elasticmachine
commented
3 years ago Pinging @elastic/security-solution (Team: SecuritySolution)
Open spong opened 3 years ago
elasticmachine
commented
3 years ago Pinging @elastic/security-solution (Team: SecuritySolution)
pmuellr
commented
3 years ago One of the issues with dashboards over system indices (.kibana*) is that normal users won't have read privs so the graphs come up empty, which is correct. So would need some doc indicating it only works for superusers or users who are given read privs, presumably via a new role, so that should all be documented. With the caveat that given read privs to those indices, the user can see any Kibana SO's in any spaces.
spong
commented
3 years ago Linking Rule Monitoring POC https://github.com/elastic/kibana/issues/111452#issuecomment-925919609 -- if this ships as experimental in 7.16 there is less of a need to bundle this dashboard as an interim solution.
elasticmachine
commented
2 years ago Pinging @elastic/security-detections-response (Team:Detections and Resp)
Similar to how the CTI folks started linking off to custom dashboards for Threat Intelligence (https://github.com/elastic/kibana/pull/100423), while we enhance our capabilities around Rule Monitoring, it would be nice if we could ship a Rule Monitoring dashboard similar to the great dashboard @pmuellr put together for better diagnosing Task Manager/Alerting issues.
Unlike the CTI dashboard PR above, which I believe was relying on dashboards being loaded as part of setting up the filebeat threat intel module, we'd need to provide the dashboard assets and corresponding KIPs (now DataViews), so this may be a little more effort than it's worth depending on our in-flight Rule Monitoring upgrades.