diff --git a/oas_docs/output/kibana.serverless.staging.yaml b/oas_docs/output/kibana.serverless.staging.yaml index 32f820b73d3d3..69ffa539ba6a5 100644 --- a/oas_docs/output/kibana.serverless.staging.yaml +++ b/oas_docs/output/kibana.serverless.staging.yaml @@ -5419,8 +5419,7 @@ paths: name: id_field required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - description: If 'wait_for' the request will wait for the index refresh. in: query name: refresh @@ -5443,7 +5442,7 @@ paths: type: boolean record: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord description: The deleted record if it existed. required: - deleted @@ -5452,7 +5451,7 @@ paths: description: Invalid request summary: Delete Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: description: Get the criticality record for a specific asset. operationId: GetAssetCriticalityRecord @@ -5469,15 +5468,14 @@ paths: name: id_field required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord description: Successful response '400': description: Invalid request @@ -5485,7 +5483,7 @@ paths: description: Criticality record not found summary: Get Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API post: description: Create or update a criticality record for a specific asset. operationId: CreateAssetCriticalityRecord @@ -5495,7 +5493,7 @@ paths: schema: allOf: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - type: object properties: refresh: @@ -5512,13 +5510,13 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord description: Successful response '400': description: Invalid request summary: Upsert Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/bulk: post: description: >- @@ -5542,7 +5540,7 @@ paths: records: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord maxItems: 1000 minItems: 1 type: array @@ -5566,11 +5564,11 @@ paths: errors: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem type: array stats: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats required: - errors - stats @@ -5579,7 +5577,7 @@ paths: description: File too large summary: Bulk Upsert Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/list: get: description: 'List asset criticality records, paging, sorting and filtering as needed.' @@ -5643,7 +5641,7 @@ paths: records: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord type: array total: minimum: 0 @@ -5656,7 +5654,7 @@ paths: description: Bulk upload successful summary: List Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/data_views: get: operationId: getAllDataViewsDefault @@ -6213,18 +6211,17 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Returns user privileges for the Kibana space tags: - - Security Solution Detections API + - Security Detections API - Privileges API /api/detection_engine/rules: delete: @@ -6236,25 +6233,23 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - description: The rule's `rule_id` value. in: query name: rule_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Delete a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API get: description: Retrieve a detection rule using the `rule_id` or `id` field. @@ -6265,25 +6260,23 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - description: The rule's `rule_id` value. in: query name: rule_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Retrieve a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API patch: description: >- @@ -6294,20 +6287,18 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePatchProps + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Patch a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API post: description: Create a new detection rule. @@ -6316,20 +6307,18 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleCreateProps + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Create a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API put: description: > @@ -6344,20 +6333,18 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleUpdateProps + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Update a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_bulk_action: post: @@ -6378,20 +6365,16 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDeleteRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDisableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEnableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportRules + #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDuplicateRules + #/components/schemas/Security_Detections_API_BulkDuplicateRules - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkManualRuleRun - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditRules + #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': content: @@ -6399,13 +6382,13 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResponse + #/components/schemas/Security_Detections_API_BulkEditActionResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportActionResponse + #/components/schemas/Security_Detections_API_BulkExportActionResponse description: OK summary: Apply a bulk action to detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_export: post: @@ -6452,7 +6435,7 @@ paths: properties: rule_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + #/components/schemas/Security_Detections_API_RuleSignatureId required: - rule_id type: array @@ -6470,7 +6453,7 @@ paths: description: Indicates a successful call. summary: Export detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API /api/detection_engine/rules/_find: get: @@ -6497,14 +6480,13 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_FindRulesSortField + $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' - description: Sort order in: query name: sort_order required: false schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_SortOrder' + $ref: '#/components/schemas/Security_Detections_API_SortOrder' - description: Page number in: query name: page @@ -6531,7 +6513,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + #/components/schemas/Security_Detections_API_RuleResponse type: array page: type: integer @@ -6547,7 +6529,7 @@ paths: description: Successful response summary: List all detection rules tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_import: post: @@ -6615,8 +6597,7 @@ paths: properties: action_connectors_errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array action_connectors_success: type: boolean @@ -6626,17 +6607,15 @@ paths: action_connectors_warnings: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_WarningSchema + #/components/schemas/Security_Detections_API_WarningSchema type: array errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array exceptions_errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array exceptions_success: type: boolean @@ -6666,7 +6645,7 @@ paths: description: Indicates a successful call. summary: Import detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API '/api/detection_engine/rules/{id}/exceptions': post: @@ -6677,7 +6656,7 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_RuleId' + $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -6687,7 +6666,7 @@ paths: items: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps type: array required: - items @@ -6700,7 +6679,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + #/components/schemas/Security_Exceptions_API_ExceptionListItem type: array description: Successful response '400': @@ -6709,34 +6688,33 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates rule exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/detection_engine/rules/preview: post: operationId: RulePreview @@ -6756,44 +6734,44 @@ paths: anyOf: - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps + #/components/schemas/Security_Detections_API_EqlRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps + #/components/schemas/Security_Detections_API_QueryRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps + #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps + #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams discriminator: propertyName: type description: >- @@ -6812,11 +6790,11 @@ paths: logs: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewLogs + #/components/schemas/Security_Detections_API_RulePreviewLogs type: array previewId: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + #/components/schemas/Security_Detections_API_NonEmptyString required: - logs description: Successful response @@ -6826,27 +6804,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Preview rule alerts generated on specified time range tags: - - Security Solution Detections API + - Security Detections API - Rule preview API /api/detection_engine/signals/assignees: post: @@ -6862,12 +6839,10 @@ paths: type: object properties: assignees: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertAssignees + $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' description: Details about the assignees to assign and unassign. ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds + $ref: '#/components/schemas/Security_Detections_API_AlertIds' description: List of alerts ids to assign and unassign passed assignees. required: - assignees @@ -6880,7 +6855,7 @@ paths: description: Invalid request. summary: Assign and unassign users from detection alerts tags: - - Security Solution Detections API + - Security Detections API /api/detection_engine/signals/search: post: description: Find and/or aggregate detection alerts that match the given query. @@ -6916,8 +6891,7 @@ paths: minimum: 0 type: integer sort: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSort + $ref: '#/components/schemas/Security_Detections_API_AlertsSort' track_total_hits: type: boolean description: Search and/or aggregation query @@ -6937,27 +6911,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Find and/or aggregate detection alerts tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/status: post: @@ -6969,9 +6942,9 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByIds + #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByQuery + #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery description: >- An object containing desired status and explicit alert ids or a query to select alerts @@ -6991,27 +6964,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Set a detection alert status tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/tags: post: @@ -7027,11 +6999,9 @@ paths: type: object properties: ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds + $ref: '#/components/schemas/Security_Detections_API_AlertIds' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertTags + $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' required: - ids - tags @@ -7054,27 +7024,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Add and remove detection alert tags tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/tags: get: @@ -7085,12 +7054,11 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' description: Indicates a successful call summary: List all detection rule tags tags: - - Security Solution Detections API + - Security Detections API - Tags API /api/endpoint_list: post: @@ -7102,7 +7070,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointList + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList description: Successful response '400': content: @@ -7110,34 +7078,34 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Creates an endpoint list tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items: delete: operationId: DeleteEndpointListItem @@ -7148,21 +7116,21 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -7170,41 +7138,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Deletes an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API get: operationId: ReadEndpointListItem parameters: @@ -7214,14 +7182,14 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: @@ -7229,7 +7197,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem type: array description: Successful response '400': @@ -7238,41 +7206,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Reads an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API post: operationId: CreateEndpointListItem requestBody: @@ -7283,34 +7251,34 @@ paths: properties: comments: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray item_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags default: [] type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - type - name @@ -7324,7 +7292,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -7332,41 +7300,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item already exists '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Creates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API put: operationId: UpdateEndpointListItem requestBody: @@ -7379,38 +7347,38 @@ paths: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId description: Either `id` or `item_id` must be specified item_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId description: Either `id` or `item_id` must be specified meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - type - name @@ -7424,7 +7392,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -7432,41 +7400,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Updates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items/_find: get: operationId: FindEndpointListItems @@ -7481,7 +7449,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter + #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter - description: The page number to return in: query name: page @@ -7502,7 +7470,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -7522,7 +7490,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem type: array page: minimum: 0 @@ -7547,41 +7515,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Finds endpoint list items tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint/action: get: description: Get a list of all response actions. @@ -7592,18 +7560,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery + #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get response actions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action_log/{agent_id}': get: deprecated: true @@ -7614,25 +7582,24 @@ paths: name: agent_id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - in: query name: query required: true schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionLogRequestQuery + #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get an action request log tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -7645,19 +7612,18 @@ paths: type: object properties: agent_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse + #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse description: OK summary: Get response actions status tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}': get: description: Get the details of a response action using the action ID. @@ -7674,11 +7640,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get action details tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}': get: description: Get information for the specified file using the file ID. @@ -7700,11 +7666,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get file information tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}/download': get: description: Download a file from an endpoint. @@ -7726,11 +7692,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Download a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/execute: post: description: Run a shell command on an endpoint. @@ -7740,7 +7706,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody required: true responses: '200': @@ -7748,11 +7714,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Run a command tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/get_file: post: description: Get a file from an endpoint. @@ -7762,7 +7728,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody required: true responses: '200': @@ -7770,11 +7736,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/isolate: post: description: >- @@ -7786,7 +7752,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody required: true responses: '200': @@ -7794,11 +7760,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Isolate an endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/kill_process: post: description: Terminate a running process on an endpoint. @@ -7808,7 +7774,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_KillProcessRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody required: true responses: '200': @@ -7816,11 +7782,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Terminate a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/running_procs: post: description: Get a list of all processes running on an endpoint. @@ -7830,7 +7796,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody required: true responses: '200': @@ -7838,11 +7804,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get running processes tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/scan: post: description: Scan a specific file or directory on an endpoint for malware. @@ -7852,7 +7818,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ScanRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody required: true responses: '200': @@ -7860,11 +7826,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Scan a file or directory tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/state: get: description: >- @@ -7877,11 +7843,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse + #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse description: OK summary: Get actions state tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/suspend_process: post: description: Suspend a running process on an endpoint. @@ -7891,7 +7857,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuspendProcessRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody required: true responses: '200': @@ -7899,11 +7865,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Suspend a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/unisolate: post: description: 'Release an isolated endpoint, allowing it to rejoin a network.' @@ -7913,7 +7879,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody required: true responses: '200': @@ -7921,11 +7887,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Release an isolated endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/upload: post: description: Upload a file to an endpoint. @@ -7935,7 +7901,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UploadRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody required: true responses: '200': @@ -7943,11 +7909,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Upload a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -7957,18 +7923,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ListRequestQuery + #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get a metadata list tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/metadata/{id}': get: operationId: GetEndpointMetadata @@ -7984,11 +7950,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get metadata tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata/transforms: get: operationId: GetEndpointMetadataTransform @@ -7998,11 +7964,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get metadata transforms tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -8014,19 +7980,18 @@ paths: type: object properties: agentId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get a policy response tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy/summaries: get: deprecated: true @@ -8049,11 +8014,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get an agent policy summary tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/protection_updates_note/{package_policy_id}': get: operationId: GetProtectionUpdatesNote @@ -8069,11 +8034,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK summary: Get a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API post: operationId: CreateUpdateProtectionUpdatesNote parameters: @@ -8097,11 +8062,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK summary: Create or update a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/suggestions/{suggestion_type}': post: operationId: GetEndpointSuggestions @@ -8134,11 +8099,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get suggestions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/entity_store/engines: get: operationId: ListEntityEngines @@ -8154,12 +8119,12 @@ paths: engines: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineDescriptor + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor type: array description: Successful response summary: List the Entity Engines tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}': delete: operationId: DeleteEntityEngine @@ -8169,8 +8134,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - description: Control flag to also delete the entity data. in: query name: data @@ -8189,7 +8153,7 @@ paths: description: Successful response summary: Delete the Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: operationId: GetEntityEngine parameters: @@ -8198,19 +8162,18 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineDescriptor + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor description: Successful response summary: Get an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/init': post: operationId: InitEntityEngine @@ -8220,8 +8183,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -8232,7 +8194,7 @@ paths: type: string indexPattern: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IndexPattern + #/components/schemas/Security_Entity_Analytics_API_IndexPattern description: Schema for the engine initialization required: true responses: @@ -8241,11 +8203,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineDescriptor + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor description: Successful response summary: Initialize an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/start': post: operationId: StartEntityEngine @@ -8255,8 +8217,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -8269,7 +8230,7 @@ paths: description: Successful response summary: Start an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stats': post: operationId: GetEntityEngineStats @@ -8279,8 +8240,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -8290,25 +8250,25 @@ paths: properties: indexPattern: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IndexPattern + #/components/schemas/Security_Entity_Analytics_API_IndexPattern indices: items: type: object type: array status: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineStatus + #/components/schemas/Security_Entity_Analytics_API_EngineStatus transforms: items: type: object type: array type: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + #/components/schemas/Security_Entity_Analytics_API_EntityType description: Successful response summary: Get Entity Engine stats tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stop': post: operationId: StopEntityEngine @@ -8318,8 +8278,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -8332,7 +8291,7 @@ paths: description: Successful response summary: Stop an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/entity_store/entities/list: get: description: 'List entities records, paging, sorting and filtering as needed.' @@ -8375,8 +8334,7 @@ paths: required: true schema: items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' type: array responses: '200': @@ -8387,7 +8345,7 @@ paths: properties: inspect: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_InspectQuery + #/components/schemas/Security_Entity_Analytics_API_InspectQuery page: minimum: 1 type: integer @@ -8398,7 +8356,7 @@ paths: records: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_Entity + #/components/schemas/Security_Entity_Analytics_API_Entity type: array total: minimum: 0 @@ -8411,7 +8369,7 @@ paths: description: Entities returned successfully summary: List Entity Store Entities tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/exception_lists: delete: operationId: DeleteExceptionList @@ -8421,29 +8379,26 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified in: query name: list_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -8451,41 +8406,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Deletes an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionList parameters: @@ -8494,29 +8447,26 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified in: query name: list_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -8524,41 +8474,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Retrieves an exception list using its `id` or `list_id` field tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionList requestBody: @@ -8569,33 +8517,33 @@ paths: properties: description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Exceptions_API_ExceptionListTags default: [] type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType + #/components/schemas/Security_Exceptions_API_ExceptionListType version: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Exceptions_API_ExceptionListVersion default: 1 required: - name @@ -8608,8 +8556,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -8617,41 +8564,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionList requestBody: @@ -8664,36 +8609,35 @@ paths: type: string description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Exceptions_API_ExceptionListTags type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType + #/components/schemas/Security_Exceptions_API_ExceptionListType version: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Exceptions_API_ExceptionListVersion required: - name - description @@ -8705,8 +8649,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -8714,41 +8657,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Updates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_duplicate: post: operationId: DuplicateExceptionList @@ -8758,14 +8699,13 @@ paths: name: list_id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: true schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - description: >- Determines whether to include expired exceptions in the exported list @@ -8783,8 +8723,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -8792,41 +8731,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '405': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list to duplicate not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Duplicates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_export: post: description: Exports an exception list and its associated items to an .ndjson file @@ -8837,21 +8774,19 @@ paths: name: id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human identifier in: query name: list_id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: true schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - description: >- Determines whether to include expired exceptions in the exported list @@ -8881,41 +8816,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Exports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_find: get: operationId: FindExceptionLists @@ -8938,7 +8871,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListsFilter + #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - description: > Determines whether the returned containers are Kibana associated with a Kibana space @@ -8952,7 +8885,7 @@ paths: - single items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType type: array - description: The page number to return in: query @@ -8993,7 +8926,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + #/components/schemas/Security_Exceptions_API_ExceptionList type: array page: minimum: 1 @@ -9016,34 +8949,33 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Finds exception lists tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_import: post: description: Imports an exception list and associated items @@ -9107,7 +9039,7 @@ paths: properties: errors: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray success: type: boolean success_count: @@ -9138,34 +9070,33 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Imports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items: delete: operationId: DeleteExceptionListItem @@ -9175,29 +9106,27 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -9205,41 +9134,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Deletes an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionListItem parameters: @@ -9248,29 +9175,27 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -9278,41 +9203,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Gets an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionListItem requestBody: @@ -9323,44 +9246,44 @@ paths: properties: comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags default: [] type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - list_id - type @@ -9374,8 +9297,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -9383,41 +9305,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionListItem requestBody: @@ -9430,48 +9350,48 @@ paths: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Exceptions_API_ExceptionListItemId description: Either `id` or `item_id` must be specified item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId description: Either `id` or `item_id` must be specified list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - type - name @@ -9484,8 +9404,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -9493,41 +9412,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Updates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items/_find: get: operationId: FindExceptionListItems @@ -9539,7 +9456,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId type: array - description: > Filters the returned results according to the value of the specified @@ -9553,7 +9470,7 @@ paths: default: [] items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListItemsFilter + #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter type: array - description: > Determines whether the returned containers are Kibana associated @@ -9568,7 +9485,7 @@ paths: - single items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType type: array - in: query name: search @@ -9594,8 +9511,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -9615,7 +9531,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + #/components/schemas/Security_Exceptions_API_ExceptionListItem type: array page: minimum: 1 @@ -9640,41 +9556,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Finds exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/summary: get: operationId: ReadExceptionListSummary @@ -9684,21 +9598,19 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human readable identifier in: query name: list_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single - description: Search filter clause in: query @@ -9732,41 +9644,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Retrieves an exception list summary tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exceptions/shared: post: operationId: CreateSharedExceptionList @@ -9778,10 +9688,10 @@ paths: properties: description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListName required: - name - description @@ -9791,8 +9701,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -9800,41 +9709,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates a shared exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/fleet/agent_download_sources: get: operationId: get-download-sources @@ -13541,7 +13448,7 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - in: query name: deleteReferences required: false @@ -13559,7 +13466,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -13567,41 +13474,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Deletes a list tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadList parameters: @@ -13610,13 +13512,13 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -13624,41 +13526,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Retrieves a list using its id field tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchList requestBody: @@ -13670,15 +13567,13 @@ paths: _version: type: string description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription + $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' version: minimum: 1 type: integer @@ -13691,7 +13586,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -13699,41 +13594,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Patches a list tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateList requestBody: @@ -13743,21 +13633,19 @@ paths: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription + $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: type: string type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' version: default: 1 minimum: 1 @@ -13773,7 +13661,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -13781,41 +13669,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Creates a list tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateList requestBody: @@ -13827,15 +13710,13 @@ paths: _version: type: string description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription + $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' version: minimum: 1 type: integer @@ -13850,7 +13731,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -13858,41 +13739,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Updates a list tags: - - Security Solution Lists API + - Security Lists API /api/lists/_find: get: operationId: FindLists @@ -13914,7 +13790,7 @@ paths: name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -13937,7 +13813,7 @@ paths: name: cursor required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsCursor' + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - description: > Filters the returned results according to the value of the specified field, @@ -13947,7 +13823,7 @@ paths: name: filter required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsFilter' + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' responses: '200': content: @@ -13956,11 +13832,10 @@ paths: type: object properties: cursor: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListsCursor + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' data: items: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' type: array page: minimum: 0 @@ -13984,34 +13859,30 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Finds lists tags: - - Security Solution Lists API + - Security Lists API /api/lists/index: delete: operationId: DeleteListIndex @@ -14033,41 +13904,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Deletes list data streams tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListIndex responses: @@ -14091,41 +13957,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream(s) not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Get list data stream existence status tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListIndex responses: @@ -14146,41 +14007,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Creates necessary list data streams tags: - - Security Solution Lists API + - Security Lists API /api/lists/items: delete: operationId: DeleteListItem @@ -14190,13 +14046,13 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: list_id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: value @@ -14222,10 +14078,9 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + - $ref: '#/components/schemas/Security_Lists_API_ListItem' - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array description: Successful response '400': @@ -14234,41 +14089,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Deletes a list item tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListItem parameters: @@ -14277,13 +14127,13 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: list_id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: value @@ -14296,10 +14146,9 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + - $ref: '#/components/schemas/Security_Lists_API_ListItem' - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array description: Successful response '400': @@ -14308,41 +14157,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Gets a list item tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchListItem requestBody: @@ -14354,10 +14198,9 @@ paths: _version: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: description: >- Determines when changes made by the request are made visible @@ -14368,8 +14211,7 @@ paths: - wait_for type: string value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id description: List item's properties @@ -14379,7 +14221,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: @@ -14387,41 +14229,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Patches a list item tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListItem requestBody: @@ -14431,12 +14268,11 @@ paths: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: description: >- Determines when changes made by the request are made visible @@ -14447,8 +14283,7 @@ paths: - wait_for type: string value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - list_id - value @@ -14459,7 +14294,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: @@ -14467,41 +14302,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Creates a list item tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateListItem requestBody: @@ -14513,13 +14343,11 @@ paths: _version: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - value @@ -14530,7 +14358,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: @@ -14538,41 +14366,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Updates a list item tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_export: post: description: Exports list item values from the specified list @@ -14583,7 +14406,7 @@ paths: name: list_id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' responses: '200': content: @@ -14599,41 +14422,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Exports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_find: get: operationId: FindListItems @@ -14643,7 +14461,7 @@ paths: name: list_id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: The page number to return in: query name: page @@ -14661,7 +14479,7 @@ paths: name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -14684,8 +14502,7 @@ paths: name: cursor required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - description: > Filters the returned results according to the value of the specified field, @@ -14695,8 +14512,7 @@ paths: name: filter required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsFilter + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' responses: '200': content: @@ -14706,11 +14522,10 @@ paths: properties: cursor: $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor + #/components/schemas/Security_Lists_API_FindListItemsCursor data: items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array page: minimum: 0 @@ -14734,34 +14549,30 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Finds list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_import: post: description: > @@ -14780,7 +14591,7 @@ paths: name: list_id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: > Type of the importing list. @@ -14791,7 +14602,7 @@ paths: name: type required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' - in: query name: serializer required: false @@ -14832,7 +14643,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -14840,41 +14651,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List with specified list_id does not exist response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Imports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/privileges: get: operationId: ReadListPrivileges @@ -14888,11 +14694,9 @@ paths: is_authenticated: type: boolean listItems: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemPrivileges + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' lists: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListPrivileges + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' required: - lists - listItems @@ -14904,34 +14708,30 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Gets list privileges tags: - - Security Solution Lists API + - Security Lists API /api/ml/saved_objects/sync: get: description: > @@ -14998,7 +14798,7 @@ paths: description: Indicates the note was successfully deleted. summary: Deletes a note from a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: description: Gets notes @@ -15008,7 +14808,7 @@ paths: name: documentIds required: true schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DocumentIds' + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - in: query name: page schema: @@ -15044,7 +14844,7 @@ paths: description: Indicates the requested notes were returned. summary: Get all notes for a given document. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: operationId: PersistNoteRoute @@ -15064,7 +14864,7 @@ paths: nullable: true type: string note: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + $ref: '#/components/schemas/Security_Timeline_API_BareNote' noteId: nullable: true type: string @@ -15096,8 +14896,7 @@ paths: message: type: string note: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Note + $ref: '#/components/schemas/Security_Timeline_API_Note' required: - code - message @@ -15109,7 +14908,7 @@ paths: description: Indicates the note was successfully created. summary: Persists a note to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/osquery/live_queries: get: @@ -15121,18 +14920,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindLiveQueryRequestQuery + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get live queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a live query. operationId: OsqueryCreateLiveQuery @@ -15141,7 +14940,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateLiveQueryRequestBody + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody required: true responses: '200': @@ -15149,11 +14948,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Create a live query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}': get: description: Get the details of a live query using the query ID. @@ -15163,7 +14962,7 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: query name: query schema: @@ -15175,11 +14974,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get live query details tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}/results/{actionId}': get: description: Get the results of a live query using the query action ID. @@ -15189,29 +14988,29 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: path name: actionId required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: query name: query required: true schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get live query results tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/packs: get: description: Get a list of all query packs. @@ -15221,19 +15020,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindPacksRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get packs tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create a query pack. operationId: OsqueryCreatePacks @@ -15241,8 +15039,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreatePacksRequestBody + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' required: true responses: '200': @@ -15250,11 +15047,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Create a pack tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/packs/{id}': delete: description: Delete a query pack using the pack ID. @@ -15264,18 +15061,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Delete a pack tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a query pack using the pack ID. operationId: OsqueryGetPacksDetails @@ -15284,18 +15081,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get pack details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a query pack using the pack ID. @@ -15307,13 +15104,12 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdatePacksRequestBody + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' required: true responses: '200': @@ -15321,11 +15117,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Update a pack tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/saved_queries: get: description: Get a list of all saved queries. @@ -15336,18 +15132,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindSavedQueryRequestQuery + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get saved queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a saved query. operationId: OsqueryCreateSavedQuery @@ -15356,7 +15152,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateSavedQueryRequestBody + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody required: true responses: '200': @@ -15364,11 +15160,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Create a saved query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/saved_queries/{id}': delete: description: Delete a saved query using the query ID. @@ -15378,18 +15174,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Delete a saved query tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a saved query using the query ID. operationId: OsqueryGetSavedQueryDetails @@ -15398,18 +15194,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get saved query details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a saved query using the query ID. @@ -15421,13 +15217,13 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdateSavedQueryRequestBody + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody required: true responses: '200': @@ -15435,11 +15231,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Update a saved query tags: - - Security Solution Osquery API + - Security Osquery API /api/pinned_event: patch: operationId: PersistPinnedEventRoute @@ -15474,7 +15270,7 @@ paths: persistPinnedEventOnTimeline: allOf: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent + #/components/schemas/Security_Timeline_API_PinnedEvent - type: object properties: code: @@ -15488,7 +15284,7 @@ paths: description: Indicate the event was successfully pinned in the timeline. summary: Persists a pinned event to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/risk_score/engine/schedule_now: post: @@ -15502,25 +15298,25 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowResponse + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_TaskManagerUnavailableResponse + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse description: Task manager is unavailable default: content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse description: Unexpected error summary: Schedule the risk engine to run as soon as possible tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/saved_objects/_export: post: description: > @@ -16398,7 +16194,7 @@ paths: description: Indicates the timeline was successfully deleted. summary: Deletes one or more timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: operationId: GetTimeline @@ -16425,7 +16221,7 @@ paths: properties: getOneTimeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse nullable: true required: - getOneTimeline @@ -16436,7 +16232,7 @@ paths: Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: description: >- @@ -16451,8 +16247,7 @@ paths: type: object properties: timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' timelineId: nullable: true type: string @@ -16480,7 +16275,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - timeline required: @@ -16506,7 +16301,7 @@ paths: a draft timeline. summary: Updates an existing timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: operationId: CreateTimelines @@ -16517,8 +16312,7 @@ paths: type: object properties: status: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineStatus + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' nullable: true templateTimelineId: nullable: true @@ -16527,14 +16321,12 @@ paths: nullable: true type: number timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' timelineId: nullable: true type: string timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true version: nullable: true @@ -16560,7 +16352,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - persistTimeline required: @@ -16579,7 +16371,7 @@ paths: description: Indicates that there was an error in the timeline creation. summary: Creates a new timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_draft: get: @@ -16589,7 +16381,7 @@ paths: name: timelineType required: true schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' responses: '200': content: @@ -16605,7 +16397,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - timeline required: @@ -16645,7 +16437,7 @@ paths: Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: description: > @@ -16659,8 +16451,7 @@ paths: type: object properties: timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' required: - timelineType description: >- @@ -16682,7 +16473,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - timeline required: @@ -16721,7 +16512,7 @@ paths: timelineId. summary: Retrieves a draft timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_export: post: @@ -16767,7 +16558,7 @@ paths: description: Indicates that the export size limit was exceeded summary: Exports timelines as an NDJSON file tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_favorite: patch: @@ -16788,8 +16579,7 @@ paths: nullable: true type: string timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true required: - timelineId @@ -16810,7 +16600,7 @@ paths: properties: persistFavorite: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResponse + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse required: - persistFavorite required: @@ -16831,7 +16621,7 @@ paths: the favorite status. summary: Persists a given users favorite status of a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_import: post: @@ -16844,8 +16634,7 @@ paths: properties: file: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Readable + - $ref: '#/components/schemas/Security_Timeline_API_Readable' - type: object properties: hapi: @@ -16876,7 +16665,7 @@ paths: properties: data: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult + #/components/schemas/Security_Timeline_API_ImportTimelineResult required: - data description: Indicates the import of timelines was successful. @@ -16923,7 +16712,7 @@ paths: description: Indicates the import of timelines was unsuccessful. summary: Imports timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_prepackaged: post: @@ -16936,19 +16725,16 @@ paths: properties: prepackagedTimelines: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' type: array timelinesToInstall: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' nullable: true type: array timelinesToUpdate: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' nullable: true type: array required: @@ -16966,7 +16752,7 @@ paths: properties: data: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult + #/components/schemas/Security_Timeline_API_ImportTimelineResult required: - data description: Indicates the installation of prepackaged timelines was successful. @@ -16985,7 +16771,7 @@ paths: unsuccessful. summary: Installs prepackaged timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/resolve: get: @@ -17013,7 +16799,7 @@ paths: properties: getOneTimeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse nullable: true required: - getOneTimeline @@ -17026,7 +16812,7 @@ paths: description: The (template) timeline was not found summary: Get an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timelines: get: @@ -17046,13 +16832,12 @@ paths: - in: query name: timeline_type schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true - in: query name: sort_field schema: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SortFieldTimeline + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' - in: query name: sort_order schema: @@ -17078,7 +16863,7 @@ paths: - in: query name: status schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineStatus' + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' nullable: true responses: '200': @@ -17103,7 +16888,7 @@ paths: timelines: items: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse type: array totalCount: type: number @@ -17133,7 +16918,7 @@ paths: This API is used to retrieve a list of existing saved timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' '/s/{spaceId}/api/observability/slos': get: @@ -23083,72 +22868,68 @@ components: name: description: User name type: string - Security_Solution_Detections_API_AlertAssignees: + Security_Detections_API_AlertAssignees: type: object properties: add: description: A list of users ids to assign. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array remove: description: A list of users ids to unassign. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array required: - add - remove - Security_Solution_Detections_API_AlertIds: + Security_Detections_API_AlertIds: description: A list of alerts ids. items: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array - Security_Solution_Detections_API_AlertsIndex: + Security_Detections_API_AlertsIndex: deprecated: true description: (deprecated) Has no effect. type: string - Security_Solution_Detections_API_AlertsIndexNamespace: + Security_Detections_API_AlertsIndexNamespace: description: Has no effect. type: string - Security_Solution_Detections_API_AlertsSort: + Security_Detections_API_AlertsSort: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations + #/components/schemas/Security_Detections_API_AlertsSortCombinations type: array - Security_Solution_Detections_API_AlertsSortCombinations: + Security_Detections_API_AlertsSortCombinations: anyOf: - type: string - additionalProperties: true type: object - Security_Solution_Detections_API_AlertStatus: + Security_Detections_API_AlertStatus: enum: - open - closed - acknowledged - in-progress type: string - Security_Solution_Detections_API_AlertSuppression: + Security_Detections_API_AlertSuppression: type: object properties: duration: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration + #/components/schemas/Security_Detections_API_AlertSuppressionDuration group_by: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionGroupBy + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' missing_fields_strategy: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy + #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy required: - group_by - Security_Solution_Detections_API_AlertSuppressionDuration: + Security_Detections_API_AlertSuppressionDuration: type: object properties: unit: @@ -23163,13 +22944,13 @@ components: required: - value - unit - Security_Solution_Detections_API_AlertSuppressionGroupBy: + Security_Detections_API_AlertSuppressionGroupBy: items: type: string maxItems: 3 minItems: 1 type: array - Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy: + Security_Detections_API_AlertSuppressionMissingFieldsStrategy: description: >- Describes how alerts will be generated for documents with missing suppress by fields: @@ -23181,38 +22962,38 @@ components: - doNotSuppress - suppress type: string - Security_Solution_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_AlertTags: + Security_Detections_API_AlertTag: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_AlertTags: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTag' + $ref: '#/components/schemas/Security_Detections_API_AlertTag' type: array - Security_Solution_Detections_API_AnomalyThreshold: + Security_Detections_API_AnomalyThreshold: description: Anomaly threshold minimum: 0 type: integer - Security_Solution_Detections_API_BuildingBlockType: + Security_Detections_API_BuildingBlockType: description: >- Determines if the rule acts as a building block. By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts. Its value must be default. type: string - Security_Solution_Detections_API_BulkActionEditPayload: + Security_Detections_API_BulkActionEditPayload: anyOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTags + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns + #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields + #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTimeline + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadRuleActions + #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadSchedule - Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns: + #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule + Security_Detections_API_BulkActionEditPayloadIndexPatterns: type: object properties: overwrite_data_views: @@ -23224,12 +23005,11 @@ components: - set_index_patterns type: string value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields: + Security_Detections_API_BulkActionEditPayloadInvestigationFields: type: object properties: type: @@ -23239,12 +23019,11 @@ components: - set_investigation_fields type: string value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadRuleActions: + Security_Detections_API_BulkActionEditPayloadRuleActions: type: object properties: type: @@ -23258,17 +23037,17 @@ components: actions: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleAction + #/components/schemas/Security_Detections_API_NormalizedRuleAction type: array throttle: $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThrottleForBulkActions + #/components/schemas/Security_Detections_API_ThrottleForBulkActions required: - actions required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadSchedule: + Security_Detections_API_BulkActionEditPayloadSchedule: type: object properties: type: @@ -23296,7 +23075,7 @@ components: required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadTags: + Security_Detections_API_BulkActionEditPayloadTags: type: object properties: type: @@ -23306,11 +23085,11 @@ components: - set_tags type: string value: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleTagArray' + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadTimeline: + Security_Detections_API_BulkActionEditPayloadTimeline: type: object properties: type: @@ -23321,18 +23100,17 @@ components: type: object properties: timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle required: - timeline_id - timeline_title required: - type - value - Security_Solution_Detections_API_BulkActionsDryRunErrCode: + Security_Detections_API_BulkActionsDryRunErrCode: enum: - IMMUTABLE - MACHINE_LEARNING_AUTH @@ -23341,7 +23119,7 @@ components: - MANUAL_RULE_RUN_FEATURE - MANUAL_RULE_RUN_DISABLED_RULE type: string - Security_Solution_Detections_API_BulkActionSkipResult: + Security_Detections_API_BulkActionSkipResult: type: object properties: id: @@ -23349,12 +23127,11 @@ components: name: type: string skip_reason: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditSkipReason + $ref: '#/components/schemas/Security_Detections_API_BulkEditSkipReason' required: - id - skip_reason - Security_Solution_Detections_API_BulkDeleteRules: + Security_Detections_API_BulkDeleteRules: type: object properties: action: @@ -23372,7 +23149,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkDisableRules: + Security_Detections_API_BulkDisableRules: type: object properties: action: @@ -23390,7 +23167,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkDuplicateRules: + Security_Detections_API_BulkDuplicateRules: type: object properties: action: @@ -23420,7 +23197,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkEditActionResponse: + Security_Detections_API_BulkEditActionResponse: type: object properties: attributes: @@ -23429,14 +23206,14 @@ components: errors: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleError + #/components/schemas/Security_Detections_API_NormalizedRuleError type: array results: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResults + #/components/schemas/Security_Detections_API_BulkEditActionResults summary: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionSummary + #/components/schemas/Security_Detections_API_BulkEditActionSummary required: - results - summary @@ -23450,32 +23227,31 @@ components: type: boolean required: - attributes - Security_Solution_Detections_API_BulkEditActionResults: + Security_Detections_API_BulkEditActionResults: type: object properties: created: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array deleted: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array skipped: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionSkipResult + $ref: '#/components/schemas/Security_Detections_API_BulkActionSkipResult' type: array updated: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array required: - updated - created - deleted - skipped - Security_Solution_Detections_API_BulkEditActionSummary: + Security_Detections_API_BulkEditActionSummary: type: object properties: failed: @@ -23491,7 +23267,7 @@ components: - skipped - succeeded - total - Security_Solution_Detections_API_BulkEditRules: + Security_Detections_API_BulkEditRules: type: object properties: action: @@ -23501,8 +23277,7 @@ components: edit: description: Array of objects containing the edit operations items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayload + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload' minItems: 1 type: array ids: @@ -23517,11 +23292,11 @@ components: required: - action - edit - Security_Solution_Detections_API_BulkEditSkipReason: + Security_Detections_API_BulkEditSkipReason: enum: - RULE_NOT_MODIFIED type: string - Security_Solution_Detections_API_BulkEnableRules: + Security_Detections_API_BulkEnableRules: type: object properties: action: @@ -23539,9 +23314,9 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkExportActionResponse: + Security_Detections_API_BulkExportActionResponse: type: string - Security_Solution_Detections_API_BulkExportRules: + Security_Detections_API_BulkExportRules: type: object properties: action: @@ -23559,7 +23334,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkManualRuleRun: + Security_Detections_API_BulkManualRuleRun: type: object properties: action: @@ -23589,12 +23364,12 @@ components: required: - action - run - Security_Solution_Detections_API_ConcurrentSearches: + Security_Detections_API_ConcurrentSearches: minimum: 1 type: integer - Security_Solution_Detections_API_DataViewId: + Security_Detections_API_DataViewId: type: string - Security_Solution_Detections_API_DefaultParams: + Security_Detections_API_DefaultParams: type: object properties: command: @@ -23605,7 +23380,7 @@ components: type: string required: - command - Security_Solution_Detections_API_EcsMapping: + Security_Detections_API_EcsMapping: additionalProperties: type: object properties: @@ -23618,7 +23393,7 @@ components: type: string type: array type: object - Security_Solution_Detections_API_EndpointResponseAction: + Security_Detections_API_EndpointResponseAction: type: object properties: action_type_id: @@ -23627,53 +23402,44 @@ components: type: string params: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_DefaultParams - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ProcessesParams + - $ref: '#/components/schemas/Security_Detections_API_DefaultParams' + - $ref: '#/components/schemas/Security_Detections_API_ProcessesParams' required: - action_type_id - params - Security_Solution_Detections_API_EqlOptionalFields: + Security_Detections_API_EqlOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' event_category_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EventCategoryOverride + $ref: '#/components/schemas/Security_Detections_API_EventCategoryOverride' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array tiebreaker_field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TiebreakerField + $ref: '#/components/schemas/Security_Detections_API_TiebreakerField' timestamp_field: - $ref: '#/components/schemas/Security_Solution_Detections_API_TimestampField' - Security_Solution_Detections_API_EqlQueryLanguage: + $ref: '#/components/schemas/Security_Detections_API_TimestampField' + Security_Detections_API_EqlQueryLanguage: enum: - eql type: string - Security_Solution_Detections_API_EqlRequiredFields: + Security_Detections_API_EqlRequiredFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' description: Query language to use query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: EQL query to execute type: description: Rule type @@ -23684,125 +23450,101 @@ components: - type - query - language - Security_Solution_Detections_API_EqlRule: + Security_Detections_API_EqlRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -23826,428 +23568,341 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleResponseFields - Security_Solution_Detections_API_EqlRuleCreateFields: + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' + Security_Detections_API_EqlRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleCreateProps: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_EqlRulePatchFields: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_EqlRulePatchFields: allOf: - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' description: Query language to use query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: EQL query to execute type: description: Rule type enum: - eql type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRulePatchProps: + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchFields - Security_Solution_Detections_API_EqlRuleResponseFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' + Security_Detections_API_EqlRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleUpdateProps: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_ErrorSchema: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_ErrorSchema: additionalProperties: false type: object properties: @@ -24271,133 +23926,108 @@ components: minLength: 1 type: string rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' required: - error - Security_Solution_Detections_API_EsqlQueryLanguage: + Security_Detections_API_EsqlQueryLanguage: enum: - esql type: string - Security_Solution_Detections_API_EsqlRule: + Security_Detections_API_EsqlRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -24421,301 +24051,241 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleResponseFields - Security_Solution_Detections_API_EsqlRuleCreateFields: + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' + Security_Detections_API_EsqlRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleCreateProps: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EsqlRuleOptionalFields: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EsqlRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - Security_Solution_Detections_API_EsqlRulePatchProps: + Security_Detections_API_EsqlRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: ESQL query to execute references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' type: description: Rule type enum: - esql type: string version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - Security_Solution_Detections_API_EsqlRuleRequiredFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + Security_Detections_API_EsqlRuleRequiredFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: ESQL query to execute type: description: Rule type @@ -24726,147 +24296,118 @@ components: - type - language - query - Security_Solution_Detections_API_EsqlRuleResponseFields: + Security_Detections_API_EsqlRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleUpdateProps: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EventCategoryOverride: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EventCategoryOverride: type: string - Security_Solution_Detections_API_ExceptionListType: + Security_Detections_API_ExceptionListType: description: The exception type enum: - detection @@ -24877,7 +24418,7 @@ components: - endpoint_host_isolation_exceptions - endpoint_blocklists type: string - Security_Solution_Detections_API_ExternalRuleSource: + Security_Detections_API_ExternalRuleSource: description: >- Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo. @@ -24885,7 +24426,7 @@ components: properties: is_customized: $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsExternalRuleCustomized + #/components/schemas/Security_Detections_API_IsExternalRuleCustomized type: enum: - external @@ -24893,7 +24434,7 @@ components: required: - type - is_customized - Security_Solution_Detections_API_FindRulesSortField: + Security_Detections_API_FindRulesSortField: enum: - created_at - createdAt @@ -24910,13 +24451,13 @@ components: - updated_at - updatedAt type: string - Security_Solution_Detections_API_HistoryWindowStart: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_IndexPatternArray: + Security_Detections_API_HistoryWindowStart: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_IndexPatternArray: items: type: string type: array - Security_Solution_Detections_API_InternalRuleSource: + Security_Detections_API_InternalRuleSource: description: >- Type of rule source for internally sourced rules, i.e. created within the Kibana apps. @@ -24928,7 +24469,7 @@ components: type: string required: - type - Security_Solution_Detections_API_InvestigationFields: + Security_Detections_API_InvestigationFields: description: > Schema for fields relating to investigation fields. These are user defined fields we use to highlight @@ -24961,39 +24502,38 @@ components: properties: field_names: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array required: - field_names - Security_Solution_Detections_API_InvestigationGuide: + Security_Detections_API_InvestigationGuide: description: Notes to help investigate alerts produced by the rule. type: string - Security_Solution_Detections_API_IsExternalRuleCustomized: + Security_Detections_API_IsExternalRuleCustomized: description: >- Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value). type: boolean - Security_Solution_Detections_API_IsRuleEnabled: + Security_Detections_API_IsRuleEnabled: description: Determines whether the rule is enabled. type: boolean - Security_Solution_Detections_API_IsRuleImmutable: + Security_Detections_API_IsRuleImmutable: deprecated: true description: >- This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field. type: boolean - Security_Solution_Detections_API_ItemsPerSearch: + Security_Detections_API_ItemsPerSearch: minimum: 1 type: integer - Security_Solution_Detections_API_KqlQueryLanguage: + Security_Detections_API_KqlQueryLanguage: enum: - kuery - lucene type: string - Security_Solution_Detections_API_MachineLearningJobId: + Security_Detections_API_MachineLearningJobId: description: Machine learning job ID oneOf: - type: string @@ -25001,125 +24541,101 @@ components: type: string minItems: 1 type: array - Security_Solution_Detections_API_MachineLearningRule: + Security_Detections_API_MachineLearningRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -25143,303 +24659,248 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleResponseFields - Security_Solution_Detections_API_MachineLearningRuleCreateFields: + #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields + Security_Detections_API_MachineLearningRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleCreateProps: + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MachineLearningRuleOptionalFields: + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MachineLearningRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - Security_Solution_Detections_API_MachineLearningRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + Security_Detections_API_MachineLearningRulePatchFields: allOf: - type: object properties: anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' machine_learning_job_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId + #/components/schemas/Security_Detections_API_MachineLearningJobId type: description: Rule type enum: - machine_learning type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRulePatchProps: + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchFields - Security_Solution_Detections_API_MachineLearningRuleRequiredFields: + #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields + Security_Detections_API_MachineLearningRuleRequiredFields: type: object properties: anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' type: description: Rule type enum: @@ -25449,272 +24910,222 @@ components: - type - machine_learning_job_id - anomaly_threshold - Security_Solution_Detections_API_MachineLearningRuleResponseFields: + Security_Detections_API_MachineLearningRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleUpdateProps: + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MaxSignals: + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MaxSignals: minimum: 1 type: integer - Security_Solution_Detections_API_NewTermsFields: + Security_Detections_API_NewTermsFields: items: type: string maxItems: 3 minItems: 1 type: array - Security_Solution_Detections_API_NewTermsRule: + Security_Detections_API_NewTermsRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -25738,329 +25149,269 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleResponseFields - Security_Solution_Detections_API_NewTermsRuleCreateFields: + #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields + Security_Detections_API_NewTermsRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRuleCreateProps: + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NewTermsRuleDefaultableFields: + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NewTermsRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_NewTermsRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_NewTermsRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - Security_Solution_Detections_API_NewTermsRulePatchFields: + Security_Detections_API_NewTermsRulePatchFields: allOf: - type: object properties: history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' new_terms_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsFields + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' type: description: Rule type enum: - new_terms type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRulePatchProps: + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchFields - Security_Solution_Detections_API_NewTermsRuleRequiredFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' + Security_Detections_API_NewTermsRuleRequiredFields: type: object properties: history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' new_terms_fields: - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsFields' + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' type: description: Rule type enum: @@ -26071,189 +25422,157 @@ components: - query - new_terms_fields - history_window_start - Security_Solution_Detections_API_NewTermsRuleResponseFields: + Security_Detections_API_NewTermsRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_NewTermsRuleUpdateProps: + Security_Detections_API_NewTermsRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NonEmptyString: + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Detections_API_NormalizedRuleAction: + Security_Detections_API_NormalizedRuleAction: additionalProperties: false type: object properties: alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' required: - id - params - Security_Solution_Detections_API_NormalizedRuleError: + Security_Detections_API_NormalizedRuleError: type: object properties: err_code: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionsDryRunErrCode + #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode message: type: string rules: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDetailsInError + $ref: '#/components/schemas/Security_Detections_API_RuleDetailsInError' type: array status_code: type: integer @@ -26261,16 +25580,16 @@ components: - message - status_code - rules - Security_Solution_Detections_API_OsqueryParams: + Security_Detections_API_OsqueryParams: type: object properties: ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' pack_id: type: string queries: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryQuery' + $ref: '#/components/schemas/Security_Detections_API_OsqueryQuery' type: array query: type: string @@ -26278,11 +25597,11 @@ components: type: string timeout: type: number - Security_Solution_Detections_API_OsqueryQuery: + Security_Detections_API_OsqueryQuery: type: object properties: ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' id: description: Query ID type: string @@ -26301,7 +25620,7 @@ components: required: - id - query - Security_Solution_Detections_API_OsqueryResponseAction: + Security_Detections_API_OsqueryResponseAction: type: object properties: action_type_id: @@ -26309,11 +25628,11 @@ components: - .osquery type: string params: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryParams' + $ref: '#/components/schemas/Security_Detections_API_OsqueryParams' required: - action_type_id - params - Security_Solution_Detections_API_PlatformErrorResponse: + Security_Detections_API_PlatformErrorResponse: type: object properties: error: @@ -26326,7 +25645,7 @@ components: - statusCode - error - message - Security_Solution_Detections_API_ProcessesParams: + Security_Detections_API_ProcessesParams: type: object properties: command: @@ -26351,125 +25670,101 @@ components: required: - command - config - Security_Solution_Detections_API_QueryRule: + Security_Detections_API_QueryRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -26493,176 +25788,142 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleResponseFields - Security_Solution_Detections_API_QueryRuleCreateFields: + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' + Security_Detections_API_QueryRuleCreateFields: allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRuleCreateProps: + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_QueryRuleDefaultableFields: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_QueryRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - Security_Solution_Detections_API_QueryRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + Security_Detections_API_QueryRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_QueryRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_QueryRulePatchFields: allOf: - type: object properties: @@ -26671,138 +25932,110 @@ components: enum: - query type: string + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRulePatchProps: + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchFields - Security_Solution_Detections_API_QueryRuleRequiredFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' + Security_Detections_API_QueryRuleRequiredFields: type: object properties: type: @@ -26812,155 +26045,125 @@ components: type: string required: - type - Security_Solution_Detections_API_QueryRuleResponseFields: + Security_Detections_API_QueryRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' required: - query - language - Security_Solution_Detections_API_QueryRuleUpdateProps: + Security_Detections_API_QueryRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_RelatedIntegration: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_RelatedIntegration: description: > Related integration is a potential dependency of a rule. It's assumed that if the user installs @@ -27021,20 +26224,19 @@ components: type: object properties: integration: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' package: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' version: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - package - version - Security_Solution_Detections_API_RelatedIntegrationArray: + Security_Detections_API_RelatedIntegrationArray: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegration + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' type: array - Security_Solution_Detections_API_RequiredField: + Security_Detections_API_RequiredField: description: > Describes an Elasticsearch field that is needed for the rule to function. @@ -27075,20 +26277,20 @@ components: description: Whether the field is an ECS field type: boolean name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Name of an Elasticsearch field type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Type of the Elasticsearch field required: - name - type - ecs - Security_Solution_Detections_API_RequiredFieldArray: + Security_Detections_API_RequiredFieldArray: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RequiredField' + $ref: '#/components/schemas/Security_Detections_API_RequiredField' type: array - Security_Solution_Detections_API_RequiredFieldInput: + Security_Detections_API_RequiredFieldInput: description: >- Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field @@ -27096,21 +26298,19 @@ components: type: object properties: name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Name of an Elasticsearch field type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Type of an Elasticsearch field required: - name - type - Security_Solution_Detections_API_ResponseAction: + Security_Detections_API_ResponseAction: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_OsqueryResponseAction - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EndpointResponseAction - Security_Solution_Detections_API_ResponseFields: + - $ref: '#/components/schemas/Security_Detections_API_OsqueryResponseAction' + - $ref: '#/components/schemas/Security_Detections_API_EndpointResponseAction' + Security_Detections_API_ResponseFields: type: object properties: created_at: @@ -27119,24 +26319,20 @@ components: created_by: type: string execution_summary: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionSummary + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary' id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' immutable: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleImmutable + $ref: '#/components/schemas/Security_Detections_API_IsRuleImmutable' required_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldArray + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldArray' revision: minimum: 0 type: integer rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_source: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleSource' + $ref: '#/components/schemas/Security_Detections_API_RuleSource' updated_at: format: date-time type: string @@ -27153,12 +26349,12 @@ components: - revision - related_integrations - required_fields - Security_Solution_Detections_API_RiskScore: + Security_Detections_API_RiskScore: description: Risk score (0 to 100) maximum: 100 minimum: 0 type: integer - Security_Solution_Detections_API_RiskScoreMapping: + Security_Detections_API_RiskScoreMapping: description: >- Overrides generated alerts' risk_score with a value from the source event @@ -27172,7 +26368,7 @@ components: - equals type: string risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' value: type: string required: @@ -27180,66 +26376,60 @@ components: - operator - value type: array - Security_Solution_Detections_API_RuleAction: + Security_Detections_API_RuleAction: type: object properties: action_type_id: description: The action type used for sending notifications. type: string alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' uuid: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - action_type_id - id - params - Security_Solution_Detections_API_RuleActionAlertsFilter: + Security_Detections_API_RuleActionAlertsFilter: additionalProperties: true type: object - Security_Solution_Detections_API_RuleActionFrequency: + Security_Detections_API_RuleActionFrequency: description: >- The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals). type: object properties: notifyWhen: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionNotifyWhen + $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' summary: description: >- Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert type: boolean throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' nullable: true required: - summary - notifyWhen - throttle - Security_Solution_Detections_API_RuleActionGroup: + Security_Detections_API_RuleActionGroup: description: >- Optionally groups actions by use cases. Use `default` for alert notifications. type: string - Security_Solution_Detections_API_RuleActionId: + Security_Detections_API_RuleActionId: description: The connector ID. type: string - Security_Solution_Detections_API_RuleActionNotifyWhen: + Security_Detections_API_RuleActionNotifyWhen: description: >- The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`, or `onThrottleInterval` @@ -27248,13 +26438,13 @@ components: - onThrottleInterval - onActionGroupChange type: string - Security_Solution_Detections_API_RuleActionParams: + Security_Detections_API_RuleActionParams: additionalProperties: true description: >- Object containing the allowed connector fields, which varies according to the connector type. type: object - Security_Solution_Detections_API_RuleActionThrottle: + Security_Detections_API_RuleActionThrottle: description: Defines how often rule actions are taken. oneOf: - enum: @@ -27265,34 +26455,30 @@ components: example: 1h pattern: '^[1-9]\d*[smhd]$' type: string - Security_Solution_Detections_API_RuleAuthorArray: + Security_Detections_API_RuleAuthorArray: items: type: string type: array - Security_Solution_Detections_API_RuleCreateProps: + Security_Detections_API_RuleCreateProps: anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' discriminator: propertyName: type - Security_Solution_Detections_API_RuleDescription: + Security_Detections_API_RuleDescription: minLength: 1 type: string - Security_Solution_Detections_API_RuleDetailsInError: + Security_Detections_API_RuleDetailsInError: type: object properties: id: @@ -27301,14 +26487,14 @@ components: type: string required: - id - Security_Solution_Detections_API_RuleExceptionList: + Security_Detections_API_RuleExceptionList: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: ID of the exception container list_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: List ID of the exception container namespace_type: description: Determines the exceptions validity in rule's Kibana space @@ -27317,14 +26503,13 @@ components: - single type: string type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExceptionListType + $ref: '#/components/schemas/Security_Detections_API_ExceptionListType' required: - id - list_id - type - namespace_type - Security_Solution_Detections_API_RuleExecutionMetrics: + Security_Detections_API_RuleExecutionMetrics: type: object properties: execution_gap_duration_s: @@ -27350,7 +26535,7 @@ components: request/response minimum: 0 type: integer - Security_Solution_Detections_API_RuleExecutionStatus: + Security_Detections_API_RuleExecutionStatus: description: >- Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with @@ -27383,9 +26568,9 @@ components: - failed - succeeded type: string - Security_Solution_Detections_API_RuleExecutionStatusOrder: + Security_Detections_API_RuleExecutionStatusOrder: type: integer - Security_Solution_Detections_API_RuleExecutionSummary: + Security_Detections_API_RuleExecutionSummary: type: object properties: last_execution: @@ -27399,14 +26584,13 @@ components: type: string metrics: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionMetrics + #/components/schemas/Security_Detections_API_RuleExecutionMetrics status: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatus + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' description: Status of the last execution status_order: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatusOrder + #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder required: - date - status @@ -27415,19 +26599,19 @@ components: - metrics required: - last_execution - Security_Solution_Detections_API_RuleFalsePositiveArray: + Security_Detections_API_RuleFalsePositiveArray: items: type: string type: array - Security_Solution_Detections_API_RuleFilterArray: + Security_Detections_API_RuleFilterArray: items: {} type: array - Security_Solution_Detections_API_RuleInterval: + Security_Detections_API_RuleInterval: description: >- Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes). type: string - Security_Solution_Detections_API_RuleIntervalFrom: + Security_Detections_API_RuleIntervalFrom: description: >- Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 @@ -27435,52 +26619,47 @@ components: minutes before the start time). format: date-math type: string - Security_Solution_Detections_API_RuleIntervalTo: + Security_Detections_API_RuleIntervalTo: type: string - Security_Solution_Detections_API_RuleLicense: + Security_Detections_API_RuleLicense: description: The rule's license. type: string - Security_Solution_Detections_API_RuleMetadata: + Security_Detections_API_RuleMetadata: additionalProperties: true type: object - Security_Solution_Detections_API_RuleName: + Security_Detections_API_RuleName: minLength: 1 type: string - Security_Solution_Detections_API_RuleNameOverride: + Security_Detections_API_RuleNameOverride: description: Sets the source field for the alert's signal.rule.name value type: string - Security_Solution_Detections_API_RuleObjectId: - $ref: '#/components/schemas/Security_Solution_Detections_API_UUID' - Security_Solution_Detections_API_RulePatchProps: + Security_Detections_API_RuleObjectId: + $ref: '#/components/schemas/Security_Detections_API_UUID' + Security_Detections_API_RulePatchProps: anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchProps + #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchProps + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRulePatchProps - Security_Solution_Detections_API_RulePreviewLoggedRequest: + #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' + Security_Detections_API_RulePreviewLoggedRequest: type: object properties: description: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' duration: type: integer request: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - request - Security_Solution_Detections_API_RulePreviewLogs: + Security_Detections_API_RulePreviewLogs: type: object properties: duration: @@ -27488,26 +26667,24 @@ components: type: integer errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array requests: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewLoggedRequest + #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest type: array startedAt: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' warnings: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array required: - errors - warnings - duration - Security_Solution_Detections_API_RulePreviewParams: + Security_Detections_API_RulePreviewParams: type: object properties: invocationCount: @@ -27518,30 +26695,28 @@ components: required: - invocationCount - timeframeEnd - Security_Solution_Detections_API_RuleQuery: + Security_Detections_API_RuleQuery: type: string - Security_Solution_Detections_API_RuleReferenceArray: + Security_Detections_API_RuleReferenceArray: items: type: string type: array - Security_Solution_Detections_API_RuleResponse: + Security_Detections_API_RuleResponse: anyOf: - - $ref: '#/components/schemas/Security_Solution_Detections_API_EqlRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_QueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdRule' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRule - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRule - - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_EsqlRule' + - $ref: '#/components/schemas/Security_Detections_API_EqlRule' + - $ref: '#/components/schemas/Security_Detections_API_QueryRule' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRule' discriminator: propertyName: type - Security_Solution_Detections_API_RuleSignatureId: + Security_Detections_API_RuleSignatureId: description: 'Could be any string, not necessarily a UUID' type: string - Security_Solution_Detections_API_RuleSource: + Security_Detections_API_RuleSource: description: >- Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such @@ -27549,175 +26724,145 @@ components: discriminator: propertyName: type oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExternalRuleSource - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InternalRuleSource - Security_Solution_Detections_API_RuleTagArray: + - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' + - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' + Security_Detections_API_RuleTagArray: description: >- String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array. items: type: string type: array - Security_Solution_Detections_API_RuleUpdateProps: + Security_Detections_API_RuleUpdateProps: anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleUpdateProps + #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleUpdateProps + #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleUpdateProps + #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleUpdateProps + #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' discriminator: propertyName: type - Security_Solution_Detections_API_RuleVersion: + Security_Detections_API_RuleVersion: description: The rule's version number. minimum: 1 type: integer - Security_Solution_Detections_API_SavedObjectResolveAliasPurpose: + Security_Detections_API_SavedObjectResolveAliasPurpose: enum: - savedObjectConversion - savedObjectImport type: string - Security_Solution_Detections_API_SavedObjectResolveAliasTargetId: + Security_Detections_API_SavedObjectResolveAliasTargetId: type: string - Security_Solution_Detections_API_SavedObjectResolveOutcome: + Security_Detections_API_SavedObjectResolveOutcome: enum: - exactMatch - aliasMatch - conflict type: string - Security_Solution_Detections_API_SavedQueryId: + Security_Detections_API_SavedQueryId: type: string - Security_Solution_Detections_API_SavedQueryRule: + Security_Detections_API_SavedQueryRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -27741,321 +26886,264 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleResponseFields - Security_Solution_Detections_API_SavedQueryRuleCreateFields: + #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields + Security_Detections_API_SavedQueryRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRuleCreateProps: + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SavedQueryRuleDefaultableFields: + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SavedQueryRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_SavedQueryRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_SavedQueryRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - Security_Solution_Detections_API_SavedQueryRulePatchFields: + Security_Detections_API_SavedQueryRulePatchFields: allOf: - type: object properties: saved_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryId + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' type: description: Rule type enum: - saved_query type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRulePatchProps: + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchFields - Security_Solution_Detections_API_SavedQueryRuleRequiredFields: + #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields + Security_Detections_API_SavedQueryRuleRequiredFields: type: object properties: saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' type: description: Rule type enum: @@ -28064,166 +27152,138 @@ components: required: - type - saved_id - Security_Solution_Detections_API_SavedQueryRuleResponseFields: + Security_Detections_API_SavedQueryRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_SavedQueryRuleUpdateProps: + Security_Detections_API_SavedQueryRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SetAlertsStatusByIds: + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SetAlertsStatusByIds: type: object properties: signal_ids: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' required: - signal_ids - status - Security_Solution_Detections_API_SetAlertsStatusByQuery: + Security_Detections_API_SetAlertsStatusByQuery: type: object properties: conflicts: @@ -28236,23 +27296,23 @@ components: additionalProperties: true type: object status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' required: - query - status - Security_Solution_Detections_API_SetAlertTags: + Security_Detections_API_SetAlertTags: type: object properties: tags_to_add: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' + $ref: '#/components/schemas/Security_Detections_API_AlertTags' tags_to_remove: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' + $ref: '#/components/schemas/Security_Detections_API_AlertTags' required: - tags_to_add - tags_to_remove - Security_Solution_Detections_API_SetupGuide: + Security_Detections_API_SetupGuide: type: string - Security_Solution_Detections_API_Severity: + Security_Detections_API_Severity: description: Severity of the rule enum: - low @@ -28260,7 +27320,7 @@ components: - high - critical type: string - Security_Solution_Detections_API_SeverityMapping: + Security_Detections_API_SeverityMapping: description: Overrides generated alerts' severity with values from the source event items: type: object @@ -28272,7 +27332,7 @@ components: - equals type: string severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' value: type: string required: @@ -28281,7 +27341,7 @@ components: - severity - value type: array - Security_Solution_Detections_API_SiemErrorResponse: + Security_Detections_API_SiemErrorResponse: type: object properties: message: @@ -28291,48 +27351,47 @@ components: required: - status_code - message - Security_Solution_Detections_API_SortOrder: + Security_Detections_API_SortOrder: enum: - asc - desc type: string - Security_Solution_Detections_API_Threat: + Security_Detections_API_Threat: type: object properties: framework: description: Relevant attack framework type: string tactic: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatTactic' + $ref: '#/components/schemas/Security_Detections_API_ThreatTactic' technique: description: Array containing information on the attack techniques (optional) items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatTechnique + $ref: '#/components/schemas/Security_Detections_API_ThreatTechnique' type: array required: - framework - tactic - Security_Solution_Detections_API_ThreatArray: + Security_Detections_API_ThreatArray: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threat' + $ref: '#/components/schemas/Security_Detections_API_Threat' type: array - Security_Solution_Detections_API_ThreatFilters: + Security_Detections_API_ThreatFilters: items: description: >- Query and filter context array used to filter documents from the Elasticsearch index containing the threat values type: array - Security_Solution_Detections_API_ThreatIndex: + Security_Detections_API_ThreatIndex: items: type: string type: array - Security_Solution_Detections_API_ThreatIndicatorPath: + Security_Detections_API_ThreatIndicatorPath: description: >- Defines the path to the threat indicator in the indicator documents (optional) type: string - Security_Solution_Detections_API_ThreatMapping: + Security_Detections_API_ThreatMapping: items: type: object properties: @@ -28341,15 +27400,13 @@ components: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: enum: - mapping type: string value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - field - type @@ -28359,125 +27416,101 @@ components: - entries minItems: 1 type: array - Security_Solution_Detections_API_ThreatMatchRule: + Security_Detections_API_ThreatMatchRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -28501,343 +27534,282 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleResponseFields - Security_Solution_Detections_API_ThreatMatchRuleCreateFields: + #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields + Security_Detections_API_ThreatMatchRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRuleCreateProps: + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields: + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' concurrent_searches: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ConcurrentSearches + $ref: '#/components/schemas/Security_Detections_API_ConcurrentSearches' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' items_per_search: - $ref: '#/components/schemas/Security_Solution_Detections_API_ItemsPerSearch' + $ref: '#/components/schemas/Security_Detections_API_ItemsPerSearch' saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' threat_filters: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatFilters' + $ref: '#/components/schemas/Security_Detections_API_ThreatFilters' threat_indicator_path: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndicatorPath + $ref: '#/components/schemas/Security_Detections_API_ThreatIndicatorPath' threat_language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRulePatchFields: allOf: - type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threat_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndex + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' threat_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMapping + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' threat_query: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatQuery + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' type: description: Rule type enum: - threat_match type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRulePatchProps: + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchFields - Security_Solution_Detections_API_ThreatMatchRuleRequiredFields: + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields + Security_Detections_API_ThreatMatchRuleRequiredFields: type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threat_index: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatIndex' + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' threat_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatMapping' + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' threat_query: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatQuery' + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' type: description: Rule type enum: @@ -28849,155 +27821,128 @@ components: - threat_query - threat_mapping - threat_index - Security_Solution_Detections_API_ThreatMatchRuleResponseFields: + Security_Detections_API_ThreatMatchRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_ThreatMatchRuleUpdateProps: + Security_Detections_API_ThreatMatchRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatQuery: + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatQuery: description: Query to run type: string - Security_Solution_Detections_API_ThreatSubtechnique: + Security_Detections_API_ThreatSubtechnique: type: object properties: id: @@ -29013,7 +27958,7 @@ components: - id - name - reference - Security_Solution_Detections_API_ThreatTactic: + Security_Detections_API_ThreatTactic: type: object properties: id: @@ -29029,7 +27974,7 @@ components: - id - name - reference - Security_Solution_Detections_API_ThreatTechnique: + Security_Detections_API_ThreatTechnique: type: object properties: id: @@ -29044,35 +27989,33 @@ components: subtechnique: description: Array containing more specific information on the attack technique items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatSubtechnique + $ref: '#/components/schemas/Security_Detections_API_ThreatSubtechnique' type: array required: - id - name - reference - Security_Solution_Detections_API_Threshold: + Security_Detections_API_Threshold: type: object properties: cardinality: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdCardinality + $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality' field: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdField' + $ref: '#/components/schemas/Security_Detections_API_ThresholdField' value: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdValue' + $ref: '#/components/schemas/Security_Detections_API_ThresholdValue' required: - field - value - Security_Solution_Detections_API_ThresholdAlertSuppression: + Security_Detections_API_ThresholdAlertSuppression: type: object properties: duration: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration + #/components/schemas/Security_Detections_API_AlertSuppressionDuration required: - duration - Security_Solution_Detections_API_ThresholdCardinality: + Security_Detections_API_ThresholdCardinality: items: type: object properties: @@ -29085,132 +28028,108 @@ components: - field - value type: array - Security_Solution_Detections_API_ThresholdField: + Security_Detections_API_ThresholdField: description: Field to aggregate on oneOf: - type: string - items: type: string type: array - Security_Solution_Detections_API_ThresholdRule: + Security_Detections_API_ThresholdRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -29234,319 +28153,265 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleResponseFields - Security_Solution_Detections_API_ThresholdRuleCreateFields: + #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields + Security_Detections_API_ThresholdRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRuleCreateProps: + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdRuleDefaultableFields: + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThresholdRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThresholdRuleOptionalFields: type: object properties: alert_suppression: $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdAlertSuppression + #/components/schemas/Security_Detections_API_ThresholdAlertSuppression data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_ThresholdRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_ThresholdRulePatchFields: allOf: - type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' + $ref: '#/components/schemas/Security_Detections_API_Threshold' type: description: Rule type enum: - threshold type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRulePatchProps: + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchFields - Security_Solution_Detections_API_ThresholdRuleRequiredFields: + #/components/schemas/Security_Detections_API_ThresholdRulePatchFields + Security_Detections_API_ThresholdRuleRequiredFields: type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' + $ref: '#/components/schemas/Security_Detections_API_Threshold' type: description: Rule type enum: @@ -29556,156 +28421,129 @@ components: - type - query - threshold - Security_Solution_Detections_API_ThresholdRuleResponseFields: + Security_Detections_API_ThresholdRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_ThresholdRuleUpdateProps: + Security_Detections_API_ThresholdRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdValue: + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdValue: description: Threshold value minimum: 1 type: integer - Security_Solution_Detections_API_ThrottleForBulkActions: + Security_Detections_API_ThrottleForBulkActions: description: >- The condition for throttling the notification: 'rule', 'no_actions', or time duration @@ -29715,29 +28553,29 @@ components: - 1d - 7d type: string - Security_Solution_Detections_API_TiebreakerField: + Security_Detections_API_TiebreakerField: description: Sets a secondary field for sorting events type: string - Security_Solution_Detections_API_TimelineTemplateId: + Security_Detections_API_TimelineTemplateId: description: Timeline template ID type: string - Security_Solution_Detections_API_TimelineTemplateTitle: + Security_Detections_API_TimelineTemplateTitle: description: Timeline template title type: string - Security_Solution_Detections_API_TimestampField: + Security_Detections_API_TimestampField: description: Contains the event timestamp used for sorting a sequence of events type: string - Security_Solution_Detections_API_TimestampOverride: + Security_Detections_API_TimestampOverride: description: Sets the time field used to query indices type: string - Security_Solution_Detections_API_TimestampOverrideFallbackDisabled: + Security_Detections_API_TimestampOverrideFallbackDisabled: description: Disables the fallback to the event's @timestamp field type: boolean - Security_Solution_Detections_API_UUID: + Security_Detections_API_UUID: description: A universally unique identifier format: uuid type: string - Security_Solution_Detections_API_WarningSchema: + Security_Detections_API_WarningSchema: type: object properties: actionPath: @@ -29752,16 +28590,14 @@ components: - type - message - actionPath - Security_Solution_Endpoint_Exceptions_API_EndpointList: + Security_Endpoint_Exceptions_API_EndpointList: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionList + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' - additionalProperties: false type: object - Security_Solution_Endpoint_Exceptions_API_EndpointListItem: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItem - Security_Solution_Endpoint_Exceptions_API_ExceptionList: + Security_Endpoint_Exceptions_API_EndpointListItem: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' + Security_Endpoint_Exceptions_API_ExceptionList: type: object properties: _version: @@ -29773,35 +28609,35 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId immutable: type: boolean list_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags tie_breaker_id: type: string type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType updated_at: format: date-time type: string @@ -29809,7 +28645,7 @@ components: type: string version: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion required: - id - list_id @@ -29824,23 +28660,21 @@ components: - created_by - updated_at - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription: + Security_Endpoint_Exceptions_API_ExceptionListDescription: type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + Security_Endpoint_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Endpoint_Exceptions_API_ExceptionListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItem: + Security_Endpoint_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray created_at: format: date-time type: string @@ -29848,42 +28682,42 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId item_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId list_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags tie_breaker_id: type: string type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType updated_at: format: date-time type: string @@ -29904,69 +28738,64 @@ components: - created_by - updated_at - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment: + Security_Endpoint_Exceptions_API_ExceptionListItemComment: type: object properties: comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: format: date-time type: string created_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: format: date-time type: string updated_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - id - comment - created_at - created_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription: + Security_Endpoint_Exceptions_API_ExceptionListItemDescription: type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry: + Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard discriminator: propertyName: type - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - exists @@ -29975,27 +28804,24 @@ components: - type - field - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryList: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' list: type: object properties: id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' required: - id - type operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - list @@ -30005,36 +28831,33 @@ components: - field - list - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match type: string value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match_any @@ -30042,7 +28865,7 @@ components: value: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString minItems: 1 type: array required: @@ -30050,39 +28873,36 @@ components: - field - value - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - wildcard type: string value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested: type: object properties: entries: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem minItems: 1 type: array field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' type: enum: - nested @@ -30091,66 +28911,62 @@ components: - type - field - entries - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded - included type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta: + Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: + Security_Endpoint_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags: + Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType: + Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: - simple type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta: + Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListName: + Security_Endpoint_Exceptions_API_ExceptionListName: type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType: + Security_Endpoint_Exceptions_API_ExceptionListOsType: enum: - linux - macos - windows type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListTags: + Security_Endpoint_Exceptions_API_ExceptionListTags: items: type: string type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListType: + Security_Endpoint_Exceptions_API_ExceptionListType: enum: - detection - rule_default @@ -30160,10 +28976,10 @@ components: - endpoint_host_isolation_exceptions - endpoint_blocklists type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion: + Security_Endpoint_Exceptions_API_ExceptionListVersion: minimum: 1 type: integer - Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType: + Security_Endpoint_Exceptions_API_ExceptionNamespaceType: description: > Determines whether the exception container is available in all Kibana spaces or just the space @@ -30178,13 +28994,11 @@ components: - agnostic - single type: string - Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListType: + Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListType: enum: - binary - boolean @@ -30210,12 +29024,12 @@ components: - short - text type: string - Security_Solution_Endpoint_Exceptions_API_NonEmptyString: + Security_Endpoint_Exceptions_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse: + Security_Endpoint_Exceptions_API_PlatformErrorResponse: type: object properties: error: @@ -30228,7 +29042,7 @@ components: - statusCode - error - message - Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse: + Security_Endpoint_Exceptions_API_SiemErrorResponse: type: object properties: message: @@ -30238,21 +29052,18 @@ components: required: - status_code - message - Security_Solution_Endpoint_Management_API_ActionLogRequestQuery: + Security_Endpoint_Management_API_ActionLogRequestQuery: type: object properties: end_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' page_size: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PageSize + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' start_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate - Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + Security_Endpoint_Management_API_ActionStateSuccessResponse: type: object properties: body: @@ -30267,7 +29078,7 @@ components: - data required: - body - Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse: + Security_Endpoint_Management_API_ActionStatusSuccessResponse: type: object properties: body: @@ -30278,10 +29089,10 @@ components: properties: agent_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId + #/components/schemas/Security_Endpoint_Management_API_AgentId pending_actions: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionsSchema + #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema required: - agent_id - pending_actions @@ -30289,10 +29100,10 @@ components: - data required: - body - Security_Solution_Endpoint_Management_API_AgentId: + Security_Endpoint_Management_API_AgentId: description: Agent ID type: string - Security_Solution_Endpoint_Management_API_AgentIds: + Security_Endpoint_Management_API_AgentIds: minLength: 1 oneOf: - items: @@ -30303,27 +29114,26 @@ components: type: array - minLength: 1 type: string - Security_Solution_Endpoint_Management_API_AgentTypes: + Security_Endpoint_Management_API_AgentTypes: enum: - endpoint - sentinel_one - crowdstrike type: string - Security_Solution_Endpoint_Management_API_AlertIds: + Security_Endpoint_Management_API_AlertIds: description: A list of alerts ids. items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' minItems: 1 type: array - Security_Solution_Endpoint_Management_API_CaseIds: + Security_Endpoint_Management_API_CaseIds: description: Case IDs to be updated (cannot contain empty strings) items: minLength: 1 type: string minItems: 1 type: array - Security_Solution_Endpoint_Management_API_Command: + Security_Endpoint_Management_API_Command: description: The command to be executed (cannot be an empty string) enum: - isolate @@ -30337,51 +29147,46 @@ components: - scan minLength: 1 type: string - Security_Solution_Endpoint_Management_API_Commands: + Security_Endpoint_Management_API_Commands: items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Command' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' type: array - Security_Solution_Endpoint_Management_API_Comment: + Security_Endpoint_Management_API_Comment: description: Optional comment type: string - Security_Solution_Endpoint_Management_API_EndDate: + Security_Endpoint_Management_API_EndDate: description: End date type: string - Security_Solution_Endpoint_Management_API_EndpointIds: + Security_Endpoint_Management_API_EndpointIds: description: List of endpoint IDs (cannot contain empty strings) items: minLength: 1 type: string minItems: 1 type: array - Security_Solution_Endpoint_Management_API_EntityId: + Security_Endpoint_Management_API_EntityId: type: object properties: entity_id: minLength: 1 type: string - Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody: + Security_Endpoint_Management_API_ExecuteRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -30391,31 +29196,27 @@ components: properties: command: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Command + #/components/schemas/Security_Endpoint_Management_API_Command timeout: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Timeout + #/components/schemas/Security_Endpoint_Management_API_Timeout required: - command required: - parameters - Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery: + Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: type: object properties: agentIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' agentTypes: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' commands: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Commands + $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' endDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' pageSize: default: 10 description: Number of items per page @@ -30423,38 +29224,30 @@ components: minimum: 1 type: integer startDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' types: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Types' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' userIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UserIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' withOutputs: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_WithOutputs - Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody: + $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + Security_Endpoint_Management_API_GetFileRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -30468,44 +29261,38 @@ components: - path required: - parameters - Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody: + Security_Endpoint_Management_API_GetProcessesRouteRequestBody: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody: + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_IsolateRouteRequestBody: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_KillProcessRouteRequestBody: + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object properties: parameters: oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Pid - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EntityId + #/components/schemas/Security_Endpoint_Management_API_EntityId - type: object properties: process_name: @@ -30514,7 +29301,7 @@ components: type: string required: - parameters - Security_Solution_Endpoint_Management_API_ListRequestQuery: + Security_Endpoint_Management_API_ListRequestQuery: type: object properties: hostStatuses: @@ -30561,121 +29348,111 @@ components: type: string required: - hostStatuses - Security_Solution_Endpoint_Management_API_NonEmptyString: + Security_Endpoint_Management_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Endpoint_Management_API_NoParametersRequestSchema: + Security_Endpoint_Management_API_NoParametersRequestSchema: type: object properties: body: type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids required: - body - Security_Solution_Endpoint_Management_API_Page: + Security_Endpoint_Management_API_Page: default: 1 description: Page number minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_PageSize: + Security_Endpoint_Management_API_PageSize: default: 10 description: Number of items per page maximum: 100 minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_Parameters: + Security_Endpoint_Management_API_Parameters: description: Optional parameters object type: object - Security_Solution_Endpoint_Management_API_PendingActionDataType: + Security_Endpoint_Management_API_PendingActionDataType: type: integer - Security_Solution_Endpoint_Management_API_PendingActionsSchema: + Security_Endpoint_Management_API_PendingActionsSchema: oneOf: - type: object properties: execute: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType get-file: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType isolate: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType kill-process: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType running-processes: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType scan: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType suspend-process: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType unisolate: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType upload: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - additionalProperties: true type: object - Security_Solution_Endpoint_Management_API_Pid: + Security_Endpoint_Management_API_Pid: type: object properties: pid: minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse: + Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: type: object properties: note: type: string - Security_Solution_Endpoint_Management_API_ScanRouteRequestBody: + Security_Endpoint_Management_API_ScanRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -30689,88 +29466,77 @@ components: - path required: - parameters - Security_Solution_Endpoint_Management_API_StartDate: + Security_Endpoint_Management_API_StartDate: description: Start date type: string - Security_Solution_Endpoint_Management_API_SuccessResponse: + Security_Endpoint_Management_API_SuccessResponse: type: object properties: {} - Security_Solution_Endpoint_Management_API_SuspendProcessRouteRequestBody: + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object properties: parameters: oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Pid - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EntityId + #/components/schemas/Security_Endpoint_Management_API_EntityId required: - parameters - Security_Solution_Endpoint_Management_API_Timeout: + Security_Endpoint_Management_API_Timeout: description: The maximum timeout value in milliseconds (optional) minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_Type: + Security_Endpoint_Management_API_Type: description: Type of response action enum: - automated - manual type: string - Security_Solution_Endpoint_Management_API_Types: + Security_Endpoint_Management_API_Types: description: List of types of response actions items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Type' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' maxLength: 2 minLength: 1 type: array - Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody: + Security_Endpoint_Management_API_UnisolateRouteRequestBody: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_UploadRouteRequestBody: + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -30787,7 +29553,7 @@ components: required: - parameters - file - Security_Solution_Endpoint_Management_API_UserIds: + Security_Endpoint_Management_API_UserIds: description: User IDs oneOf: - items: @@ -30797,7 +29563,7 @@ components: type: array - minLength: 1 type: string - Security_Solution_Endpoint_Management_API_WithOutputs: + Security_Endpoint_Management_API_WithOutputs: description: Shows detailed outputs for an action response oneOf: - items: @@ -30807,7 +29573,7 @@ components: type: array - minLength: 1 type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: + Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: type: object properties: index: @@ -30817,7 +29583,7 @@ components: required: - message - index - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats: + Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats: type: object properties: failed: @@ -30830,7 +29596,7 @@ components: - successful - failed - total - Security_Solution_Entity_Analytics_API_AssetCriticalityLevel: + Security_Entity_Analytics_API_AssetCriticalityLevel: description: The criticality level of the asset. enum: - low_impact @@ -30838,10 +29604,10 @@ components: - high_impact - extreme_impact type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityRecord: + Security_Entity_Analytics_API_AssetCriticalityRecord: allOf: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - type: object properties: '@timestamp': @@ -30851,11 +29617,11 @@ components: type: string required: - '@timestamp' - Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts: + Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: type: object properties: id_field: - $ref: '#/components/schemas/Security_Solution_Entity_Analytics_API_IdField' + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' description: The field representing the ID. example: host.name id_value: @@ -30864,49 +29630,44 @@ components: required: - id_value - id_field - Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord: + Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts - type: object properties: criticality_level: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityLevel + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel required: - criticality_level - Security_Solution_Entity_Analytics_API_EngineDescriptor: + Security_Entity_Analytics_API_EngineDescriptor: type: object properties: filter: type: string indexPattern: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IndexPattern + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' status: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineStatus + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' type: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType - Security_Solution_Entity_Analytics_API_EngineStatus: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + Security_Entity_Analytics_API_EngineStatus: enum: - installing - started - stopped type: string - Security_Solution_Entity_Analytics_API_Entity: + Security_Entity_Analytics_API_Entity: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_UserEntity - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_HostEntity - Security_Solution_Entity_Analytics_API_EntityType: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity' + Security_Entity_Analytics_API_EntityType: enum: - user - host type: string - Security_Solution_Entity_Analytics_API_HostEntity: + Security_Entity_Analytics_API_HostEntity: type: object properties: entity: @@ -30981,14 +29742,14 @@ components: type: array required: - name - Security_Solution_Entity_Analytics_API_IdField: + Security_Entity_Analytics_API_IdField: enum: - host.name - user.name type: string - Security_Solution_Entity_Analytics_API_IndexPattern: + Security_Entity_Analytics_API_IndexPattern: type: string - Security_Solution_Entity_Analytics_API_InspectQuery: + Security_Entity_Analytics_API_InspectQuery: type: object properties: dsl: @@ -31002,7 +29763,7 @@ components: required: - dsl - response - Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: + Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: type: object properties: full_error: @@ -31012,12 +29773,12 @@ components: required: - message - full_error - Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowResponse: + Security_Entity_Analytics_API_RiskEngineScheduleNowResponse: type: object properties: success: type: boolean - Security_Solution_Entity_Analytics_API_TaskManagerUnavailableResponse: + Security_Entity_Analytics_API_TaskManagerUnavailableResponse: description: Task manager is unavailable type: object properties: @@ -31029,7 +29790,7 @@ components: required: - status_code - message - Security_Solution_Entity_Analytics_API_UserEntity: + Security_Entity_Analytics_API_UserEntity: type: object properties: entity: @@ -31100,76 +29861,71 @@ components: type: array required: - name - Security_Solution_Exceptions_API_CreateExceptionListItemComment: + Security_Exceptions_API_CreateExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - comment - Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray: + Security_Exceptions_API_CreateExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemComment + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment: + Security_Exceptions_API_CreateRuleExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - comment - Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray: + Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps: + Security_Exceptions_API_CreateRuleExceptionListItemProps: type: object properties: comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' default: [] type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: - type - name - description - entries - Security_Solution_Exceptions_API_ExceptionList: + Security_Exceptions_API_ExceptionList: type: object properties: _version: @@ -31181,43 +29937,35 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' immutable: type: boolean list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: format: date-time type: string updated_by: type: string version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' required: - id - list_id @@ -31232,21 +29980,21 @@ components: - created_by - updated_at - updated_by - Security_Solution_Exceptions_API_ExceptionListDescription: + Security_Exceptions_API_ExceptionListDescription: type: string - Security_Solution_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItem: + Security_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItem: type: object properties: _version: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray created_at: format: date-time type: string @@ -31254,42 +30002,35 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: format: date-time type: string @@ -31310,64 +30051,62 @@ components: - created_by - updated_at - updated_by - Security_Solution_Exceptions_API_ExceptionListItemComment: + Security_Exceptions_API_ExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: format: date-time type: string created_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: format: date-time type: string updated_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - id - comment - created_at - created_by - Security_Solution_Exceptions_API_ExceptionListItemCommentArray: + Security_Exceptions_API_ExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array - Security_Solution_Exceptions_API_ExceptionListItemDescription: + Security_Exceptions_API_ExceptionListItemDescription: type: string - Security_Solution_Exceptions_API_ExceptionListItemEntry: + Security_Exceptions_API_ExceptionListItemEntry: anyOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryList + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNested + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard discriminator: propertyName: type - Security_Solution_Exceptions_API_ExceptionListItemEntryArray: + Security_Exceptions_API_ExceptionListItemEntryArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntry + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry' type: array - Security_Solution_Exceptions_API_ExceptionListItemEntryExists: + Security_Exceptions_API_ExceptionListItemEntryExists: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - exists @@ -31376,24 +30115,24 @@ components: - type - field - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryList: + Security_Exceptions_API_ExceptionListItemEntryList: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' list: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListId' + $ref: '#/components/schemas/Security_Exceptions_API_ListId' type: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListType' + $ref: '#/components/schemas/Security_Exceptions_API_ListType' required: - id - type operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - list @@ -31403,41 +30142,40 @@ components: - field - list - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatch: + Security_Exceptions_API_ExceptionListItemEntryMatch: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match type: string value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny: + Security_Exceptions_API_ExceptionListItemEntryMatchAny: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match_any type: string value: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' minItems: 1 type: array required: @@ -31445,36 +30183,36 @@ components: - field - value - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard: + Security_Exceptions_API_ExceptionListItemEntryMatchWildcard: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - wildcard type: string value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryNested: + Security_Exceptions_API_ExceptionListItemEntryNested: type: object properties: entries: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem minItems: 1 type: array field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' type: enum: - nested @@ -31483,58 +30221,56 @@ components: - type - field - entries - Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Exceptions_API_ExceptionListItemEntryOperator: + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + Security_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded - included type: string - Security_Solution_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemMeta: + Security_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object - Security_Solution_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray: + Security_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array - Security_Solution_Exceptions_API_ExceptionListItemTags: + Security_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' type: array - Security_Solution_Exceptions_API_ExceptionListItemType: + Security_Exceptions_API_ExceptionListItemType: enum: - simple type: string - Security_Solution_Exceptions_API_ExceptionListMeta: + Security_Exceptions_API_ExceptionListMeta: additionalProperties: true type: object - Security_Solution_Exceptions_API_ExceptionListName: + Security_Exceptions_API_ExceptionListName: type: string - Security_Solution_Exceptions_API_ExceptionListOsType: + Security_Exceptions_API_ExceptionListOsType: enum: - linux - macos - windows type: string - Security_Solution_Exceptions_API_ExceptionListOsTypeArray: + Security_Exceptions_API_ExceptionListOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array - Security_Solution_Exceptions_API_ExceptionListsImportBulkError: + Security_Exceptions_API_ExceptionListsImportBulkError: type: object properties: error: @@ -31548,26 +30284,24 @@ components: - status_code - message id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' required: - error - Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray: + Security_Exceptions_API_ExceptionListsImportBulkErrorArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkError + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError type: array - Security_Solution_Exceptions_API_ExceptionListTags: + Security_Exceptions_API_ExceptionListTags: items: type: string type: array - Security_Solution_Exceptions_API_ExceptionListType: + Security_Exceptions_API_ExceptionListType: enum: - detection - rule_default @@ -31577,10 +30311,10 @@ components: - endpoint_host_isolation_exceptions - endpoint_blocklists type: string - Security_Solution_Exceptions_API_ExceptionListVersion: + Security_Exceptions_API_ExceptionListVersion: minimum: 1 type: integer - Security_Solution_Exceptions_API_ExceptionNamespaceType: + Security_Exceptions_API_ExceptionNamespaceType: description: > Determines whether the exception container is available in all Kibana spaces or just the space @@ -31595,13 +30329,13 @@ components: - agnostic - single type: string - Security_Solution_Exceptions_API_FindExceptionListItemsFilter: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_FindExceptionListsFilter: + Security_Exceptions_API_FindExceptionListItemsFilter: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_FindExceptionListsFilter: type: string - Security_Solution_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ListType: + Security_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ListType: enum: - binary - boolean @@ -31627,12 +30361,12 @@ components: - short - text type: string - Security_Solution_Exceptions_API_NonEmptyString: + Security_Exceptions_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Exceptions_API_PlatformErrorResponse: + Security_Exceptions_API_PlatformErrorResponse: type: object properties: error: @@ -31645,9 +30379,9 @@ components: - statusCode - error - message - Security_Solution_Exceptions_API_RuleId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_UUID' - Security_Solution_Exceptions_API_SiemErrorResponse: + Security_Exceptions_API_RuleId: + $ref: '#/components/schemas/Security_Exceptions_API_UUID' + Security_Exceptions_API_SiemErrorResponse: type: object properties: message: @@ -31657,33 +30391,33 @@ components: required: - status_code - message - Security_Solution_Exceptions_API_UpdateExceptionListItemComment: + Security_Exceptions_API_UpdateExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - comment - Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray: + Security_Exceptions_API_UpdateExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemComment + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment type: array - Security_Solution_Exceptions_API_UUID: + Security_Exceptions_API_UUID: description: A universally unique identifier format: uuid type: string - Security_Solution_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListItemsFilter: + Security_Lists_API_FindListItemsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListItemsFilter: type: string - Security_Solution_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListsFilter: + Security_Lists_API_FindListsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListsFilter: type: string - Security_Solution_Lists_API_List: + Security_Lists_API_List: type: object properties: _version: @@ -31697,23 +30431,23 @@ components: created_by: type: string