[Security Solution] Should not require EPR access in air-gapped environments #181808
Labels
8.18 candidate
bug
Fixes for quality problems that affect the customer experience
Feature:Prebuilt Detection Rules
Security Solution Prebuilt Detection Rules area
impact:high
Addressing this issue will have a high level of impact on the quality/strength of our product.
sdh-linked
Team:Detection Rule Management
Security Detection Rule Management Team
Team:Detections and Resp
Security Detection Response Team
Team:Fleet
Team label for Observability Data Collection Fleet team
Team: SecuritySolution
Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Comments
bczifra
added
bug
|
Pinging @elastic/security-solution (Team: SecuritySolution) |
banderror
added
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
|
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
|
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
banderror
added
impact:high
@approksiu Do you know of any other similar issues or ERs? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug:
The Kibana Security app requires access to EPR (Elastic Package Registry) even in air-gapped environment not using Fleet/Agent, even with
xpack.fleet.isAirGappedset totrue.If EPR isn't available, the browser will have a growing number of long-running requests to EPR that never succeed.
A workaround is to host a local EPR.
Kibana/Elasticsearch Stack version:
8.8.1
Server OS version:
Browser and Browser OS versions:
Elastic Endpoint version:
Original install method (e.g. download page, yum, from source, etc.):
Functional Area (e.g. Endpoint management, timelines, resolver, etc.):
Steps to reproduce:
When loading the Security App - Rules page in $space
https://kibana.domain/s/$space/internal/detection_engine/fleet/integrations/installed?packages=
Stalled 4.0 min
Status Finished
https://kibana.domain/s//internal/detection_engine/fleet/integrations/installed?packages=
Stalled 172.95 ms
Initial Connection 4.0 min
Status Finished
https://kibana.domain/s/$space/internal/detection_engine/rules/prepackaged/_status
Stalled 9.42 ms
Request Sent 0.92 ms
Waiting for Server Response 1.0 min
Content Download 0.74 ms
Status 200 OK
When loading the Security App - Timelines page in $space
https://kibana.domain/s/$space/api/fleet/setup
Stalled 1.07 ms
Request Sent 0.21 ms
Waiting for Server Response 41.01 s
Content Download 2.24 ms
Status 200 OK
https://kibana.domain/s/$space/api/fleet/epm/packages/_bulk?prerelease=false
Stalled 3.48 ms
Request Send 0.43 ms
Waiting for server response 1.1 min
Content Download 6.82 ms
Status 200 OK
When loading the Security App - Alerts page
https://kibana.domain/s/$space/api/fleet/epm/packages/_bulk?prerelease=false
Stalled 68.97 ms
Request sent 0.14 ms
Waiting for Server Response 57.16 s
Content Download 0
Status 200 OK
Current behavior: Requires access to EPR
Expected behavior: Should not require access to EPR
Screenshots (if relevant):
Errors in browser console (if relevant):
Provide logs and/or server output (if relevant):
Any additional context (logs, chat logs, magical formulas, etc.):
The text was updated successfully, but these errors were encountered: