[RAC][Alert Triage] Permission Callout Components #93875
Labels
enhancement
New value added to drive a business result
Feature:Detection Alerts
Security Solution Detection Alerts Feature
Team:Detections and Resp
Security Detection Response Team
Team:Observability
Team label for Observability Team (for things that are handled across all of observability)
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Theme: rac
label obsolete
Description
This issue is for the generification of the
Permission Callout
components used within the Alert Triage workflow on the main Security Detections page and Rule Details page. There are two main callouts used within the Alert Triage workflow, one for when the user doesn't have write permissions to the .alerts index, and the other for when the .alerts index needs to be rolled over when a template update has been detected. Generification of the latter is TBD as we may be using the Kibana System User to achieve this.User has no permissions to write (update) .alerts index
User has no permissions to rollover (maintenance) .alerts index (TBD, perhaps handled by kibana system user)
Interface
Inputs
canUserCRUD
,signalIndexMappingOutdated
,hasIndexManage
)Outputs
API Requirements
.alerts
index. Currently leverages useUserData() hook within Security Solution.Destination Plugin/Package 🏠
alerting plugin
,rac
plugin, or generic shared component package, but TBD.Existing Source
ReadOnlyAlertsCallout
(source) as implemented in this PR.NeedAdminForUpdateCallout
(source) as implemented in this PRData is fetched using following hook: useUserData() hook within Security Solution.
The text was updated successfully, but these errors were encountered: