IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Export rules Signals endpoint »
Elastic Docs Elastic Security Solution [8.15] Elastic Security APIs Detections API

Privileges endpoint

edit

Privileges endpoint

edit

Retrieves whether or not the user is authenticated, and the user’s Kibana space and index privileges, which determine if the user can create an index (.siem-signals-*) for the Elastic Security alerts generated by detection engine rules.

For information about the permissions and privileges required to create .siem-signals-<Kibana-space> indices, see Enable and access detections.

Get privileges

edit

Returns user privileges for the Kibana space.

Request URL

edit

GET <kibana host>:<port>/api/detection_engine/privileges

Example requests
edit

Gets user privileges for the Kibana default space:

GET api/detection_engine/privileges

Gets user privileges for the Kibana siem space:

GET s/siem/api/detection_engine/privileges

Response code

edit
200
Indicates a successful call.
Example response
edit
{
  "username": "detection-engine-admin",
  "has_all_requested": false,
  "cluster": {
    "monitor_ml": true,
    "manage_ccr": false,
    "manage_index_templates": true,
    "monitor_watcher": true,
    "monitor_transform": true,
    "read_ilm": true,
    "manage_api_key": false,
    "manage_security": false,
    "manage_own_api_key": false,
    "manage_saml": false,
    "all": false,
    "manage_ilm": true,
    "manage_ingest_pipelines": true,
    "read_ccr": false,
    "manage_rollup": true,
    "monitor": true,
    "manage_watcher": true,
    "manage": true,
    "manage_transform": true,
    "manage_token": false,
    "manage_ml": true,
    "manage_pipeline": true,
    "monitor_rollup": true,
    "transport_client": true,
    "create_snapshot": true
  },
  "index": {
    ".siem-signals-detection-engine": {
      "all": false,
      "manage_ilm": true,
      "read": false,
      "create_index": true,
      "read_cross_cluster": false,
      "index": false,
      "monitor": true,
      "delete": false,
      "manage": true,
      "delete_index": true,
      "create_doc": false,
      "view_index_metadata": true,
      "create": false,
      "manage_follow_index": true,
      "manage_leader_index": true,
      "write": false
    }
  },
  "application": {}
  "is_authenticated": true 
  "has_encryption_key": true 
}

Indicates whether the user can log in to the Elasticsearch deployment.

Indicates whether the xpack.encryptedSavedObjects.encryptionKey is set.
« Export rules Signals endpoint »