The SIEM app is now a part of the Elastic Security solution. Click here to view the current documentation.
IMPORTANT: No additional bug fixes or documentation updates will be released for this version.
« Export rules Signals endpoint »
Elastic Docs SIEM Guide [7.8] SIEM APIs Detections API

Privileges endpoint

edit

Privileges endpoint

edit

Retrieves whether or not the user is authenticated, and the user’s Kibana space and index privileges, which determine if the user can create an index for the SIEM signals generated by detection engine rules. To create the index, users require manage privileges for both the Elasticsearch cluster and the .siem-signals-<Kibana space> index.

Get privileges

edit

Returns user privileges for the Kibana space.

Request URL

edit

GET <kibana host>:<port>/api/detection_engine/privileges

Example requests
edit

Gets user privileges for the Kibana default space:

GET api/detection_engine/privileges

Gets user privileges for the Kibana siem space:

GET s/siem/api/detection_engine/privileges

Response code

edit
200
Indicates a successful call.
Example response
edit
{
  "username": "detection-engine-admin",
  "has_all_requested": false,
  "cluster": {
    "monitor_ml": true,
    "manage_ccr": false,
    "manage_index_templates": true,
    "monitor_watcher": true,
    "monitor_transform": true,
    "read_ilm": true,
    "manage_api_key": false,
    "manage_security": false,
    "manage_own_api_key": false,
    "manage_saml": false,
    "all": false,
    "manage_ilm": true,
    "manage_ingest_pipelines": true,
    "read_ccr": false,
    "manage_rollup": true,
    "monitor": true,
    "manage_watcher": true,
    "manage": true,
    "manage_transform": true,
    "manage_token": false,
    "manage_ml": true,
    "manage_pipeline": true,
    "monitor_rollup": true,
    "transport_client": true,
    "create_snapshot": true
  },
  "index": {
    ".siem-signals-detection-engine": {
      "all": false,
      "manage_ilm": true,
      "read": false,
      "create_index": true,
      "read_cross_cluster": false,
      "index": false,
      "monitor": true,
      "delete": false,
      "manage": true,
      "delete_index": true,
      "create_doc": false,
      "view_index_metadata": true,
      "create": false,
      "manage_follow_index": true,
      "manage_leader_index": true,
      "write": false
    }
  },
  "application": {}
  "is_authenticated": true 
  "has_encryption_key": true 
}

Indicates whether the user can log in to the Elasticsearch deployment.

Indicates whether the xpack.encryptedSavedObjects.encryptionKey is set.
« Export rules Signals endpoint »