CSV report from discover security problem

comijac · April 13, 2021, 7:27am

Hello,

I use elk 7.10.0 with opendistro 1.12.0.
My user is under all_acces right.

I try to use CSV report from a saved search using the dialog: ‘share’ then ‘generate CSV report’.

But I receive the following popup : Reporting error forbidden.
I get also a 403 error in my console log :

“error”,“plugins”,“reporting”],“pid”:1,“message”:“{ Error: Authorization Exception\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n at HttpConnector. (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n at IncomingMessage.wrapper (/usr/share/kibana/node_modules/lodash/lodash.js:4949:19)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n status: 403,\n displayName: ‘AuthorizationException’,\n message: ‘Authorization Exception’,\n path: ‘/.reporting-2021-04-11’,\n query: {},\n body: false,\n statusCode: 403,\n response: ‘’,\n toString: [Function],\n toJSON: [Function] }”}
…
slight_smile: “res”:{“statusCode”:403,“responseTime”:148,“contentLength”:9},“message”:“POST /api/reporting/generate/csv 403 148ms - 9.0B”}

Have you an idea concerning this problem.?
Thank

searchymcsearchface · April 13, 2021, 1:11pm

@reporting-team Is this a reporting issue or a security issue?

pablo · April 13, 2021, 1:26pm

@comijac
What type of authentication do you use?
Where do you see this error? Kibana or Elasticsearch logs?
Do you run two separate clusters? ELK and ODFE?

Just to clarify, I don’t see generate CSV report in share, instead is in Reporting.

Update1
Just noticed that generate CSV report is available under Share in ELK and Reporting in ODFE.
Is the error in ELK or ODFE?

CyberGod · April 13, 2021, 3:52pm

How did you installed opendistro1.12.0? Did you install the reports-scheduler(ES plugin) and kibana-reports(Kibana plugin) both?

comijac · April 19, 2021, 7:07pm

@reporting-team
According to my console log, it is a security problem. The problem does’nt concern opendistro reporting.
I use Share/Csv report, so the error is between elk7.10.0 and opendistrosecurity
Error was in kibana log.
I use ELK 7.10.0 with opendistrosecurity plugin 1.12.0

Topic		Replies	Views
Share -> CSV Reports -> Generate CSV forbidden opendistro v1.13.2 with elasticsearch v7.10.2 Reporting Plugin	2	534	September 22, 2021
Generate CSV does not work Reporting Plugin	1	486	February 7, 2023
Reporting plugin not working Reporting Plugin	12	3464	February 4, 2021
Reporting plugin throwing error in kibana Reporting Plugin	3	623	March 13, 2023
Generate csv inactive on Discower Reporting Plugin	5	1288	October 19, 2021

CSV report from discover security problem

Related Topics