This is related to Enterprise Security 3.1.1 build 219910.
Is it possible to allow a non-admin user to create notable events manually? Currently we are getting a 403 error when they attempt to do so.
Looking at the _internal log I see the following:
"POST /services/receivers/simple?source=Manual%20Notable%20Event%20-%20Rule&index=notable&sourcetype=stash_new&host=server.company.com HTTP/1.0" 403 164 - - - 0ms
Is this because the user doesn't have the indexes_edit capability? Any solutions available that don't involve making the user an admin?
... View more