Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Users in the alerting context #64588

Closed
rylnd opened this issue Apr 27, 2020 · 8 comments
Closed

Users in the alerting context #64588

rylnd opened this issue Apr 27, 2020 · 8 comments
Labels
enhancement New value added to drive a business result Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Alerting NeededFor:Detections and Resp NeededFor:ML Project:MoreRuleTypes Alerting team project for providing more ways to construct rules. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@rylnd
Copy link
Contributor

rylnd commented Apr 27, 2020

I started this discussion with #62886, but I believe that there's a broader need for user information within alerting. The simplest use case is retrieving user information for auditing purposes.

User retrieval is (to my knowledge) only accessible via security.authc.getCurrentUser, which itself requires a KibanaRequest object, so we're back to where we were with #62886, where alerting must either provide a request or its own interface to accomplish the same.

Another aspect of this issue: in the auditing scenario, the distinction between "user-initiated request" and "alert-initiated request" may be a meaningful one worth codifying (although it could also be done downstream).

@rylnd rylnd added the Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) label Apr 27, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@rylnd
Copy link
Contributor Author

rylnd commented Apr 30, 2020

After talking with @jgowdyelastic it sounds like ML is intending to add capabilities checks to all of their plugin's services. In the current implementation, that would require a KibanaRequest in addition to the scoped client provided by #62886.

TL;DR this is about to become a blocker on either the ML capabilities work, or SIEM's integration with ML and Alerting.

@mikecote
Copy link
Contributor

mikecote commented May 6, 2020

Note for alerting team:

Based on the menton here: #39430 (comment), this issue will expose the fake request object to alert and action executors and have clear documentation what breaking changes are coming that will remove the fake request and explain why its exposed in the meantime. This should help developers understand possible debt they're taking on with the usage of the fake request.

This issue should also remove the getScopedCallCluster service from alert and actions.

@mikecote
Copy link
Contributor

cc @arisonl

@mikecote
Copy link
Contributor

@rylnd the alerting team is doing some 7.12 release planning and I was wondering if SIEM was still waiting on this issue to integrate with ML? We will work on it in 7.12 if that is the case 🙏 but wanted to make sure

@mikecote
Copy link
Contributor

Moving from 7.12 - Candidates to 7.x - Candidates.

@mikecote
Copy link
Contributor

mikecote commented Feb 4, 2021

Moving from 7.x - Candidates to 8.x - Candidates (Backlog) after the latest 7.x planning session.

@gmmorris gmmorris added Project:MoreRuleTypes Alerting team project for providing more ways to construct rules. NeededFor:Detections and Resp Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework labels Jun 30, 2021
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
@mikecote
Copy link
Contributor

mikecote commented May 4, 2023

Closing due to lack of request. Let's re-open if we have some recent use cases and we can explore exposing the request object.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New value added to drive a business result Feature:Alerting/RulesFramework Issues related to the Alerting Rules Framework Feature:Alerting NeededFor:Detections and Resp NeededFor:ML Project:MoreRuleTypes Alerting team project for providing more ways to construct rules. Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
No open projects
Development

No branches or pull requests

5 participants