kibana icon indicating copy to clipboard operation
kibana copied to clipboard

Published 20 hours ago verified publisher icon elastic

[Cloud Security] Serverless authorization block Phase 1 - Elastic Defend block for cloud workloads

Open JordanSh opened this issue 10 months ago • 4 comments

Summary

In case of insufficient license (missing cloud essentials), the Elastic Defend cloud workloads secition should display the appropriate prompt to instruct it on upgrading in order to receive access.

Definition of done

  • [ ] Licensed checked and the prompt is displayed only when cloud essentials is not enabled
  • [ ] Only effects serverless
  • [ ] Display an error message if the check failed, only on serverless
  • [ ] Add tests

Related

JordanSh avatar Apr 18 '24 12:04 JordanSh

Pinging @elastic/kibana-cloud-security-posture (Team:Cloud Security)

elasticmachine avatar Apr 18 '24 12:04 elasticmachine

@nick-alayil @smriti0321 I have a few questions regarding this requirement: in Traditional Endpoints option, the first option remains selected when displaying the block which hides all other options. this makes sense cause it enables the user to save the policy normally.

image

the question is what is the expected behaviour on the cloud workloads option? do we keep anything shown and selected? if not, do we still let the user save the policy even when nothing is selected?

image

cc: @kfirpeled

JordanSh avatar Apr 18 '24 12:04 JordanSh

I assume your question is - what is the expected behaviour on the cloud workloads option in case of missing cloud essential license tier?

do we keep anything shown and selected?

I'd say yes. Show those two option with Interactive only selected, just like the screenshot you provided above. No need to hide other option All events since it's also data collection but more aggressively.

if not, do we still let the user save the policy even when nothing is selected?

~No. We don't want the user to save the policy in case of missing cloud essential license tier.~ Yes since data collection is allowed irrespective of cloud essential license tier and/or endpoint essential license tier.

Hope that explains. Certainly, I lack detailed context on serverless. So, if my response feels way off, feel free to set up a call with @smriti0321 and me.

nick-alayil avatar Apr 22 '24 22:04 nick-alayil

Certainly, I lack detailed context on serverless.

I had a chat with @snehsach19 on this and it appears Defend could be installed for data collection irrespective of cloud essential license tier and/or endpoint essential license tier. So, I'm updating my earlier comments above. More details here, that would be of help.

nick-alayil avatar Apr 23 '24 23:04 nick-alayil

Closing as not planned Defend workloads are for data collection and doesn't offer new features in Essentials nor Complete tier of Endpoint Add-on

cc: @smriti0321 , @JordanSh

kfirpeled avatar May 23 '24 13:05 kfirpeled