IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Privileges endpoint
editPrivileges endpoint
editRetrieves whether or not the user is authenticated, and the user’s Kibana space
and index privileges, which determine if the user can create an index
(.siem-signals-*
) for the Elastic Security alerts generated by detection engine rules.
For information about the permissions and privileges required to create
.siem-signals-<Kibana-space>
indices, see Enable and access detections.
Get privileges
editReturns user privileges for the Kibana space.
Request URL
editGET <kibana host>:<port>/api/detection_engine/privileges
Example requests
editGets user privileges for the Kibana default space:
GET api/detection_engine/privileges
Gets user privileges for the Kibana siem
space:
GET s/siem/api/detection_engine/privileges
Response code
edit-
200
- Indicates a successful call.
Example response
edit{ "username": "detection-engine-admin", "has_all_requested": false, "cluster": { "monitor_ml": true, "manage_ccr": false, "manage_index_templates": true, "monitor_watcher": true, "monitor_transform": true, "read_ilm": true, "manage_api_key": false, "manage_security": false, "manage_own_api_key": false, "manage_saml": false, "all": false, "manage_ilm": true, "manage_ingest_pipelines": true, "read_ccr": false, "manage_rollup": true, "monitor": true, "manage_watcher": true, "manage": true, "manage_transform": true, "manage_token": false, "manage_ml": true, "manage_pipeline": true, "monitor_rollup": true, "transport_client": true, "create_snapshot": true }, "index": { ".siem-signals-detection-engine": { "all": false, "manage_ilm": true, "read": false, "create_index": true, "read_cross_cluster": false, "index": false, "monitor": true, "delete": false, "manage": true, "delete_index": true, "create_doc": false, "view_index_metadata": true, "create": false, "manage_follow_index": true, "manage_leader_index": true, "write": false } }, "application": {} "is_authenticated": true "has_encryption_key": true }
Indicates whether the user can log in to the Elasticsearch deployment. |
|
Indicates whether the
|