\"[Security\nSolution] SIEM Migrations RBAC (#207087)\\n\\n## Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start migration API route now checks if\nthe user has privileges to use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n-\nCreate a migration\\r\\n - Security All -> Main Security read & write\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we show a callout\nwith the missing privileges:\\r\\n\\r\\n\\r\\n###\nRule Translations page\\r\\n\\r\\n- Minimum privileges to make the page\naccessible (read access):\\r\\n - Security Read -> Main Security read\naccess\\r\\n - Siem Migrations All -> new feature under the Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the navigation and\ndisplay the generic\\r\\nempty state if accessed:\\r\\n\\r\\n\\r\\n-\nTo successfully install rules the following privileges are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main Security\nread & write access\\r\\n- Index privileges for `.alerts*` pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show a callout at the\ntop of the page, this callout is\\r\\nconsistent with the one displayed on\nthe Detection Rules page\\r\\n(`/app/security/rules`)\\r\\n\\r\\n\\r\\n-\nTo retry rule translations (upload missing macros/lookups or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This privilege\nallows connector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the missing privilege.\n\\r\\n\\r\\n\\r\\n\\r\\n##\nOther changes\\r\\n\\r\\n- Technical preview\nlabel\\r\\n\\r\\n\\r\\n\\r\\n-\nNo connector selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n- [Fixed] Not possible to select a connector when no\nconnector\nis\\r\\nselected:\\r\\n\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},{\"branch\":\"8.x\",\"label\":\"v8.19.0\",\"branchLabelMappingKey\":\"^v8.19.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207087","number":207087,"mergeCommit":{"message":"[Security Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements the access controls for SIEM rule migrations.\r\n\r\n## API changes\r\n\r\n- All API routes have been secured with \"SIEM Migration\" feature checks\r\n- Start migration API route now checks if the user has privileges to use\r\nthe connector ID received\r\n \r\n## UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector selection\r\n- Actions & Connectors: Read -> This privilege allows reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n- Create a migration\r\n - Security All -> Main Security read & write access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout with the missing privileges:\r\n\r\n\r\n### Rule Translations page\r\n\r\n- Minimum privileges to make the page accessible (read access):\r\n - Security Read -> Main Security read access\r\n - Siem Migrations All -> new feature under the Security catalog\r\n \r\nOtherwise, we hide the link in the navigation and display the generic\r\nempty state if accessed:\r\n\r\n\r\n- To successfully install rules the following privileges are also\r\nrequired (write access):\r\n - Security All -> Main Security read & write access\r\n- Index privileges for `.alerts*` pattern: _read, write,\r\nview_index_metadata, manage_\r\n - Index privileges for `lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the top of the page, this callout is\r\nconsistent with the one displayed on the Detection Rules page\r\n(`/app/security/rules`)\r\n\r\n\r\n- To retry rule translations (upload missing macros/lookups or retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when attempted, we show a toast with the missing privilege. \r\n\r\n\r\n\r\n## Other changes\r\n\r\n- Technical preview label\r\n\r\n\r\n\r\n- No connector selected toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n## Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no connector is\r\nselected:\r\n\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>\r\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> |
||
|---|---|---|
| .. | ||
| common | ||
| security_and_spaces | ||
| spaces_only | ||