Hi there,
I'm trying to create a user with access to the SIEM application as well as the machine learning detections. However I am incapable of coming up with a privilege combination that would allow this.
So far the only users that are able to create machine learning detections are with the role "superuser".
The user in question has the permissions:
Cluster privs:
read_ccr, read_ilm, read_slm, manage_ml, monitor_ml
Index privs:
read, write, create_doc, create
Image for reference:
The error message I receive says:
Your visualization has error(s)
Machine learning permissions failure
Not Found
This happens when the user initially navigates into the SIEM application. The user is furthermore not able to create any machine learning detections. The option is simply greyed out with the text "Unavailable" underneath it.
The Privilege Documentation also does not seem to have a privilege that could help here?
I feel like I'm missing something rather obvious. Any help is greatly appreciated!
//EDIT:
Issue resolved.
There are pre-defined roles for this use-case, namely "machine_learning_user" and "machine_learning_admin"