[SIEM] Enrich Privileges endpoint with NP Authentication data #59225
Assignees
Labels
bug
Fixes for quality problems that affect the customer experience
critical
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Team:SIEM
v7.7.0
Comments
rylnd
added
bug
|
Pinging @elastic/siem (Team:SIEM) |
|
Pinging @XavierM since I know you've touched this stuff recently. |
2 tasks
|
Closed via #61334, backported to 7.7 and 7.x. |
MindyRS
added
the
Team: SecuritySolution
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NP does not currently provide the user's authentication status as a request header. Consequently, I've currently hardcoded the
is_authenticatedprivilege totrue. This needs to be replaced with equivalent logic before 7.7 is released.My understanding is that one can disable the security plugin, disable authentication on elasticsearch, and interact with SIEM in an unauthenticated manner. With that hardcoded value above, they will be perceived as authenticated and things are going to enter undefined behavior.
Per this discussion, the NP work is still ongoing.
What's unclear to me is whether the above situation is going to play well with NP: I suppose it would just be
const isAuthenticated = spaces?.isAuthenticated(request) ?? false? We don't seem to support the "optional auth" use case mentioned in the above issue, so that logic seems like it should work.The text was updated successfully, but these errors were encountered: