Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.2] Updates warning about editing rules using API authentication (backport #4110) #4159

Merged
merged 3 commits into from
Nov 1, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 19 additions & 2 deletions docs/detections/api/rules/rules-api-bulk-actions.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,12 @@ NOTE: Console supports only {es} APIs and doesn't allow interactions with {kib}

IMPORTANT: This API has been deprecated since version 8.2, and is scheduled for end of life in Q4 2023. Please use the <<bulk-actions-rules-api-action, bulk action API>> instead.

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Creates new rules.

Expand Down Expand Up @@ -147,7 +152,12 @@ A JSON array containing the deleted rules.

IMPORTANT: This API has been deprecated since version 8.2, and is scheduled for end of life in Q4 2023. Please use the <<bulk-actions-rules-api-action, bulk action API>> instead.

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Updates multiple rules.

Expand Down Expand Up @@ -230,6 +240,13 @@ A JSON array containing the updated rules.
[[bulk-actions-rules-api-action]]
==== Bulk action

[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Applies a bulk action to multiple rules. The bulk action is applied to all rules that match the filter or to the list of rules by their IDs.

[discrete]
Expand Down
7 changes: 6 additions & 1 deletion docs/detections/api/rules/rules-api-create.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
[[rules-api-create]]
=== Create rule

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Creates a new detection rule.

Expand Down
7 changes: 7 additions & 0 deletions docs/detections/api/rules/rules-api-import.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,13 @@ Imports rules from an `.ndjson` file. The following configuration items are also
* Actions
* Exception lists

[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

NOTE: Console supports {es} APIs only. Console doesn't allow interactions with {kib} APIs. You must use `curl` or another HTTP tool instead. For more information, refer to {kibana-ref}/console-kibana.html[Run {es} API requests]. Please also note this API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.

NOTE: You need at least `Read` privileges for the `Action and Connectors` feature to import rules with actions. If you're importing rules without actions, `Action and Connectors` feature privileges are not required. Refer to <<enable-detections-ui>> for more information.
Expand Down
17 changes: 17 additions & 0 deletions docs/detections/api/rules/rules-api-overview.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,23 @@ the status of Elastic <<prebuilt-rules, prebuilt rules>>
TIP: You can view and download a Detections API Postman collection
https://github.com/elastic/examples/tree/master/Security%20Analytics/SIEM-examples/Detections-API[here].

[float]
=== Authentication
This API supports both key- and token-based authentication.

To use key-based authentication, create an {kibana-ref}/api-keys.html[API key], then specify the key in the header of your API calls.

To use token-based authentication, provide a username and password; this automatically creates an API key that matches the current user's privileges.

In both cases, the API key is subsequently used for authorization when the rule runs.

[WARNING]
====
If the API key has different privileges than the key that created or most recently updated the rule, the rule behavior might change.

If the key that created the rule gets deleted, or the user that created the rule becomes inactive, the rule will stop running.
====

[float]
=== Kibana role requirements

Expand Down
7 changes: 6 additions & 1 deletion docs/detections/api/rules/rules-api-update.asciidoc
Original file line number Diff line number Diff line change
@@ -1,7 +1,12 @@
[[rules-api-update]]
=== Update rule

WARNING: This API supports {kibana-ref}/api.html#token-api-authentication[Token-based authentication] only.
[WARNING]
====
When used with {kibana-ref}/api-keys.html[API key] authentication, the user's key gets assigned to the affected rules. If the user's key gets deleted or the user becomes inactive, the rules will stop running.

If the API key that is used for authorization has different privileges than the key that created or most recently updated the rule, the rule behavior might change.
====

Updates an existing detection rule.

Expand Down