FIX: SOC only displaying data for users assigned the superuser role #10068
Assignees
Labels
2.4
Planned for 2.4.X
Comments
bryant-treacle
changed the title
dougburks
changed the title
dougburks
added a commit
that referenced
this issue
Mar 31, 2023
…icsearch-roles FIX: SOC only displaying data for users assigned the superuser role #10068
|
Tested and verified. Roles have been updated with privileges to both Logged in as analyst and verified access to indices: |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Created a few test users with different roles and was unable to view any data in any analyst interfaces (Hunt, Alerts ...). Below is the output for the output of the sensoroni.log file. This user was assigned the analyst role.
{"fields":{"contentLength":333,"elapsedMs":1171,"impl":{},"method":"GET","path":"/api/events/","query":{"eventLimit":["500"],"format":["2006/01/02 3:04:05 PM"],"metricLimit":["500"],"query":["(*) AND event.dataset:alert AND NOT event.acknowledged:true AND NOT event.escalated:true | groupby rule.name event.module* event.severity_label"],"range":["2023/03/29 10:55:24 AM - 2023/03/30 10:55:24 AM"],"zone":["America/New_York"]},"remoteAddr":"172.17.1.1:43248","requestId":"c3b444ef-9c66-43ae-a118-e4f3aa0735cc","requestor":{"id":"d004cb73-8a08-42ee-8128-a9ed8253d1ea","createTime":"2023-03-30T14:55:25.312053323Z","updateTime":"0001-01-01T00:00:00Z","email":"analyst2@acmeonions.com","firstName":"test","lastName":"test","mfaStatus":"disabled","note":"","roles":null,"status":"","searchUsername":"","password":"","passwordChanged":false},"sourceIp":"192.168.98.1","statusCode":200},"level":"info","timestamp":"2023-03-30T14:55:26.481274602Z","message":"Handled request"}The text was updated successfully, but these errors were encountered: