[DOCS] Add warning about bypassing ML PUT APIs (#38605)
Now that ML configurations are stored in the .ml-config index rather than in cluster state there is a possibility that some users may try to add configurations directly to the index. Allowing this creates a variety of problems including possible data exflitration attacks (depending on how security is set up), so this commit adds warnings against allowing writes to the .ml-config index other than via the ML APIs. Backport of #38509
This commit is contained in:
parent
fe8182ece2
commit
02f57b1e29
|
@ -19,6 +19,11 @@ Instantiates a {dfeed}.
|
||||||
You must create a job before you create a {dfeed}. You can associate only one
|
You must create a job before you create a {dfeed}. You can associate only one
|
||||||
{dfeed} to each job.
|
{dfeed} to each job.
|
||||||
|
|
||||||
|
IMPORTANT: You must use {kib} or this API to create a {dfeed}. Do not put a {dfeed}
|
||||||
|
directly to the `.ml-config` index using the Elasticsearch index API.
|
||||||
|
If {es} {security-features} are enabled, do not give users `write`
|
||||||
|
privileges on the `.ml-config` index.
|
||||||
|
|
||||||
|
|
||||||
==== Path Parameters
|
==== Path Parameters
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,13 @@ Instantiates a job.
|
||||||
|
|
||||||
`PUT _ml/anomaly_detectors/<job_id>`
|
`PUT _ml/anomaly_detectors/<job_id>`
|
||||||
|
|
||||||
//===== Description
|
===== Description
|
||||||
|
|
||||||
|
IMPORTANT: You must use {kib} or this API to create a {ml} job. Do not put a job
|
||||||
|
directly to the `.ml-config` index using the Elasticsearch index API.
|
||||||
|
If {es} {security-features} are enabled, do not give users `write`
|
||||||
|
privileges on the `.ml-config` index.
|
||||||
|
|
||||||
|
|
||||||
==== Path Parameters
|
==== Path Parameters
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue