Skip to content

[AI SOC] Grant fleet (v1) access to see integrations in Search AI Lake tier #221189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
May 24, 2025
Merged

[AI SOC] Grant fleet (v1) access to see integrations in Search AI Lake tier #221189

merged 7 commits into from
May 24, 2025

Conversation

tomsonpl
Copy link
Contributor

@tomsonpl tomsonpl commented May 21, 2025
edited
Loading

Summary

This PR modifies the Security Search AI Lake tier configuration to properly grant Fleet (v1 integrations only) access to users with Security Solution privileges. This change ensures that users can access integrations within the AI SOC product.

Changes

  • Added Fleet privileges to the siemV2 feature composition in serverless.security.search_ai_lake.yml
  • Ensured both all and read privilege levels include the appropriate Fleet access
  • Added override privileges to discover along with fleet since had to introduce siemV2 (and siem) capabilities..

Why

In the Security Search AI Lake tier, users need access to Fleet (v1) functionality to use integrations. Without this access, they would be unable to use some of the crucial functionalities:

The configuration overrides in this PR ensure that:

  • Integrations tile in get_started page is rendered
  • Integrations page in configurations is rendered
  • Alerts summary page is rendered

Testing

  • Verified that users with Security Solution access can now view and manage integrations
  • Confirmed that admin users and role-based users have appropriate access to Fleet functionality
  • Tested that other feature restrictions in the tier still work as expected

UI:

Before:
Screenshot 2025-05-21 at 21 43 55
Screenshot 2025-05-21 at 21 43 50
Screenshot 2025-05-21 at 21 43 43

After:
Screenshot 2025-05-21 at 21 41 33
Screenshot 2025-05-21 at 21 41 26
Screenshot 2025-05-21 at 21 41 16

@tomsonpl tomsonpl self-assigned this May 21, 2025
tomsonpl
tomsonpl commented May 21, 2025
View reviewed changes
config/serverless.security.search_ai_lake.yml Outdated
@@ -43,12 +43,13 @@ xpack.features.overrides:
## We do not need to compose siemV2 from maps and visualizations because these functionalities are disabled in this tier
- feature: "discover_v2"
privileges: [ "all" ]
- feature: "dashboard_v2"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dashboard is not needed here anymore

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl tomsonpl added release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting Team:Security Generative AI Security Generative AI v9.1.0 labels May 22, 2025
@tomsonpl tomsonpl requested a review from semd May 22, 2025 13:21
@elasticmachine
Copy link
Contributor

💔 Build Failed

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #58 / Alerting alerts_as_data install alerts as data resources should install common alerts as data resources on startup

Metrics [docs]

‼️ ERROR: no builds found for mergeBase sha [c6ebe28]

History

cc @tomsonpl

@tomsonpl
Copy link
Contributor Author

/ci

@tomsonpl tomsonpl marked this pull request as ready for review May 22, 2025 17:13
@tomsonpl tomsonpl requested review from a team as code owners May 22, 2025 17:13
semd
semd approved these changes May 23, 2025
View reviewed changes
Copy link
Contributor

@semd semd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kc13greiner
kc13greiner approved these changes May 23, 2025
View reviewed changes
Copy link
Contributor

@kc13greiner kc13greiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@tomsonpl tomsonpl merged commit 22ecbc4 into elastic:main May 24, 2025
10 checks passed
akowalska622 pushed a commit to akowalska622/kibana that referenced this pull request May 29, 2025
@tomsonpl @akowalska622
[AI SOC] Grant fleet (v1) access to see integrations in Search AI Lak…
9adf8d1 
…e tier (elastic#221189)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@semd semd semd approved these changes

@kc13greiner kc13greiner kc13greiner approved these changes

Assignees

@tomsonpl tomsonpl

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Security Generative AI Security Generative AI v9.1.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@tomsonpl @elasticmachine @semd @kc13greiner @kibanamachine