Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[EDR Workflows] Workflow Insights - RBAC #205088

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

szwarckonrad
Copy link
Contributor

@szwarckonrad szwarckonrad commented Dec 23, 2024

Access Control for Endpoint Workflow Insights

This PR adds access control to the Endpoint Workflow Insights functionality. Both the UI and API are gated based on the following conditions. If these conditions are not met, the content will not render, and direct API calls will return errors.

Access Conditions

1. Serverless: Requires the Endpoint Complete Tier.
2. ESS: Requires an Enterprise License.
3. User Privileges:
    3.1 Endpoint Insights Privilege must be enabled:
        3.1.1 Endpoint Insights All: Grants full access.
	3.1.2 Endpoint Insights Read:
	    3.1.2.1 Allows users to view generated insights but prevents triggering new scans.
	    3.1.2.2 With Trusted Applications privilege: Users can remediate already generated insights.
	    3.1.2.3 Without Trusted Applications privilege: No actions can be taken.
	3.1.3Endpoint Insights None: The section is not rendered.

Predefined serverless roles that should include endpoint insights privilege(as defined here):

  • Tier 3 analyst
  • Rule Author
  • SOC Manager
  • Endpoint Operations Analyst
  • Endpoint Policy Manager
  • Platform Engineer

Once this PR is merged and changes make it to canary release, this follow-up PR should be merged.

Note on Testing and Local Setup

To test these changes locally, the defendInsights assistant feature must be enabled. You can do this by updating the following line in the code: Enable defendInsights here.

Cypress Tests

Cypress tests in this PR are currently skipped because the defendInsights feature is not enabled by default. These tests should be enabled once the feature is turned on in the main branch. Successful run with all cypress tests enabled can be found here.

Screenshots

396870292-b5bbedad-330f-4ef5-8281-29699cf01a98
b
a
c
Screenshot 2024-12-23 at 13 32 57

@szwarckonrad szwarckonrad marked this pull request as ready for review December 23, 2024 17:37
@szwarckonrad szwarckonrad requested review from a team as code owners December 23, 2024 17:37
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
securitySolution 21.4MB 21.4MB +4.1KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 174.2KB 174.4KB +242.0B
securitySolutionServerless 26.4KB 26.4KB +85.0B
total +327.0B

History

Copy link
Member

@jbudz jbudz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes to packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml LGTM

@botelastic botelastic bot added the Team:Fleet Team label for Observability Data Collection Fleet team label Dec 23, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/fleet (Team:Fleet)

Copy link
Contributor

@juliaElastic juliaElastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fleet change LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Team:Fleet Team label for Observability Data Collection Fleet team
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants