[Security Solution] Add analytics features to security roles (elastic…

…#169783) ## Summary issue: elastic#168245 Adding missing "Analytics" features to all Security roles: ``` - feature_discover.all - feature_dashboard.all - feature_canvas.all - feature_graph.all - feature_maps.all - feature_visualize.all ``` In order to verify the Discover link is present in the sidenav a new cypress test for serverless has been added to: `x-pack/test/security_solution_cypress/cypress/e2e/navigation/navigation.cy.ts` --------- Co-authored-by: Kibana Machine <[email protected]>
gsoldevila · Nov 2, 2023 · c50730a · c50730a
1 parent 161e129
commit c50730a
Show file tree

Hide file tree

Showing 10 changed files with 555 additions and 117 deletions.
diff --git a/packages/kbn-es/src/serverless_resources/roles.yml b/packages/kbn-es/src/serverless_resources/roles.yml
@@ -117,7 +117,7 @@ t1_analyst:
         - metrics-endpoint.metadata_current_*
         - ".fleet-agents*"
         - ".fleet-actions*"
-        - "risk-score.risk-score-*"
+        - risk-score.risk-score-*
       privileges:
         - read
   applications:
@@ -132,6 +132,12 @@ t1_analyst:
         - feature_builtInAlerts.read
         - feature_osquery.read
         - feature_osquery.run_saved_queries
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 t2_analyst:
@@ -158,7 +164,7 @@ t2_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
-        - "risk-score.risk-score-*"
+        - risk-score.risk-score-*
       privileges:
         - read
   applications:
@@ -173,6 +179,12 @@ t2_analyst:
         - feature_builtInAlerts.read
         - feature_osquery.read
         - feature_osquery.run_saved_queries
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 t3_analyst:
@@ -206,7 +218,7 @@ t3_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
-        - "risk-score.risk-score-*"
+        - risk-score.risk-score-*
       privileges:
         - read
   applications:
@@ -230,6 +242,12 @@ t3_analyst:
         - feature_actions.read
         - feature_builtInAlerts.all
         - feature_osquery.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 threat_intelligence_analyst:
@@ -259,7 +277,7 @@ threat_intelligence_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
-        - "risk-score.risk-score-*"
+        - risk-score.risk-score-*
       privileges:
         - read
   applications:
@@ -274,6 +292,12 @@ threat_intelligence_analyst:
         - feature_actions.read
         - feature_builtInAlerts.read
         - feature_osquery.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 rule_author:
@@ -311,7 +335,7 @@ rule_author:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
-        - "risk-score.risk-score-*"
+        - risk-score.risk-score-*
       privileges:
         - read
   applications:
@@ -332,6 +356,12 @@ rule_author:
         - feature_actions.read
         - feature_builtInAlerts.all
         - feature_osquery.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 soc_manager:
@@ -393,7 +423,13 @@ soc_manager:
         - feature_actions.all
         - feature_builtInAlerts.all
         - feature_osquery.all
-        - feature_indexPatterns.all # Detections Data Views
+        - feature_indexPatterns.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 detections_admin:
@@ -439,6 +475,12 @@ detections_admin:
         - feature_actions.all
         - feature_builtInAlerts.all
         - feature_dev_tools.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 platform_engineer:
@@ -483,7 +525,13 @@ platform_engineer:
         - feature_fleet.all
         - feature_fleetv2.all
         - feature_osquery.all
-        - feature_indexPatterns.all # Detections Data Views
+        - feature_indexPatterns.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 endpoint_operations_analyst:
@@ -493,7 +541,6 @@ endpoint_operations_analyst:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
-        - risk-score.risk-score-*
       privileges:
         - read
     - names:
@@ -507,6 +554,7 @@ endpoint_operations_analyst:
         - winlogbeat-*
         - .lists*
         - .items*
+        - risk-score.risk-score-*
       privileges:
         - read
     - names:
@@ -540,6 +588,12 @@ endpoint_operations_analyst:
         - feature_osquery.all
         - feature_fleet.all
         - feature_fleetv2.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
 
 endpoint_policy_manager:
@@ -549,7 +603,6 @@ endpoint_policy_manager:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
         - .fleet-actions*
-        - risk-score.risk-score-*
       privileges:
         - read
     - names:
@@ -563,6 +616,7 @@ endpoint_policy_manager:
         - winlogbeat-*
         - .lists*
         - .items*
+        - risk-score.risk-score-*
       privileges:
         - read
     - names:
@@ -593,4 +647,10 @@ endpoint_policy_manager:
         - feature_osquery.all
         - feature_fleet.all
         - feature_fleetv2.all
+        - feature_discover.all
+        - feature_dashboard.all
+        - feature_canvas.all
+        - feature_graph.all
+        - feature_maps.all
+        - feature_visualize.all
       resources: "*"
diff --git a/x-pack/plugins/osquery/cypress/tasks/live_query.ts b/x-pack/plugins/osquery/cypress/tasks/live_query.ts
@@ -7,7 +7,6 @@
 
 import { LIVE_QUERY_EDITOR, OSQUERY_FLYOUT_BODY_EDITOR } from '../screens/live_query';
 import { ServerlessRoleName } from '../support/roles';
-import { isServerless } from './serverless';
 import { waitForAlertsToPopulate } from '../../../../test/security_solution_cypress/cypress/tasks/create_new_rule';
 
 export const DEFAULT_QUERY = 'select * from processes;';
@@ -146,10 +145,8 @@ export const checkActionItemsInResults = ({
   cases: boolean;
   timeline: boolean;
 }) => {
-  cy.contains('View in Discover').should(
-    isServerless ? 'not.exist' : discover ? 'exist' : 'not.exist'
-  );
-  cy.contains('View in Lens').should(isServerless ? 'not.exist' : lens ? 'exist' : 'not.exist');
+  cy.contains('View in Discover').should(discover ? 'exist' : 'not.exist');
+  cy.contains('View in Lens').should(lens ? 'exist' : 'not.exist');
   cy.contains('Add to Case').should(cases ? 'exist' : 'not.exist');
   cy.contains('Add to timeline investigation').should(timeline ? 'exist' : 'not.exist');
 };