Privileges endpointedit
Retrieves whether or not the user is authenticated, and the user’s Kibana space
and index privileges, which determine if the user can create an index
(.siem-signals-*
) for the Elastic Security alerts generated by detection engine rules.
For information about the permissions and privileges required to create
.siem-signals-<Kibana-space>
indices, see Enable and access detections.
The Kibana Console supports only Elasticsearch APIs. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Console.
Get privilegesedit
Returns user privileges for the Kibana space.
Request URLedit
GET <kibana host>:<port>/api/detection_engine/privileges
Example requestsedit
Gets user privileges for the Kibana default space:
GET api/detection_engine/privileges
Gets user privileges for the Kibana siem
space:
GET s/siem/api/detection_engine/privileges
Response codeedit
-
200
- Indicates a successful call.
Example responseedit
{ "username": "detection-engine-admin", "has_all_requested": false, "cluster": { "monitor_ml": true, "manage_ccr": false, "manage_index_templates": true, "monitor_watcher": true, "monitor_transform": true, "read_ilm": true, "manage_api_key": false, "manage_security": false, "manage_own_api_key": false, "manage_saml": false, "all": false, "manage_ilm": true, "manage_ingest_pipelines": true, "read_ccr": false, "manage_rollup": true, "monitor": true, "manage_watcher": true, "manage": true, "manage_transform": true, "manage_token": false, "manage_ml": true, "manage_pipeline": true, "monitor_rollup": true, "transport_client": true, "create_snapshot": true }, "index": { ".siem-signals-detection-engine": { "all": false, "manage_ilm": true, "read": false, "create_index": true, "read_cross_cluster": false, "index": false, "monitor": true, "delete": false, "manage": true, "delete_index": true, "create_doc": false, "view_index_metadata": true, "create": false, "manage_follow_index": true, "manage_leader_index": true, "write": false } }, "application": {} "is_authenticated": true "has_encryption_key": true }
Indicates whether the user can log in to the Elasticsearch deployment. |
|
Indicates whether the
|