Skip to content

Commit

Permalink
Updates warning about editing rules using API authentication (#4110)
Browse files Browse the repository at this point in the history
* Updates warning about editing rules using API authentication

* Apply suggestions from TW review

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>

* Applies TW feedback

* Updates notes to address both scenarios

* Removes extra period

---------

Co-authored-by: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com>
(cherry picked from commit 783ce5a)

# Conflicts:
#	docs/detections/api/rules/rules-api-create.asciidoc
  • Loading branch information
natasha-moore-elastic authored and mergify[bot] committed Nov 1, 2023
1 parent eade985 commit 8733771
Show file tree
Hide file tree
Showing 5 changed files with 62 additions and 4 deletions.
21 changes: 19 additions & 2 deletions docs/detections/api/rules/rules-api-bulk-actions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,12 @@ You can bulk create, update, and delete rules.

IMPORTANT: This API has been deprecated since version 8.2, and is scheduled for end of life in Q4 2023. Please use the <<bulk-actions-rules-api-action, bulk action API>> instead.

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Creates new rules.

Expand Down Expand Up @@ -145,7 +150,12 @@ A JSON array containing the deleted rules.

IMPORTANT: This API has been deprecated since version 8.2, and is scheduled for end of life in Q4 2023. Please use the <<bulk-actions-rules-api-action, bulk action API>> instead.

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Updates multiple rules.

Expand Down Expand Up @@ -228,6 +238,13 @@ A JSON array containing the updated rules.
[[bulk-actions-rules-api-action]]
==== Bulk action

[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Applies a bulk action to multiple rules. The bulk action is applied to all rules that match the filter or to the list of rules by their IDs.

[discrete]
Expand Down
14 changes: 14 additions & 0 deletions docs/detections/api/rules/rules-api-create.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,21 @@
[[rules-api-create]]
=== Create rule

<<<<<<< HEAD
WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
=======
:frontmatter-description: Create a new detection rule.
:frontmatter-tags-products: [security, alerting]
:frontmatter-tags-content-type: [reference]
:frontmatter-tags-user-goals: [manage]
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====
>>>>>>> 783ce5ab (Updates warning about editing rules using API authentication (#4110))
Creates a new detection rule.
Expand Down
7 changes: 6 additions & 1 deletion docs/detections/api/rules/rules-api-import.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,12 @@ Imports rules from an `.ndjson` file. The following configuration items are also
* Actions
* Exception lists

NOTE: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

NOTE: You need at least `Read` privileges for the `Action and Connectors` feature to import rules with actions. If you're importing rules without actions, `Action and Connectors` feature privileges are not required. Refer to <<enable-detections-ui>> for more information.

Expand Down
17 changes: 17 additions & 0 deletions docs/detections/api/rules/rules-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,23 @@ the status of Elastic <<prebuilt-rules, prebuilt rules>>
TIP: You can view and download a Detections API Postman collection
https://github.com/elastic/examples/tree/master/Security%20Analytics/SIEM-examples/Detections-API[here].

[float]
=== Authentication
This API supports both key- and token-based authentication.

To use key-based authentication, create an {kibana-ref}/api-keys.html[API key], then specify the key in the header of your API calls.

To use token-based authentication, provide a username and password; this automatically creates an API key that matches the current user's privileges.

In both cases, the API key is subsequently used for authorization when the rule runs.

[WARNING]
====
If the API key has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
If the key that created the rule gets deleted, or the user that created the rule becomes inactive, the rule will stop running.
====

[float]
=== Kibana role requirements

Expand Down
7 changes: 6 additions & 1 deletion docs/detections/api/rules/rules-api-update.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
[[rules-api-update]]
=== Update rule

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.
If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Updates an existing detection rule.

Expand Down

0 comments on commit 8733771

Please sign in to comment.