Closed dhurley14 closed 4 days ago
nastasha-solomon
commented
3 months ago Thanks for filing this, @dhurley14! Once there's a clear list of predefined Security roles that can instantiate the Detection Engine in Serverless, I can begin the process of adding that information to the Detections requirements page in the Serverless docs.
joepeeples
commented
1 month ago @nastasha-solomon Let's sync up when you're ready to start on this, because it could overlap with other work I'm doing for custom roles in serverless:
Specifically, I plan to revive various feature requirements pages (such as Detections requirements) that we whittled down for serverless MVP because features like custom roles and index privileges weren't supported then. Now that they're imminent for GA, we can probably align requirements pages in serverless much more closely with their ESS counterparts.
nastasha-solomon
commented
5 days ago @dhurley14 quick update on this: Priv docs for using detections in Serverless were recently added by @joepeeples here, but you can't see them in the public Serverless docs because the content is currently conditionalized out. Once the conditions are removed, the content will appear in the Serverless docs.
Also, the Serverless docs are almost identical to the ESS docs, save a few minor differences (e.g., there's no mention of setting feature visibility in spaces since that functionality doesn't exist in Serverless atm). If you'd like to review the content, let me know and I can generate an HTML preview for you. Otherwise, this doc task might be complete. : )
joepeeples
commented
5 days ago Priv docs for using detections in Serverless were recently added by @joepeeples here, but you can't see them in the public Serverless docs because the content is currently conditionalized out. Once the conditions are removed, the content will appear in the Serverless docs.
Also, the Serverless docs are almost identical to the ESS docs, save a few minor differences (e.g., there's no mention of setting feature visibility in spaces since that functionality doesn't exist in Serverless atm). If you'd like to review the content, let me know and I can generate an HTML preview for you.
FYI, you can get a sneak-peek of the conditionalized content in this preview (also linked in the PR's description): https://elastic-dot-co-docs-production-bc2c75hpv-elastic-dev.vercel.app/current/serverless/security/detections-requirements
nastasha-solomon
commented
4 days ago Closing this for now since the main request has been fufilled. @dhurley14, if you come across any issues or bugs with the Serverless detection priv docs, can you open a new issue to track that work?
Description
Currently we describe which privileges are required in order to set up the detection engine on a new deployment https://www.elastic.co/guide/en/security/current/detections-permissions-section.html#enable-detections-ui
With the addition of user roles for serverless projects, it was highlighted in this ticket that we will need to update this page to also include the serverless roles that are capable of instantiating the detection engine. We will update this ticket with the list of roles capable of doing that.
Related links / assets
Please include each of the following, if applicable: Doc URL: Subject matter expert: Figma link(s): Github epic link(s): Github issue link(s):
Which documentation set needs improvement?
Serverless only
Software version
Any applicable serverless version, so I'm assuming 8.12 / 8.13 and above?
Collaborators
PM: @approksiu Designer: Developer: Detections and Response Others (if applicable):
Timeline / deliverables
Since serverless is in the ungated preview stage it would be nice to add this relatively soon.