权限端点
编辑权限端点
编辑检索用户是否已认证,以及用户的 Kibana 空间和索引权限,这些权限决定用户是否可以为检测引擎规则生成的 Elastic 安全警报创建索引(.siem-signals-*)。
有关创建 .siem-signals-<Kibana-space> 索引所需的权限,请参见 启用和访问检测。
获取权限
编辑返回 Kibana 空间的用户权限。
请求 URL
编辑GET <kibana 主机>:<端口>/api/detection_engine/privileges
示例请求
编辑获取 Kibana 默认空间的用户权限
GET api/detection_engine/privileges
获取 Kibana siem 空间的用户权限
GET s/siem/api/detection_engine/privileges
响应代码
编辑-
200 - 表示调用成功。
示例响应
编辑{
"username": "detection-engine-admin",
"has_all_requested": false,
"cluster": {
"monitor_ml": true,
"manage_ccr": false,
"manage_index_templates": true,
"monitor_watcher": true,
"monitor_transform": true,
"read_ilm": true,
"manage_api_key": false,
"manage_security": false,
"manage_own_api_key": false,
"manage_saml": false,
"all": false,
"manage_ilm": true,
"manage_ingest_pipelines": true,
"read_ccr": false,
"manage_rollup": true,
"monitor": true,
"manage_watcher": true,
"manage": true,
"manage_transform": true,
"manage_token": false,
"manage_ml": true,
"manage_pipeline": true,
"monitor_rollup": true,
"transport_client": true,
"create_snapshot": true
},
"index": {
".siem-signals-detection-engine": {
"all": false,
"manage_ilm": true,
"read": false,
"create_index": true,
"read_cross_cluster": false,
"index": false,
"monitor": true,
"delete": false,
"manage": true,
"delete_index": true,
"create_doc": false,
"view_index_metadata": true,
"create": false,
"manage_follow_index": true,
"manage_leader_index": true,
"write": false
}
},
"application": {}
"is_authenticated": true
"has_encryption_key": true
}
|
指示用户是否可以登录到 Elasticsearch 部署。 |
|