Privileges endpointedit

Retrieves whether or not the user is authenticated, and the user’s Kibana space and index privileges, which determine if the user can create an index for the SIEM signals generated by detection engine rules. To create the index, users require manage privileges for both the Elasticsearch cluster and the .siem-signals-<Kibana space> index.

Get privilegesedit

Returns user privileges for the Kibana space.

Request URLedit

GET <kibana host>:<port>/api/detection_engine/privileges

Example requestsedit

Gets user privileges for the Kibana default space:

GET api/detection_engine/privileges

Gets user privileges for the Kibana siem space:

GET s/siem/api/detection_engine/privileges

Response codeedit

200
Indicates a successful call.
Example responseedit
{
  "username": "detection-engine-admin",
  "has_all_requested": false,
  "cluster": {
    "monitor_ml": true,
    "manage_ccr": false,
    "manage_index_templates": true,
    "monitor_watcher": true,
    "monitor_transform": true,
    "read_ilm": true,
    "manage_api_key": false,
    "manage_security": false,
    "manage_own_api_key": false,
    "manage_saml": false,
    "all": false,
    "manage_ilm": true,
    "manage_ingest_pipelines": true,
    "read_ccr": false,
    "manage_rollup": true,
    "monitor": true,
    "manage_watcher": true,
    "manage": true,
    "manage_transform": true,
    "manage_token": false,
    "manage_ml": true,
    "manage_pipeline": true,
    "monitor_rollup": true,
    "transport_client": true,
    "create_snapshot": true
  },
  "index": {
    ".siem-signals-detection-engine": {
      "all": false,
      "manage_ilm": true,
      "read": false,
      "create_index": true,
      "read_cross_cluster": false,
      "index": false,
      "monitor": true,
      "delete": false,
      "manage": true,
      "delete_index": true,
      "create_doc": false,
      "view_index_metadata": true,
      "create": false,
      "manage_follow_index": true,
      "manage_leader_index": true,
      "write": false
    }
  },
  "application": {}
  "is_authenticated": true 
  "has_encryption_key": true 
}

Indicates whether the user can log in to the Elasticsearch deployment.

Indicates whether the xpack.encryptedSavedObjects.encryptionKey is set.