I upgraded to 7.6.0 today.
I wanted to try Detections, but I'm getting error (below) when clicking "load prebuilt detection rules".
My complete Kibana config:
---
## Default Kibana configuration from Kibana base image.
## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js
#
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: false
## X-Pack security credentials
#
elasticsearch.username: kibana
elasticsearch.password: ***
xpack.encryptedSavedObjects.encryptionKey: 'fhjskloppd678ehkdfdlliver123lfcr'
My Elastic config:
---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
network.host: 0.0.0.0
## Use single node discovery in order to disable production mode and avoid bootstrap checks
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
#
discovery.type: single-node
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.monitoring.collection.enabled: false
The error in Elastic log:
{"type": "server", "timestamp": "2020-02-14T06:48:22,835Z", "level": "WARN", "component": "r.suppressed", "cluster.name": "docker-cluster", "node.name": "eb198821dba9", "message": "path: /_security/api_key, params: {}", "cluster.uuid": "ikMJnjTqRYG4UlQ6SjnDBw", "node.id": "ofsLwcUiTRmAPT_Lp8FUMg" ,
"stacktrace": ["java.lang.IllegalStateException: api keys are not enabled",
"at org.elasticsearch.xpack.security.authc.ApiKeyService.ensureEnabled(ApiKeyService.java:584) ~[?:?]",
"at org.elasticsearch.xpack.security.authc.ApiKeyService.createApiKey(ApiKeyService.java:194) ~[?:?]",
"at org.elasticsearch.xpack.security.action.TransportCreateApiKeyAction.lambda$doExecute$0(TransportCreateApiKeyAction.java:67) ~[?:?]",
"at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.6.0.jar:7.6.0]",
"at org.elasticsearch.xpack.security.authz.store.CompositeRolesStore.lambda$getRoleDescriptors$13(CompositeRolesStore.java:295) [x-pack-security-7.6.0.jar:7.6.0]",
"at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:63) [elasticsearch-7.6.0.jar:7.6.0]", ...
The error in Kibana log:
{"type":"error","@timestamp":"2020-02-14T08:14:02Z","tags":,"pid":6,"level":"error","error":{"message":"[illegal_state_exception] api keys are not enabled","name":"Error","stack":"Error: [illegal_state_exception] api keys are not enabled\n at transformError (/usr/share/kibana/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/utils.js:24:14)\n at handler (/usr/share/kibana/x-pack/legacy/plugins/siem/server/lib/detection_engine/routes/rules/add_prepackaged_rules_route.js:84:16)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"url":{"protocol":null,"slashes":null,"auth":null,"host":null,"port":null,"hostname":null,"hash":null,"search":null,"query":{},"pathname":"/api/detection_engine/rules/prepackaged","path":"/api/detection_engine/rules/prepackaged","href":"/api/detection_engine/rules/prepackaged"},"message":"[illegal_state_exception] api keys are not enabled"}
{"type":"response","@timestamp":"2020-02-14T08:14:02Z","tags":["access:siem"],"pid":6,"method":"put","statusCode":500,"req":{"url":"/api/detection_engine/rules/prepackaged","method":"put","headers":{"host":"xxx:9100","connection":"keep-alive","content-length":"0","kbn-xsrf":"true","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36","content-type":"application/json","accept":"/","origin":"http://xxx:9100","referer":"http://xxx:9100/app/siem","accept-encoding":"gzip, deflate","accept-language":"en-GB,en-US;q=0.9,en;q=0.8,ru;q=0.7"},"remoteAddress":"172.22.0.1","userAgent":"172.22.0.1","referer":"http://xxx:9100/app/siem"},"res":{"statusCode":500,"responseTime":1412,"contentLength":9},"message":"PUT /api/detection_engine/rules/prepackaged 500 1412ms - 9.0B"}
{"type":"log","@timestamp":"2020-02-14T08:14:03Z","tags":["error","plugins","security","api-key"],"pid":6,"message":"Failed to create API key: [illegal_state_exception] api keys are not enabled"}
Any idea how to fix the issue?