Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Defend Workflows] Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights #210354

Open
sukhwindersingh-qasource opened this issue Feb 10, 2025 · 4 comments · Fixed by #210637
Open

[Defend Workflows] Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights #210354

sukhwindersingh-qasource opened this issue Feb 10, 2025 · 4 comments · Fixed by #210637
Assignees
@szwarckonrad
Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. OLM Sprint QA:Ready for Testing Code is merged and ready for QA to validate Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.0.0

Comments

@sukhwindersingh-qasource
Copy link

sukhwindersingh-qasource commented Feb 10, 2025
edited
Loading

Describe the bug:

  • Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights
  • It shows the error message - Failed to mark insight as remediated

EDR BUG : remediation to the endpoint insight fails with the user having read access to the endpoint insight page .
Build Details:
VERSION: 9.0.0-beta1
BUILD: 83474
COMMIT: 88aa3d3

Login Credentials

Preconditions

  • Kibana 9.0.0beta1 should be present
  • Generate the Endpoint Insights
  • Create a User having the Read privileges to Endpoint Insights
  • Now Login with the User having the Read privileges

Steps to Reproduce

  • Navigate to Endpoints page
  • Now Click on the Endpoint name
  • Now on the genrated Insights click on the add to trusted apps button
  • Now save the trusted application
  • Observe that Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights

Actual result

  • Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights

Expected Result

  • Remediation to the Endpoint Insights should not fails when the user has only read privileges to the Endpoint Insights

Screen-shot

Endpoints.-.Kibana.Mozilla.Firefox.Private.Browsing.2025-02-10.17-39-08.mp4

Logs

  • N/A
@sukhwindersingh-qasource sukhwindersingh-qasource added bug Fixes for quality problems that affect the customer experience Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. triage_needed labels Feb 10, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@sukhwindersingh-qasource sukhwindersingh-qasource added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. Team:Defend Workflows “EDR Workflows” sub-team of Security Solution labels Feb 10, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

@sukhwindersingh-qasource
Copy link
Author

@muskangulati-qasource , Please review this

@muskangulati-qasource
Copy link

Reviewed and assigned to @dasansol92

@szwarckonrad szwarckonrad linked a pull request Feb 12, 2025 that will close this issue
[EDR Workflows] Workflow Insights - Change update api RBAC #210637
Merged
@sukhwindersingh-qasource sukhwindersingh-qasource changed the title "[Defend Workflows] Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights [Defend Workflows] Remediation to the Endpoint Insight fails when the user has only read privileges to the Endpoint Insights Feb 12, 2025
@szwarckonrad szwarckonrad reopened this Feb 13, 2025
@szwarckonrad szwarckonrad added the QA:Ready for Testing Code is merged and ready for QA to validate label Feb 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@szwarckonrad szwarckonrad

Labels
bug Fixes for quality problems that affect the customer experience impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. OLM Sprint QA:Ready for Testing Code is merged and ready for QA to validate Team:Defend Workflows “EDR Workflows” sub-team of Security Solution Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[EDR Workflows] Workflow Insights - Change update api RBAC szwarckonrad/kibana
5 participants
@dasansol92 @elasticmachine @szwarckonrad @muskangulati-qasource @sukhwindersingh-qasource