Hi,
Yesterday we have upgraded our cluster to 7.9 and users are reporting problems with the Detection tab in SIEM app. When opened they get "Let's set up your detection engine" message.
The role assigned to the users has the following privileges as specifed in Detections configuration and index privilege prerequisites (version 7.8)
Cluster privileges: manage_pipeline
, manage_api_key
, manage
Index privileges .siem-signals-*
: create_doc
, write
, index
, read
, all
Kibana Space privilege SIEM app all
Kibana has setup the xpack.encryptedSavedObjects.encryptionKey
(we use two Kibana nodes and both have the same key).
Anyway it worked without any problems with 7.8.1. I have no problems using the detection tab with superuser role. Has anything changed with 7.9 regarding user permissions to access SIEM app?
I haven't noticed anything suspicious in Kibana logs.