[8.x] [EDR Workflows] Workflow Insights - RBAC (#205088) #205684
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Access Control for Endpoint Workflow Insights
This PR adds access control to the Endpoint Workflow Insights
functionality. Both the UI and API are gated based on the following
conditions. If these conditions are not met, the content will not
render, and direct API calls will return errors.
Access Conditions
```
1. Serverless: Requires the Endpoint Complete Tier.
2. ESS: Requires an Enterprise License.
3. User Privileges:
3.1 Endpoint Insights Privilege must be enabled:
3.1.1 Endpoint Insights All: Grants full access.
3.1.2 Endpoint Insights Read:
3.1.2.1 Allows users to view generated insights but prevents triggering new scans.
3.1.2.2 With Trusted Applications privilege: Users can remediate already generated insights.
3.1.2.3 Without Trusted Applications privilege: No actions can be taken.
3.1.3Endpoint Insights None: The section is not rendered.
```
Predefined serverless roles that should include endpoint insights
privilege(as defined
[here](elastic/security-team#11460)):
- Tier 3 analyst
- Rule Author
- SOC Manager
- Endpoint Operations Analyst
- Endpoint Policy Manager
- Platform Engineer
Once this PR is merged and changes make it to canary release, [this
follow-up
PR](elastic/elasticsearch-controller#816) should
be merged.
Note on Testing and Local Setup
To test these changes locally, the `defendInsights` assistant feature
must be enabled. You can do this by updating the following line in the
code: [Enable defendInsights
here](https://github.com/elastic/kibana/blob/2ae68bdaac180c62750798c148bed4fd01de07fe/x-pack/platform/packages/shared/kbn-elastic-assistant-common/impl/capabilities/index.ts#L23).
Cypress Tests
Cypress tests in this PR are currently skipped because the
`defendInsights` feature is not enabled by default. These tests should
be enabled once the feature is turned on in the main branch. Successful
run with all cypress tests enabled can be found
[here](https://buildkite.com/elastic/kibana-pull-request/builds/262774#0193f3c2-eddd-48b6-9103-fb7338304f15).
<details>
<summary>Screenshots</summary>
</details>
---------
Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit 2f61892)
botelastic
bot
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This will backport the following commits from
mainto8.x:Questions ?
Please refer to the Backport tool documentation