Skip to content

Commit

Permalink
[DOCS] Add warning about bypassing ML PUT APIs (#38608)
Browse files Browse the repository at this point in the history
Now that ML configurations are stored in the .ml-config
index rather than in cluster state there is a possibility
that some users may try to add configurations directly to
the index.  Allowing this creates a variety of problems
including possible data exflitration attacks (depending on
how security is set up), so this commit adds warnings
against allowing writes to the .ml-config index other than
via the ML APIs.

Backport of #38509
  • Loading branch information
droberts195 authored Feb 8, 2019
1 parent 8408797 commit 0b0af8c
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
5 changes: 5 additions & 0 deletions docs/reference/ml/apis/put-datafeed.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ Instantiates a {dfeed}.
You must create a job before you create a {dfeed}. You can associate only one
{dfeed} to each job.

IMPORTANT: You must use {kib} or this API to create a {dfeed}. Do not put a {dfeed}
directly to the `.ml-config` index using the Elasticsearch index API.
If {es} {security-features} are enabled, do not give users `write`
privileges on the `.ml-config` index.


==== Path Parameters

Expand Down
8 changes: 7 additions & 1 deletion docs/reference/ml/apis/put-job.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,13 @@ Instantiates a job.

`PUT _xpack/ml/anomaly_detectors/<job_id>`

//===== Description
===== Description

IMPORTANT: You must use {kib} or this API to create a {ml} job. Do not put a job
directly to the `.ml-config` index using the Elasticsearch index API.
If {es} {security-features} are enabled, do not give users `write`
privileges on the `.ml-config` index.


==== Path Parameters

Expand Down

0 comments on commit 0b0af8c

Please sign in to comment.