[Request] RBAC update - third party response actions #6398
Assignees
Labels
Docset: ESS
Issues that apply to docs in the Stack release
Docset: Serverless
Issues for Serverless Security
Effort: Medium
Issues that take moderate but not substantial time to complete
Feature: Response actions
also includes response console
Priority: Medium
Issues that have relevance, but aren't urgent
Team: EDR Workflows
Formerly Defend Workflows, Onboarding and Lifecycle Management
v8.18.0
Comments
natasha-moore-elastic
added
Team: EDR Workflows
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We have made a change to the RBAC requirements for using third party response actions, requiring users to add a second privilege to use these capabilities.
Existing docs pages:
https://www.elastic.co/guide/en/security/current/third-party-actions.html
https://www.elastic.co/guide/en/security/current/response-actions-config.html
A user will need BOTH of following Kibana privileges to use third party response actions:
Security > Security: Corresponding security solution response action privilege (documented here: https://www.elastic.co/guide/en/security/current/endpoint-management-req.html)
Management > Actions and Connectors > EDR sub-privilege
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
ESS: 8.18
Serverless release
Monday January 27
Feature differences
No differences
API docs impact
@paul-tavares could you provide?
Prerequisites, privileges, feature flags
No response
The text was updated successfully, but these errors were encountered: