kibana [http] Internal API access to be restricted in ESS/on-prem in v9

[http] Internal API access to be restricted in ESS/on-prem in v9

Open TinaHeiligers opened this issue 8 months ago • 7 comments

Access to internal APIs is restricted in Serverless. With v9, we have an opportunity to make the breaking change in ESS and on-prem and restrict internal APIs by default.

What this means to users & stack components: Access to internal APIs is blocked by default. Access to public APIs remains.

Call to Action:

What this means to Kibana and solution devs:

As of 8.9, all Kibana APIs default to internal. All teams must ensure that their public routes have the access route configuration option explicitly set to "public".
Integrations consuming internal Kibana APIs must migrate to public counterparts.

Confirm correct access: Historically, Kibana only used a naming convention to distinguish between internal (/internal) and public (/api) routes. This distinction no longer applies.

Teams should confirm that their APIs have the intended access configuration, especially in cases where:

path: "/api/foo...", access: internal
path: "/internal/bar..." and access: public

Logging config:

logging:
  appenders:
    file:
      type: file
      fileName: /<full_path_to_file>/route_access.log
      layout:
        type: json
  loggers:
    - name: http.server.Kibana.options
      level: debug
      appenders: [file] <--- recommended

Public routes prefixed with /internal/ by team:

@elastic/response-ops

[ ] "access [public] [GET] for path [/internal/task_manager/_background_task_utilization]",
[ ] "access [public] [GET] for path [/internal/alerting/rules/_find]",

@elastic/kibana-security

[ ] "access [public] [GET] for path [/internal/security/reset_session_page.js]",
[ ] "access [public] [GET] for path [/internal/security/capture-url]",

@elastic/fleet

[ ] "access [public] [GET] for path [/internal/fleet/orphaned_integration_policies]",
[ ] "access [public] [GET] for path [/internal/fleet/settings/enrollment]",

@elastic/obs-ux-management-team

[ ] "access [public] [POST] for path [/internal/api/observability/slos/_inspect]",

Internal routes prefixed by /api/ by team:

@elastic/kibana-core

[x] confirm all
"access [internal] [GET] for path [/api/deprecations/]",
"access [internal] [POST] for path [/api/core/capabilities]",
"access [public] [POST] for path [/api/kibana/dashboards/import]",
"access [public] [GET] for path [/api/kibana/dashboards/export]",
"access [internal] [GET] for path [/api/licensing/info]",
"access [internal] [GET] for path [/api/licensing/feature_usage]",
"access [internal] [POST] for path [/api/ui_counters/_report]",
"access [internal] [POST] for path [/api/home/hits_status]",
"access [internal] [GET] for path [/api/kibana/management/saved_objects/_find]",
"access [internal] [POST] for path [/api/kibana/management/saved_objects/_bulk_get]",
"access [internal] [POST] for path [/api/kibana/management/saved_objects/scroll/counts]",
"access [internal] [GET] for path [/api/kibana/management/saved_objects/relationships/{type}/{id}]",
"access [internal] [GET] for path [/api/kibana/management/saved_objects/_allowed_types]",

"@elastic/appex-sharedux"

[ ] confirm all
"access [internal] [GET] for path [/api/kibana/settings]",
"access [internal] [GET] for path [/api/kibana/global_settings]",
"access [internal] [DELETE] for path [/api/kibana/settings/{key}]",
"access [internal] [DELETE] for path [/api/kibana/global_settings/{key}]",
"access [internal] [POST] for path [/api/kibana/settings/{key}]",
"access [internal] [POST] for path [/api/kibana/global_settings/{key}]",
"access [internal] [POST] for path [/api/kibana/settings]",
"access [internal] [POST] for path [/api/kibana/global_settings]",
"access [internal] [GET] for path [/api/banners/info]",
"access [internal] [POST] for path [/api/content_management/rpc/{name}]",
"access [internal] [GET] for path [/api/kibana/home/tutorials]",
"access [internal] [GET] for path [/api/sample_data]",
"access [internal] [POST] for path [/api/sample_data/{id}]",
"access [internal] [DELETE] for path [/api/sample_data/{id}]",
"access [internal] [POST] for path [/api/files/find]",
"access [internal] [GET] for path [/api/files/metrics]",
"access [internal] [DELETE] for path [/api/files/blobs]",
"access [internal] [POST] for path [/api/files/files/defaultImage]",
"access [internal] [PUT] for path [/api/files/files/defaultImage/{id}/blob]",
"access [internal] [PATCH] for path [/api/files/files/defaultImage/{id}]",
"access [internal] [DELETE] for path [/api/files/files/defaultImage/{id}]",
"access [internal] [POST] for path [/api/files/files/defaultImage/list]",
"access [internal] [GET] for path [/api/files/files/defaultImage/{id}]",
"access [internal] [POST] for path [/api/files/shares/defaultImage/{fileId}]",
"access [internal] [DELETE] for path [/api/files/shares/defaultImage/{id}]",
"access [internal] [GET] for path [/api/files/shares/defaultImage/{id}]",
"access [internal] [GET] for path [/api/files/shares/defaultImage]",
"access [internal] [POST] for path [/api/files/files/casesFilesCases]",
"access [internal] [PUT] for path [/api/files/files/casesFilesCases/{id}/blob]",
"access [internal] [POST] for path [/api/files/files/casesFilesCases/list]",
"access [internal] [GET] for path [/api/files/files/casesFilesCases/{id}]",
"access [internal] [POST] for path [/api/files/files/observabilityFilesCases]",
"access [internal] [PUT] for path [/api/files/files/observabilityFilesCases/{id}/blob]",
"access [internal] [POST] for path [/api/files/files/observabilityFilesCases/list]",
"access [internal] [GET] for path [/api/files/files/observabilityFilesCases/{id}]",
"access [internal] [POST] for path [/api/files/files/securitySolutionFilesCases]",
"access [internal] [PUT] for path [/api/files/files/securitySolutionFilesCases/{id}/blob]",
"access [internal] [POST] for path [/api/files/files/securitySolutionFilesCases/list]",
"access [internal] [GET] for path [/api/files/files/securitySolutionFilesCases/{id}]",
"access [internal] [POST] for path [/api/saved_objects_tagging/tags/create]",
"access [internal] [POST] for path [/api/saved_objects_tagging/tags/{id}]",
"access [internal] [DELETE] for path [/api/saved_objects_tagging/tags/{id}]",
"access [internal] [GET] for path [/api/saved_objects_tagging/tags]",
"access [internal] [GET] for path [/api/saved_objects_tagging/tags/{id}]",
"access [internal] [POST] for path [/api/saved_objects_tagging/assignments/update_by_tags]",

"@elastic/kibana-data-discovery

[x] confirm all
"access [internal] [GET] for path [/api/data_views/has_user_data_view]",
"access [internal] [GET] for path [/api/index_patterns/has_user_index_pattern]",

@elastic/kibana-management

[ ] confirm all
"access [internal] [POST] for path [/api/searchprofiler/profile]",
"access [internal] [POST] for path [/api/painless_lab/execute]",
"access [internal] [POST] for path [/api/grokdebugger/simulate]",
"access [internal] [GET] for path [/api/snapshot_restore/privileges]",
"access [internal] [GET] for path [/api/snapshot_restore/repositories]",
"access [internal] [GET] for path [/api/snapshot_restore/repositories/{name}]",
"access [internal] [GET] for path [/api/snapshot_restore/repository_types]",
"access [internal] [GET] for path [/api/snapshot_restore/repositories/{name}/verify]",
"access [internal] [POST] for path [/api/snapshot_restore/repositories/{name}/cleanup]",
"access [internal] [PUT] for path [/api/snapshot_restore/repositories]",
"access [internal] [PUT] for path [/api/snapshot_restore/repositories/{name}]",
"access [internal] [DELETE] for path [/api/snapshot_restore/repositories/{name}]",
"access [internal] [GET] for path [/api/snapshot_restore/snapshots]",
"access [internal] [GET] for path [/api/snapshot_restore/snapshots/{repository}/{snapshot}]",
"access [internal] [POST] for path [/api/snapshot_restore/snapshots/bulk_delete]",
"access [internal] [GET] for path [/api/snapshot_restore/restores]",
"access [internal] [POST] for path [/api/snapshot_restore/restore/{repository}/{snapshot}]",
"access [internal] [GET] for path [/api/snapshot_restore/policies]",
"access [internal] [GET] for path [/api/snapshot_restore/policy/{name}]",
"access [internal] [POST] for path [/api/snapshot_restore/policies]",
"access [internal] [PUT] for path [/api/snapshot_restore/policies/{name}]",
"access [internal] [DELETE] for path [/api/snapshot_restore/policies/{name}]",
"access [internal] [POST] for path [/api/snapshot_restore/policy/{name}/run]",
"access [internal] [GET] for path [/api/snapshot_restore/policies/indices]",
"access [internal] [GET] for path [/api/snapshot_restore/policies/features]",
"access [internal] [GET] for path [/api/snapshot_restore/policies/retention_settings]",
"access [internal] [PUT] for path [/api/snapshot_restore/policies/retention_settings]",
"access [internal] [POST] for path [/api/snapshot_restore/policies/retention]",
"access [internal] [PUT] for path [/api/license]",
"access [internal] [GET] for path [/api/license/start_trial]",
"access [internal] [POST] for path [/api/license/start_trial]",
"access [internal] [POST] for path [/api/license/start_basic]",
"access [internal] [POST] for path [/api/license/permissions]",
"access [internal] [GET] for path [/api/console/es_config]",
"access [internal] [POST] for path [/api/console/proxy]",
"access [internal] [GET] for path [/api/console/api_server]",
"access [internal] [GET] for path [/api/console/autocomplete_entities]",
"access [internal] [GET] for path [/api/ingest_pipelines]",
"access [internal] [GET] for path [/api/ingest_pipelines/{name}]",
"access [internal] [POST] for path [/api/ingest_pipelines]",
"access [internal] [PUT] for path [/api/ingest_pipelines/{name}]",
"access [internal] [GET] for path [/api/ingest_pipelines/privileges]",
"access [internal] [DELETE] for path [/api/ingest_pipelines/{names}]",
"access [internal] [POST] for path [/api/ingest_pipelines/simulate]",
"access [internal] [GET] for path [/api/ingest_pipelines/documents/{index}/{id}]",
"access [internal] [POST] for path [/api/ingest_pipelines/parse_csv]",
"access [internal] [POST] for path [/api/watcher/fields]",
"access [internal] [GET] for path [/api/watcher/history/{id}]",
"access [internal] [POST] for path [/api/watcher/indices]",
"access [internal] [GET] for path [/api/watcher/indices/index_patterns]",
"access [internal] [GET] for path [/api/watcher/license/refresh]",
"access [internal] [GET] for path [/api/watcher/settings]",
"access [internal] [GET] for path [/api/watcher/watches]",
"access [internal] [POST] for path [/api/watcher/watches/delete]",
"access [internal] [DELETE] for path [/api/watcher/watch/{watchId}]",
"access [internal] [PUT] for path [/api/watcher/watch/execute]",
"access [internal] [GET] for path [/api/watcher/watch/{id}]",
"access [internal] [PUT] for path [/api/watcher/watch/{id}]",
"access [internal] [GET] for path [/api/watcher/watch/{watchId}/history]",
"access [internal] [PUT] for path [/api/watcher/watch/{watchId}/activate]",
"access [internal] [PUT] for path [/api/watcher/watch/{watchId}/deactivate]",
"access [internal] [PUT] for path [/api/watcher/watch/{watchId}/action/{actionId}/acknowledge]",
"access [internal] [POST] for path [/api/watcher/watch/visualize]",
"access [internal] [GET] for path [/api/upgrade_assistant/privileges]",
"access [internal] [GET] for path [/api/upgrade_assistant/cloud_backup_status]",
"access [internal] [GET] for path [/api/upgrade_assistant/cluster_upgrade_status]",
"access [internal] [GET] for path [/api/upgrade_assistant/system_indices_migration]",
"access [internal] [POST] for path [/api/upgrade_assistant/system_indices_migration]",
"access [internal] [GET] for path [/api/upgrade_assistant/es_deprecations]",
"access [internal] [GET] for path [/api/upgrade_assistant/deprecation_logging]",
"access [internal] [PUT] for path [/api/upgrade_assistant/deprecation_logging]",
"access [internal] [GET] for path [/api/upgrade_assistant/deprecation_logging/count]",
"access [internal] [DELETE] for path [/api/upgrade_assistant/deprecation_logging/cache]",
"access [internal] [POST] for path [/api/upgrade_assistant/{indexName}/index_settings]",
"access [internal] [POST] for path [/api/upgrade_assistant/ml_snapshots]",
"access [internal] [GET] for path [/api/upgrade_assistant/ml_snapshots/{jobId}/{snapshotId}]",
"access [internal] [GET] for path [/api/upgrade_assistant/ml_upgrade_mode]",
"access [internal] [DELETE] for path [/api/upgrade_assistant/ml_snapshots/{jobId}/{snapshotId}]",
"access [internal] [GET] for path [/api/upgrade_assistant/remote_clusters]",
"access [internal] [GET] for path [/api/upgrade_assistant/node_disk_space]",
"access [internal] [POST] for path [/api/upgrade_assistant/cluster_settings]",
"access [internal] [GET] for path [/api/index_management/data_streams/{name}]",
"access [internal] [POST] for path [/api/index_management/data_streams/{name}/mappings_from_template]",
"access [internal] [POST] for path [/api/index_management/data_streams/{name}/rollover]",
"access [internal] [GET] for path [/api/index_management/data_streams]",
"access [internal] [POST] for path [/api/index_management/delete_data_streams]",
"access [internal] [PUT] for path [/api/index_management/data_streams/{name}/data_retention]",
"access [internal] [POST] for path [/api/index_management/indices/clear_cache]",
"access [internal] [POST] for path [/api/index_management/indices/close]",
"access [internal] [POST] for path [/api/index_management/indices/flush]",
"access [internal] [POST] for path [/api/index_management/indices/forcemerge]",
"access [internal] [GET] for path [/api/index_management/indices]",
"access [internal] [POST] for path [/api/index_management/indices/open]",
"access [internal] [POST] for path [/api/index_management/indices/refresh]",
"access [internal] [POST] for path [/api/index_management/indices/reload]",
"access [internal] [POST] for path [/api/index_management/indices/delete]",
"access [internal] [POST] for path [/api/index_management/indices/unfreeze]",
"access [internal] [GET] for path [/api/index_management/index_templates]",
"access [internal] [GET] for path [/api/index_management/index_templates/{name}]",
"access [internal] [POST] for path [/api/index_management/delete_index_templates]",
"access [internal] [POST] for path [/api/index_management/index_templates]",
"access [internal] [PUT] for path [/api/index_management/index_templates/{name}]",
"access [internal] [POST] for path [/api/index_management/index_templates/simulate]",
"access [internal] [GET] for path [/api/index_management/settings/{indexName}]",
"access [internal] [PUT] for path [/api/index_management/settings/{indexName}]",
"access [internal] [GET] for path [/api/index_management/mapping/{indexName}]",
"access [internal] [PUT] for path [/api/index_management/mapping/{indexName}]",
"access [internal] [GET] for path [/api/index_management/component_templates]",
"access [internal] [GET] for path [/api/index_management/component_templates/{name}]",
"access [internal] [POST] for path [/api/index_management/component_templates]",
"access [internal] [PUT] for path [/api/index_management/component_templates/{name}]",
"access [internal] [GET] for path [/api/index_management/component_templates/{name}/datastreams]",
"access [internal] [DELETE] for path [/api/index_management/component_templates/{names}]",
"access [internal] [GET] for path [/api/index_management/component_templates/privileges]",
"access [internal] [GET] for path [/api/index_management/inference/all]",
"access [internal] [GET] for path [/api/index_management/nodes/plugins]",
"access [internal] [GET] for path [/api/index_management/stats/{indexName}]",
"access [internal] [GET] for path [/api/remote_clusters]",
"access [internal] [POST] for path [/api/remote_clusters]",
"access [internal] [PUT] for path [/api/remote_clusters/{name}]",
"access [internal] [DELETE] for path [/api/remote_clusters/{nameOrNames}]",
"access [internal] [POST] for path [/api/cross_cluster_replication/auto_follow_patterns]",
"access [internal] [DELETE] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}]",
"access [internal] [GET] for path [/api/cross_cluster_replication/auto_follow_patterns]",
"access [internal] [GET] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}]",
"access [internal] [POST] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}/pause]",
"access [internal] [POST] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}/resume]",
"access [internal] [PUT] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}]",
"access [internal] [POST] for path [/api/cross_cluster_replication/follower_indices]",
"access [internal] [GET] for path [/api/cross_cluster_replication/follower_indices]",
"access [internal] [GET] for path [/api/cross_cluster_replication/follower_indices/{id}]",
"access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}/pause]",
"access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}/resume]",
"access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}/unfollow]",
"access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}]",
"access [internal] [GET] for path [/api/cross_cluster_replication/permissions]",
"access [internal] [GET] for path [/api/cross_cluster_replication/stats/auto_follow]",
"access [internal] [POST] for path [/api/index_lifecycle_management/index/retry]",
"access [internal] [POST] for path [/api/index_lifecycle_management/index/remove]",
"access [internal] [POST] for path [/api/index_lifecycle_management/index/add]",
"access [internal] [GET] for path [/api/index_lifecycle_management/nodes/list]",
"access [internal] [GET] for path [/api/index_lifecycle_management/nodes/{nodeAttrs}/details]",
"access [internal] [GET] for path [/api/index_lifecycle_management/policies]",
"access [internal] [POST] for path [/api/index_lifecycle_management/policies]",
"access [internal] [DELETE] for path [/api/index_lifecycle_management/policies/{policyNames}]",
"access [internal] [GET] for path [/api/index_lifecycle_management/templates]",
"access [internal] [POST] for path [/api/index_lifecycle_management/template]",
"access [internal] [GET] for path [/api/index_lifecycle_management/snapshot_policies]",
"access [internal] [GET] for path [/api/index_lifecycle_management/snapshot_repositories]",
"access [internal] [GET] for path [/api/rollup/indices]",
"access [internal] [GET] for path [/api/rollup/index_pattern_validity/{indexPattern}]",
"access [internal] [PUT] for path [/api/rollup/create]",
"access [internal] [POST] for path [/api/rollup/delete]",
"access [internal] [GET] for path [/api/rollup/jobs]",
"access [internal] [POST] for path [/api/rollup/start]",
"access [internal] [POST] for path [/api/rollup/stop]",
"access [internal] [POST] for path [/api/rollup/search]",

@elastic/kibana-security

[ ] confirm all
"access [internal] [GET] for path [/api/spaces/space/{id}]",
"access [internal] [GET] for path [/api/spaces/space]",
"access [internal] [PUT] for path [/api/spaces/space/{id}]",
"access [internal] [DELETE] for path [/api/spaces/space/{id}]",
"access [internal] [POST] for path [/api/spaces/space]",
"access [internal] [POST] for path [/api/spaces/_copy_saved_objects]",
"access [internal] [POST] for path [/api/spaces/_resolve_copy_saved_objects_errors]",
"access [internal] [POST] for path [/api/spaces/_update_objects_spaces]",
"access [internal] [POST] for path [/api/spaces/_get_shareable_references]",
"access [internal] [POST] for path [/api/spaces/_disable_legacy_url_aliases]",
"access [internal] [GET] for path [/api/security/v1/me]",
"access [internal] [GET] for path [/api/security/privileges]",
"access [internal] [GET] for path [/api/security/role/{name}]",
"access [internal] [GET] for path [/api/security/role]",
"access [internal] [DELETE] for path [/api/security/role/{name}]",
"access [internal] [PUT] for path [/api/security/role/{name}]",
"access [internal] [POST] for path [/api/security/session/_invalidate]",
"access [internal] [POST] for path [/api/encrypted_saved_objects/_rotate_key]",

@elastic/response-ops

[ ] confirm all
"access [internal] [POST] for path [/api/alerts/alert/{id?}]",
"access [internal] [DELETE] for path [/api/alerts/alert/{id}]",
"access [internal] [GET] for path [/api/alerts/_find]",
"access [internal] [GET] for path [/api/alerts/alert/{id}]",
"access [internal] [GET] for path [/api/alerts/alert/{id}/state]",
"access [internal] [GET] for path [/api/alerts/alert/{id}/_instance_summary]",
"access [internal] [GET] for path [/api/alerts/list_alert_types]",
"access [internal] [PUT] for path [/api/alerts/alert/{id}]",
"access [internal] [POST] for path [/api/alerts/alert/{id}/_enable]",
"access [internal] [POST] for path [/api/alerts/alert/{id}/_disable]",
"access [internal] [POST] for path [/api/alerts/alert/{id}/_update_api_key]",
"access [internal] [POST] for path [/api/alerts/alert/{id}/_mute_all]",
"access [internal] [POST] for path [/api/alerts/alert/{id}/_unmute_all]",
"access [internal] [POST] for path [/api/alerts/alert/{alert_id}/alert_instance/{alert_instance_id}/_mute]",
"access [internal] [POST] for path [/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute]",
"access [internal] [GET] for path [/api/alerts/_health]",
"access [internal] [GET] for path [/api/cases/{case_id}/resolve]",

@elastic/obs-ux-infra_services-team

[ ] confirm all
"access [internal] [POST] for path [/api/infra/metrics_explorer]",
"access [internal] [POST] for path [/api/infra/ip_to_host]",
"access [internal] [POST] for path [/api/infra/infra_ml/results/metrics_k8s_anomalies]",
"access [internal] [POST] for path [/api/infra/infra_ml/results/metrics_hosts_anomalies]",
"access [internal] [POST] for path [/api/infra/metrics_explorer_views]",
"access [internal] [DELETE] for path [/api/infra/metrics_explorer_views/{metricsExplorerViewId}]",
"access [internal] [GET] for path [/api/infra/metrics_explorer_views]",
"access [internal] [GET] for path [/api/infra/metrics_explorer_views/{metricsExplorerViewId}]",
"access [internal] [PUT] for path [/api/infra/metrics_explorer_views/{metricsExplorerViewId}]",
"access [internal] [POST] for path [/api/infra/metrics_api]",
"access [internal] [POST] for path [/api/infra/metadata]",
"access [internal] [POST] for path [/api/infra/inventory/meta]",
"access [internal] [POST] for path [/api/infra/inventory_views]",
"access [internal] [DELETE] for path [/api/infra/inventory_views/{inventoryViewId}]",
"access [internal] [GET] for path [/api/infra/inventory_views]",
"access [internal] [GET] for path [/api/infra/inventory_views/{inventoryViewId}]",
"access [internal] [PUT] for path [/api/infra/inventory_views/{inventoryViewId}]",
"access [internal] [GET] for path [/api/infra/services]",
"access [internal] [GET] for path [/api/infra/{assetType}/custom-dashboards]",
"access [internal] [POST] for path [/api/infra/{assetType}/custom-dashboards]",
"access [internal] [DELETE] for path [/api/infra/{assetType}/custom-dashboards/{id}]",
"access [internal] [PUT] for path [/api/infra/{assetType}/custom-dashboards/{id}]",
"access [internal] [GET] for path [/api/metrics/indices]",
"access [internal] [POST] for path [/api/metrics/snapshot]",
"access [internal] [POST] for path [/api/metrics/node_details]",
"access [internal] [GET] for path [/api/metrics/source/{sourceId}]",
"access [internal] [PATCH] for path [/api/metrics/source/{sourceId}]",
"access [internal] [GET] for path [/api/metrics/source/{sourceId}/hasData]",
"access [internal] [POST] for path [/api/metrics/process_list]",
"access [internal] [POST] for path [/api/metrics/process_list/chart]",
"access [internal] [POST] for path [/api/metrics/overview/top]",
"access [internal] [POST] for path [/api/metrics/infra]",

@elastic/obs-ux-logs-team

[x] confirm all
"access [internal] [POST] for path [/api/log_entries/highlights]",
"access [internal] [POST] for path [/api/log_entries/summary]",
"access [internal] [POST] for path [/api/log_entries/summary_highlights]",
"access [internal] [GET] for path [/api/infra/log_views/{logViewId}]",
"access [internal] [PUT] for path [/api/infra/log_views/{logViewId}]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_categories]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_category_datasets]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/latest_log_entry_category_datasets_stats]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_category_examples]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_anomalies]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_anomalies_datasets]",
"access [internal] [POST] for path [/api/infra/log_analysis/id_formats]",
"access [internal] [POST] for path [/api/infra/log_analysis/validation/log_entry_datasets]",
"access [internal] [POST] for path [/api/infra/log_analysis/validation/log_entry_rate_indices]",
"access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_examples]",
"access [internal] [POST] for path [/api/infra/log_alerts/chart_preview_data]"

@elastic/obs-ux-management-team

[ ] confirm all
"access [internal] [PUT] for path [/api/synthetics/project/{projectName}/monitors/_bulk_update]",
"access [internal] [DELETE] for path [/api/synthetics/project/{projectName}/monitors/_bulk_delete]",
"access [internal] [GET] for path [/api/synthetics/project/{projectName}/monitors]",
"access [internal] [GET] for path [/api/synthetics/monitors]",
"access [internal] [GET] for path [/api/synthetics/settings]",
"access [internal] [PUT] for path [/api/synthetics/settings]",

@elastic/obs-ux-management-team

[ ] confirm all
"access [internal] [POST] for path [/api/observability/annotation]",
"access [internal] [DELETE] for path [/api/observability/annotation/{id}]",
"access [internal] [GET] for path [/api/observability/annotation/{id}]",
"access [internal] [GET] for path [/api/observability/rules/alerts/dynamic_index_pattern]",
"access [internal] [POST] for path [/api/observability/slos/_delete_instances]",
"access [internal] [GET] for path [/api/observability/slos/_definitions]",

@elastic/stack-monitoring

[x] https://github.com/elastic/kibana/pull/186882
"access [internal] [POST] for path [/api/monitoring/v1/alert/{clusterUuid}/status]",
"access [internal] [POST] for path [/api/monitoring/v1/alerts/enable]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/apm/{apmUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/apm/instances]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/apm]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/beats/beat/{beatUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/beats/beats]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/beats]",
"access [internal] [GET] for path [/api/monitoring/v1/check_access]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices/{id}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes/{nodeUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ml_jobs]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr/{index}/shard/{shardId}]",
"access [internal] [GET] for path [/api/monitoring/v1/elasticsearch_settings/check/cluster]",
"access [internal] [POST] for path [/api/monitoring/v1/elasticsearch_settings/check/internal_monitoring]",
"access [internal] [GET] for path [/api/monitoring/v1/elasticsearch_settings/check/nodes]",
"access [internal] [PUT] for path [/api/monitoring/v1/elasticsearch_settings/set/collection_enabled]",
"access [internal] [PUT] for path [/api/monitoring/v1/elasticsearch_settings/set/collection_interval]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/enterprise_search]",
"access [internal] [GET] for path [/api/monitoring/v1/_health]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline_ids]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipelines]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}/pipelines]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/nodes]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline/{pipelineId}/{pipelineHash?}]",
"access [internal] [POST] for path [/api/monitoring/v1/setup/collection/cluster/{clusterUuid?}]",
"access [internal] [POST] for path [/api/monitoring/v1/setup/collection/{clusterUuid}/disable_internal_collection]",
"access [internal] [POST] for path [/api/monitoring/v1/setup/collection/node/{nodeUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/kibana/{kibanaUuid}]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/kibana/instances]",
"access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/kibana]",
"access [internal] [GET] for path [/api/monitoring_collection/{type}]",

@elastic/logstash

[ ] confirm all
"access [internal] [GET] for path [/api/logstash/cluster]",
"access [internal] [GET] for path [/api/logstash/pipelines]",
"access [internal] [POST] for path [/api/logstash/pipelines/delete]",

@elastic/security-solution

[x] #191799
"access [internal] [POST] for path [/api/risk_scores/calculation]",
"access [internal] [POST] for path [/api/risk_scores/calculation/entity]",

@elastic/security-threat-hunting-investigations

[ ] confirm all
"access [internal] [POST] for path [/api/endpoint/resolver/tree]",
"access [internal] [POST] for path [/api/endpoint/resolver/events]",
"access [internal] [GET] for path [/api/endpoint/resolver/entity]",
"access [internal] [POST] for path [/api/timeline/_copy]",

Jun 23 '24 20:06 TinaHeiligers

kibana kibana copied to clipboard

[http] Internal API access to be restricted in ESS/on-prem in v9

Call to Action:

@elastic/response-ops

@elastic/kibana-security

@elastic/fleet

@elastic/obs-ux-management-team

kibana
kibana copied to clipboard