description: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListDescription' + $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' immutable: type: boolean meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListMetadata' + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: type: string tie_breaker_id: type: string type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: format: date-time type: string @@ -31734,11 +30468,11 @@ components: - created_by - updated_at - updated_by - Security_Solution_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItem: + Security_Lists_API_ListDescription: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItem: type: object properties: _version: @@ -31754,24 +30488,24 @@ components: deserializer: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemMetadata' + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' serializer: type: string tie_breaker_id: type: string type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: format: date-time type: string updated_by: type: string value: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemValue' + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - type @@ -31782,12 +30516,12 @@ components: - created_by - updated_at - updated_by - Security_Solution_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItemMetadata: + Security_Lists_API_ListItemId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItemMetadata: additionalProperties: true type: object - Security_Solution_Lists_API_ListItemPrivileges: + Security_Lists_API_ListItemPrivileges: type: object properties: application: @@ -31814,14 +30548,14 @@ components: - cluster - index - application - Security_Solution_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListMetadata: + Security_Lists_API_ListItemValue: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListMetadata: additionalProperties: true type: object - Security_Solution_Lists_API_ListName: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListPrivileges: + Security_Lists_API_ListName: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListPrivileges: type: object properties: application: @@ -31848,7 +30582,7 @@ components: - cluster - index - application - Security_Solution_Lists_API_ListType: + Security_Lists_API_ListType: enum: - binary - boolean @@ -31874,12 +30608,12 @@ components: - short - text type: string - Security_Solution_Lists_API_NonEmptyString: + Security_Lists_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Lists_API_PlatformErrorResponse: + Security_Lists_API_PlatformErrorResponse: type: object properties: error: @@ -31892,7 +30626,7 @@ components: - statusCode - error - message - Security_Solution_Lists_API_SiemErrorResponse: + Security_Lists_API_SiemErrorResponse: type: object properties: message: @@ -31902,33 +30636,28 @@ components: required: - status_code - message - Security_Solution_Osquery_API_ArrayQueries: + Security_Osquery_API_ArrayQueries: items: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueriesItem' + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueriesItem' type: array - Security_Solution_Osquery_API_ArrayQueriesItem: + Security_Osquery_API_ArrayQueriesItem: type: object properties: ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' + $ref: '#/components/schemas/Security_Osquery_API_Query' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_CreateLiveQueryRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_CreateLiveQueryRequestBody: type: object properties: agent_all: @@ -31954,8 +30683,7 @@ components: type: string type: array ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' event_ids: items: type: string @@ -31964,72 +30692,62 @@ components: nullable: true type: object pack_id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackIdOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PackIdOrUndefined' queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueries' + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueries' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined - Security_Solution_Osquery_API_CreatePacksRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' + Security_Osquery_API_CreatePacksRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' name: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackName' + $ref: '#/components/schemas/Security_Osquery_API_PackName' policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_CreateSavedQueryRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_CreateSavedQueryRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' interval: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' + $ref: '#/components/schemas/Security_Osquery_API_Interval' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_DefaultSuccessResponse: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_DefaultSuccessResponse: type: object properties: {} - Security_Solution_Osquery_API_Description: + Security_Osquery_API_Description: type: string - Security_Solution_Osquery_API_DescriptionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Description' + Security_Osquery_API_DescriptionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Description' nullable: true - Security_Solution_Osquery_API_ECSMapping: + Security_Osquery_API_ECSMapping: additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMappingItem' + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem' type: object - Security_Solution_Osquery_API_ECSMappingItem: + Security_Osquery_API_ECSMappingItem: type: object properties: field: @@ -32040,220 +30758,196 @@ components: - items: type: string type: array - Security_Solution_Osquery_API_ECSMappingOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMapping' + Security_Osquery_API_ECSMappingOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' nullable: true - Security_Solution_Osquery_API_Enabled: + Security_Osquery_API_Enabled: type: boolean - Security_Solution_Osquery_API_EnabledOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Enabled' + Security_Osquery_API_EnabledOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Enabled' nullable: true - Security_Solution_Osquery_API_FindLiveQueryRequestQuery: + Security_Osquery_API_FindLiveQueryRequestQuery: type: object properties: kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindPacksRequestQuery: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindPacksRequestQuery: type: object properties: page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindSavedQueryRequestQuery: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindSavedQueryRequestQuery: type: object properties: page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_GetLiveQueryResultsRequestQuery: type: object properties: kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_Id: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_Id: type: string - Security_Solution_Osquery_API_Interval: + Security_Osquery_API_Interval: type: string - Security_Solution_Osquery_API_IntervalOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' + Security_Osquery_API_IntervalOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Interval' nullable: true - Security_Solution_Osquery_API_KueryOrUndefined: + Security_Osquery_API_KueryOrUndefined: nullable: true type: string - Security_Solution_Osquery_API_ObjectQueries: + Security_Osquery_API_ObjectQueries: additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueriesItem' + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueriesItem' type: object - Security_Solution_Osquery_API_ObjectQueriesItem: + Security_Osquery_API_ObjectQueriesItem: type: object properties: ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' + $ref: '#/components/schemas/Security_Osquery_API_Query' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_PackId: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_PackId: type: string - Security_Solution_Osquery_API_PackIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + Security_Osquery_API_PackIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PackId' nullable: true - Security_Solution_Osquery_API_PackName: + Security_Osquery_API_PackName: type: string - Security_Solution_Osquery_API_PageOrUndefined: + Security_Osquery_API_PageOrUndefined: nullable: true type: integer - Security_Solution_Osquery_API_PageSizeOrUndefined: + Security_Osquery_API_PageSizeOrUndefined: nullable: true type: integer - Security_Solution_Osquery_API_Platform: + Security_Osquery_API_Platform: type: string - Security_Solution_Osquery_API_PlatformOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Platform' + Security_Osquery_API_PlatformOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Platform' nullable: true - Security_Solution_Osquery_API_PolicyIds: + Security_Osquery_API_PolicyIds: items: type: string type: array - Security_Solution_Osquery_API_PolicyIdsOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PolicyIds' + Security_Osquery_API_PolicyIdsOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIds' nullable: true - Security_Solution_Osquery_API_Query: + Security_Osquery_API_Query: type: string - Security_Solution_Osquery_API_QueryOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' + Security_Osquery_API_QueryOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Query' nullable: true - Security_Solution_Osquery_API_Removed: + Security_Osquery_API_Removed: type: boolean - Security_Solution_Osquery_API_RemovedOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Removed' + Security_Osquery_API_RemovedOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Removed' nullable: true - Security_Solution_Osquery_API_SavedQueryId: + Security_Osquery_API_SavedQueryId: type: string - Security_Solution_Osquery_API_SavedQueryIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + Security_Osquery_API_SavedQueryIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' nullable: true - Security_Solution_Osquery_API_Shards: + Security_Osquery_API_Shards: additionalProperties: type: number type: object - Security_Solution_Osquery_API_Snapshot: + Security_Osquery_API_Snapshot: type: boolean - Security_Solution_Osquery_API_SnapshotOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Snapshot' + Security_Osquery_API_SnapshotOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Snapshot' nullable: true - Security_Solution_Osquery_API_SortOrderOrUndefined: + Security_Osquery_API_SortOrderOrUndefined: oneOf: - nullable: true type: string - enum: - asc - desc - Security_Solution_Osquery_API_SortOrUndefined: + Security_Osquery_API_SortOrUndefined: nullable: true type: string - Security_Solution_Osquery_API_UpdatePacksRequestBody: + Security_Osquery_API_UpdatePacksRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_UpdateSavedQueryRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_UpdateSavedQueryRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' interval: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_IntervalOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_IntervalOrUndefined' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_Version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_Version: type: string - Security_Solution_Osquery_API_VersionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Version' + Security_Osquery_API_VersionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Version' nullable: true - Security_Solution_Timeline_API_BareNote: + Security_Timeline_API_BareNote: type: object properties: created: @@ -32279,7 +30973,7 @@ components: type: string required: - timelineId - Security_Solution_Timeline_API_ColumnHeaderResult: + Security_Timeline_API_ColumnHeaderResult: type: object properties: aggregatable: @@ -32308,7 +31002,7 @@ components: type: boolean type: type: string - Security_Solution_Timeline_API_DataProviderQueryMatch: + Security_Timeline_API_DataProviderQueryMatch: type: object properties: enabled: @@ -32327,14 +31021,13 @@ components: nullable: true type: string queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' - Security_Solution_Timeline_API_DataProviderResult: + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' + Security_Timeline_API_DataProviderResult: type: object properties: and: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderQueryMatch + $ref: '#/components/schemas/Security_Timeline_API_DataProviderQueryMatch' nullable: true type: array enabled: @@ -32353,12 +31046,12 @@ components: nullable: true type: string queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' nullable: true type: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DataProviderType' + $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' nullable: true - Security_Solution_Timeline_API_DataProviderType: + Security_Timeline_API_DataProviderType: description: >- The type of data provider to create. Valid values are `default` and `template`. @@ -32366,13 +31059,13 @@ components: - default - template type: string - Security_Solution_Timeline_API_DocumentIds: + Security_Timeline_API_DocumentIds: oneOf: - items: type: string type: array - type: string - Security_Solution_Timeline_API_FavoriteTimelineResponse: + Security_Timeline_API_FavoriteTimelineResponse: type: object properties: code: @@ -32380,8 +31073,7 @@ components: type: number favorite: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' type: array message: nullable: true @@ -32395,13 +31087,13 @@ components: nullable: true type: number timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' version: type: string required: - savedObjectId - version - Security_Solution_Timeline_API_FavoriteTimelineResult: + Security_Timeline_API_FavoriteTimelineResult: type: object properties: favoriteDate: @@ -32413,7 +31105,7 @@ components: userName: nullable: true type: string - Security_Solution_Timeline_API_FilterTimelineResult: + Security_Timeline_API_FilterTimelineResult: type: object properties: exists: @@ -32453,7 +31145,7 @@ components: type: string script: type: string - Security_Solution_Timeline_API_ImportTimelineResult: + Security_Timeline_API_ImportTimelineResult: type: object properties: errors: @@ -32478,19 +31170,19 @@ components: type: number timelines_updated: type: number - Security_Solution_Timeline_API_ImportTimelines: + Security_Timeline_API_ImportTimelines: allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - type: object properties: eventNotes: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + $ref: '#/components/schemas/Security_Timeline_API_BareNote' nullable: true type: array globalNotes: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + $ref: '#/components/schemas/Security_Timeline_API_BareNote' nullable: true type: array pinnedEventIds: @@ -32504,16 +31196,16 @@ components: version: nullable: true type: string - Security_Solution_Timeline_API_Note: + Security_Timeline_API_Note: allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - type: object properties: noteId: type: string version: type: string - Security_Solution_Timeline_API_PinnedEvent: + Security_Timeline_API_PinnedEvent: type: object properties: created: @@ -32541,7 +31233,7 @@ components: - pinnedEventId - timelineId - version - Security_Solution_Timeline_API_QueryMatchResult: + Security_Timeline_API_QueryMatchResult: type: object properties: displayField: @@ -32559,7 +31251,7 @@ components: value: nullable: true type: string - Security_Solution_Timeline_API_Readable: + Security_Timeline_API_Readable: type: object properties: _data: @@ -32585,7 +31277,7 @@ components: type: object readable: type: boolean - Security_Solution_Timeline_API_RowRendererId: + Security_Timeline_API_RowRendererId: enum: - alert - alerts @@ -32606,13 +31298,12 @@ components: - threat_match - zeek type: string - Security_Solution_Timeline_API_SavedTimeline: + Security_Timeline_API_SavedTimeline: type: object properties: columns: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ColumnHeaderResult + $ref: '#/components/schemas/Security_Timeline_API_ColumnHeaderResult' nullable: true type: array created: @@ -32623,8 +31314,7 @@ components: type: string dataProviders: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderResult + $ref: '#/components/schemas/Security_Timeline_API_DataProviderResult' nullable: true type: array dataViewId: @@ -32672,19 +31362,17 @@ components: type: string excludedRowRendererIds: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_RowRendererId' + $ref: '#/components/schemas/Security_Timeline_API_RowRendererId' nullable: true type: array favorite: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' nullable: true type: array filters: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FilterTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult' nullable: true type: array indexNames: @@ -32697,7 +31385,7 @@ components: type: string kqlQuery: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SerializedFilterQueryResult + #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult nullable: true savedQueryId: nullable: true @@ -32706,7 +31394,7 @@ components: nullable: true type: string sort: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Sort' + $ref: '#/components/schemas/Security_Timeline_API_Sort' nullable: true status: enum: @@ -32722,7 +31410,7 @@ components: nullable: true type: number timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true title: nullable: true @@ -32733,7 +31421,7 @@ components: updatedBy: nullable: true type: string - Security_Solution_Timeline_API_SerializedFilterQueryResult: + Security_Timeline_API_SerializedFilterQueryResult: type: object properties: filterQuery: @@ -32753,13 +31441,13 @@ components: serializedQuery: nullable: true type: string - Security_Solution_Timeline_API_Sort: + Security_Timeline_API_Sort: oneOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' + - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' + $ref: '#/components/schemas/Security_Timeline_API_SortObject' type: array - Security_Solution_Timeline_API_SortFieldTimeline: + Security_Timeline_API_SortFieldTimeline: description: The field to sort the timelines by. enum: - title @@ -32767,7 +31455,7 @@ components: - updated - created type: string - Security_Solution_Timeline_API_SortObject: + Security_Timeline_API_SortObject: type: object properties: columnId: @@ -32779,14 +31467,14 @@ components: sortDirection: nullable: true type: string - Security_Solution_Timeline_API_TimelineResponse: + Security_Timeline_API_TimelineResponse: allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - type: object properties: eventIdToNoteIds: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' + $ref: '#/components/schemas/Security_Timeline_API_Note' type: array noteIds: items: @@ -32794,7 +31482,7 @@ components: type: array notes: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' + $ref: '#/components/schemas/Security_Timeline_API_Note' type: array pinnedEventIds: items: @@ -32802,8 +31490,7 @@ components: type: array pinnedEventsSaveObject: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' type: array savedObjectId: type: string @@ -32812,7 +31499,7 @@ components: required: - savedObjectId - version - Security_Solution_Timeline_API_TimelineStatus: + Security_Timeline_API_TimelineStatus: description: >- The status of the timeline. Valid values are `active`, `draft`, and `immutable`. @@ -32821,7 +31508,7 @@ components: - draft - immutable type: string - Security_Solution_Timeline_API_TimelineType: + Security_Timeline_API_TimelineType: description: >- The type of timeline to create. Valid values are `default` and `template`. @@ -34105,29 +32792,29 @@ tags: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. - name: Security Solution Detections API + name: Security Detections API - description: >- Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Endpoint Exceptions API + name: Security Endpoint Exceptions API - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Solution Endpoint Management API + name: Security Endpoint Management API - description: '' - name: Security Solution Entity Analytics API + name: Security Entity Analytics API - description: >- Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Exceptions API + name: Security Exceptions API - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - name: Security Solution Lists API + name: Security Lists API - description: 'Run live queries, manage packs and saved queries.' - name: Security Solution Osquery API + name: Security Osquery API - description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. - name: Security Solution Timeline API + name: Security Timeline API - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - name: system diff --git a/oas_docs/output/kibana.staging.yaml b/oas_docs/output/kibana.staging.yaml index a532e1e038e98..c2a90b2f55890 100644 --- a/oas_docs/output/kibana.staging.yaml +++ b/oas_docs/output/kibana.staging.yaml @@ -6595,8 +6595,7 @@ paths: name: id_field required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - description: If 'wait_for' the request will wait for the index refresh. in: query name: refresh @@ -6619,7 +6618,7 @@ paths: type: boolean record: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord description: The deleted record if it existed. required: - deleted @@ -6628,7 +6627,7 @@ paths: description: Invalid request summary: Delete Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: description: Get the criticality record for a specific asset. operationId: GetAssetCriticalityRecord @@ -6645,15 +6644,14 @@ paths: name: id_field required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IdField + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord description: Successful response '400': description: Invalid request @@ -6661,7 +6659,7 @@ paths: description: Criticality record not found summary: Get Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API post: description: Create or update a criticality record for a specific asset. operationId: CreateAssetCriticalityRecord @@ -6671,7 +6669,7 @@ paths: schema: allOf: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - type: object properties: refresh: @@ -6688,13 +6686,13 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord description: Successful response '400': description: Invalid request summary: Upsert Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/bulk: post: description: >- @@ -6718,7 +6716,7 @@ paths: records: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord maxItems: 1000 minItems: 1 type: array @@ -6742,11 +6740,11 @@ paths: errors: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem type: array stats: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats required: - errors - stats @@ -6755,7 +6753,7 @@ paths: description: File too large summary: Bulk Upsert Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/list: get: description: 'List asset criticality records, paging, sorting and filtering as needed.' @@ -6819,7 +6817,7 @@ paths: records: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord type: array total: minimum: 0 @@ -6832,7 +6830,7 @@ paths: description: Bulk upload successful summary: List Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/cases: delete: description: > @@ -8719,14 +8717,13 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not enough permissions response '404': content: @@ -8738,12 +8735,11 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Delete an alerts index tags: - - Security Solution Detections API + - Security Detections API - Alert index API get: operationId: ReadAlertsIndex @@ -8768,32 +8764,29 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not enough permissions response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Reads the alert index name if it exists tags: - - Security Solution Detections API + - Security Detections API - Alert index API post: operationId: CreateAlertsIndex @@ -8814,32 +8807,29 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not enough permissions response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Create an alerts index tags: - - Security Solution Detections API + - Security Detections API - Alert index API /api/detection_engine/privileges: get: @@ -8873,18 +8863,17 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Returns user privileges for the Kibana space tags: - - Security Solution Detections API + - Security Detections API - Privileges API /api/detection_engine/rules: delete: @@ -8896,25 +8885,23 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - description: The rule's `rule_id` value. in: query name: rule_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Delete a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API get: description: Retrieve a detection rule using the `rule_id` or `id` field. @@ -8925,25 +8912,23 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' - description: The rule's `rule_id` value. in: query name: rule_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Retrieve a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API patch: description: >- @@ -8954,20 +8939,18 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePatchProps + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Patch a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API post: description: Create a new detection rule. @@ -8976,20 +8959,18 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleCreateProps + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Create a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API put: description: > @@ -9004,20 +8985,18 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleUpdateProps + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. summary: Update a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_bulk_action: post: @@ -9038,20 +9017,16 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDeleteRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDisableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEnableRules - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportRules + #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkDuplicateRules + #/components/schemas/Security_Detections_API_BulkDuplicateRules - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkManualRuleRun - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditRules + #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': content: @@ -9059,13 +9034,13 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResponse + #/components/schemas/Security_Detections_API_BulkEditActionResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkExportActionResponse + #/components/schemas/Security_Detections_API_BulkExportActionResponse description: OK summary: Apply a bulk action to detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_bulk_create: post: @@ -9077,8 +9052,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleCreateProps + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' type: array description: 'A JSON array of rules, where each rule contains the required fields.' required: true @@ -9088,11 +9062,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse description: Indicates a successful call. summary: Create multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_bulk_delete: delete: @@ -9107,11 +9081,10 @@ paths: type: object properties: id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' rule_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + #/components/schemas/Security_Detections_API_RuleSignatureId type: array description: >- A JSON array of `id` or `rule_id` fields of the rules you want to @@ -9123,7 +9096,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse description: Indicates a successful call. '400': content: @@ -9131,27 +9104,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Delete multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API post: deprecated: true @@ -9165,11 +9137,10 @@ paths: type: object properties: id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' rule_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + #/components/schemas/Security_Detections_API_RuleSignatureId type: array description: >- A JSON array of `id` or `rule_id` fields of the rules you want to @@ -9181,7 +9152,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse description: Indicates a successful call. '400': content: @@ -9189,27 +9160,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Delete multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_bulk_update: patch: @@ -9223,8 +9193,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePatchProps + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' type: array description: 'A JSON array of rules, where each rule contains the required fields.' required: true @@ -9234,11 +9203,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse description: Indicates a successful call. summary: Patch multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API put: deprecated: true @@ -9255,8 +9224,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleUpdateProps + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' type: array description: >- A JSON array where each element includes the `id` or `rule_id` field @@ -9268,11 +9236,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkCrudRulesResponse + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse description: Indicates a successful call. summary: Update multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_export: post: @@ -9319,7 +9287,7 @@ paths: properties: rule_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + #/components/schemas/Security_Detections_API_RuleSignatureId required: - rule_id type: array @@ -9337,7 +9305,7 @@ paths: description: Indicates a successful call. summary: Export detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API /api/detection_engine/rules/_find: get: @@ -9364,14 +9332,13 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_FindRulesSortField + $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' - description: Sort order in: query name: sort_order required: false schema: - $ref: '#/components/schemas/Security_Solution_Detections_API_SortOrder' + $ref: '#/components/schemas/Security_Detections_API_SortOrder' - description: Page number in: query name: page @@ -9398,7 +9365,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleResponse + #/components/schemas/Security_Detections_API_RuleResponse type: array page: type: integer @@ -9414,7 +9381,7 @@ paths: description: Successful response summary: List all detection rules tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_import: post: @@ -9482,8 +9449,7 @@ paths: properties: action_connectors_errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array action_connectors_success: type: boolean @@ -9493,17 +9459,15 @@ paths: action_connectors_warnings: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_WarningSchema + #/components/schemas/Security_Detections_API_WarningSchema type: array errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array exceptions_errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ErrorSchema + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array exceptions_success: type: boolean @@ -9533,7 +9497,7 @@ paths: description: Indicates a successful call. summary: Import detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API '/api/detection_engine/rules/{id}/exceptions': post: @@ -9544,7 +9508,7 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_RuleId' + $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -9554,7 +9518,7 @@ paths: items: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps type: array required: - items @@ -9567,7 +9531,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + #/components/schemas/Security_Exceptions_API_ExceptionListItem type: array description: Successful response '400': @@ -9576,34 +9540,33 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates rule exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/detection_engine/rules/prepackaged: put: description: Install and update all Elastic prebuilt detection rules and Timelines. @@ -9640,7 +9603,7 @@ paths: description: Indicates a successful call summary: Install prebuilt detection rules and Timelines tags: - - Security Solution Detections API + - Security Detections API - Prebuilt Rules API /api/detection_engine/rules/prepackaged/_status: get: @@ -9699,7 +9662,7 @@ paths: description: Indicates a successful call summary: Retrieve the status of prebuilt detection rules and Timelines tags: - - Security Solution Detections API + - Security Detections API - Prebuilt Rules API /api/detection_engine/rules/preview: post: @@ -9720,44 +9683,44 @@ paths: anyOf: - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps + #/components/schemas/Security_Detections_API_EqlRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps + #/components/schemas/Security_Detections_API_QueryRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps + #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams - allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps + #/components/schemas/Security_Detections_API_EsqlRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewParams + #/components/schemas/Security_Detections_API_RulePreviewParams discriminator: propertyName: type description: >- @@ -9776,11 +9739,11 @@ paths: logs: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewLogs + #/components/schemas/Security_Detections_API_RulePreviewLogs type: array previewId: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + #/components/schemas/Security_Detections_API_NonEmptyString required: - logs description: Successful response @@ -9790,27 +9753,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Preview rule alerts generated on specified time range tags: - - Security Solution Detections API + - Security Detections API - Rule preview API /api/detection_engine/signals/assignees: post: @@ -9826,12 +9788,10 @@ paths: type: object properties: assignees: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertAssignees + $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' description: Details about the assignees to assign and unassign. ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds + $ref: '#/components/schemas/Security_Detections_API_AlertIds' description: List of alerts ids to assign and unassign passed assignees. required: - assignees @@ -9844,7 +9804,7 @@ paths: description: Invalid request. summary: Assign and unassign users from detection alerts tags: - - Security Solution Detections API + - Security Detections API /api/detection_engine/signals/finalize_migration: post: description: > @@ -9878,7 +9838,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_MigrationFinalizationResult + #/components/schemas/Security_Detections_API_MigrationFinalizationResult type: array description: Successful response '400': @@ -9887,27 +9847,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Finalize detection alert migrations tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API /api/detection_engine/signals/migration: delete: @@ -9951,7 +9910,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_MigrationCleanupResult + #/components/schemas/Security_Detections_API_MigrationCleanupResult type: array description: Successful response '400': @@ -9960,27 +9919,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Clean up detection alert migrations tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API post: description: > @@ -10001,13 +9959,13 @@ paths: index: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + #/components/schemas/Security_Detections_API_NonEmptyString minItems: 1 type: array required: - index - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsReindexOptions + #/components/schemas/Security_Detections_API_AlertsReindexOptions description: Alerts migration parameters required: true responses: @@ -10021,11 +9979,11 @@ paths: items: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexMigrationSuccess + #/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexMigrationError + #/components/schemas/Security_Detections_API_AlertsIndexMigrationError - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SkippedAlertsIndexMigration + #/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration type: array required: - indices @@ -10036,27 +9994,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Initiate a detection alert migration tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API /api/detection_engine/signals/migration_status: post: @@ -10088,7 +10045,7 @@ paths: indices: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexMigrationStatus + #/components/schemas/Security_Detections_API_IndexMigrationStatus type: array required: - indices @@ -10099,27 +10056,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Retrieve the status of detection alert migrations tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API /api/detection_engine/signals/search: post: @@ -10156,8 +10112,7 @@ paths: minimum: 0 type: integer sort: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSort + $ref: '#/components/schemas/Security_Detections_API_AlertsSort' track_total_hits: type: boolean description: Search and/or aggregation query @@ -10177,27 +10132,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Find and/or aggregate detection alerts tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/status: post: @@ -10209,9 +10163,9 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByIds + #/components/schemas/Security_Detections_API_SetAlertsStatusByIds - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertsStatusByQuery + #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery description: >- An object containing desired status and explicit alert ids or a query to select alerts @@ -10231,27 +10185,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Set a detection alert status tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/tags: post: @@ -10267,11 +10220,9 @@ paths: type: object properties: ids: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertIds + $ref: '#/components/schemas/Security_Detections_API_AlertIds' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SetAlertTags + $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' required: - ids - tags @@ -10294,27 +10245,26 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + #/components/schemas/Security_Detections_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Detections_API_PlatformErrorResponse + #/components/schemas/Security_Detections_API_PlatformErrorResponse description: Unsuccessful authentication response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response summary: Add and remove detection alert tags tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/tags: get: @@ -10325,12 +10275,11 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' description: Indicates a successful call summary: List all detection rule tags tags: - - Security Solution Detections API + - Security Detections API - Tags API /api/encrypted_saved_objects/_rotate_key: post: @@ -10435,7 +10384,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointList + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList description: Successful response '400': content: @@ -10443,34 +10392,34 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Creates an endpoint list tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items: delete: operationId: DeleteEndpointListItem @@ -10481,21 +10430,21 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -10503,41 +10452,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Deletes an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API get: operationId: ReadEndpointListItem parameters: @@ -10547,14 +10496,14 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: @@ -10562,7 +10511,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem type: array description: Successful response '400': @@ -10571,41 +10520,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Reads an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API post: operationId: CreateEndpointListItem requestBody: @@ -10616,34 +10565,34 @@ paths: properties: comments: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray item_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags default: [] type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - type - name @@ -10657,7 +10606,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -10665,41 +10614,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item already exists '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Creates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API put: operationId: UpdateEndpointListItem requestBody: @@ -10712,38 +10661,38 @@ paths: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId description: Either `id` or `item_id` must be specified item_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId description: Either `id` or `item_id` must be specified meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - type - name @@ -10757,7 +10706,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem description: Successful response '400': content: @@ -10765,41 +10714,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list item not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Updates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items/_find: get: operationId: FindEndpointListItems @@ -10814,7 +10763,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter + #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter - description: The page number to return in: query name: page @@ -10835,7 +10784,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -10855,7 +10804,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_EndpointListItem + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem type: array page: minimum: 0 @@ -10880,41 +10829,41 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Invalid input data '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse description: Insufficient privileges '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Endpoint list not found '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse description: Internal server error summary: Finds endpoint list items tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint/action: get: description: Get a list of all response actions. @@ -10925,18 +10874,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery + #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get response actions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action_log/{agent_id}': get: deprecated: true @@ -10947,25 +10896,24 @@ paths: name: agent_id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - in: query name: query required: true schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionLogRequestQuery + #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get an action request log tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -10978,19 +10926,18 @@ paths: type: object properties: agent_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse + #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse description: OK summary: Get response actions status tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}': get: description: Get the details of a response action using the action ID. @@ -11007,11 +10954,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get action details tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}': get: description: Get information for the specified file using the file ID. @@ -11033,11 +10980,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get file information tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}/download': get: description: Download a file from an endpoint. @@ -11059,11 +11006,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Download a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/execute: post: description: Run a shell command on an endpoint. @@ -11073,7 +11020,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody required: true responses: '200': @@ -11081,11 +11028,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Run a command tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/get_file: post: description: Get a file from an endpoint. @@ -11095,7 +11042,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody required: true responses: '200': @@ -11103,11 +11050,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/isolate: post: description: >- @@ -11119,7 +11066,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody required: true responses: '200': @@ -11127,11 +11074,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Isolate an endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/kill_process: post: description: Terminate a running process on an endpoint. @@ -11141,7 +11088,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_KillProcessRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody required: true responses: '200': @@ -11149,11 +11096,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Terminate a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/running_procs: post: description: Get a list of all processes running on an endpoint. @@ -11163,7 +11110,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody required: true responses: '200': @@ -11171,11 +11118,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get running processes tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/scan: post: description: Scan a specific file or directory on an endpoint for malware. @@ -11185,7 +11132,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ScanRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody required: true responses: '200': @@ -11193,11 +11140,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Scan a file or directory tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/state: get: description: >- @@ -11210,11 +11157,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse + #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse description: OK summary: Get actions state tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/suspend_process: post: description: Suspend a running process on an endpoint. @@ -11224,7 +11171,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuspendProcessRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody required: true responses: '200': @@ -11232,11 +11179,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Suspend a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/unisolate: post: description: 'Release an isolated endpoint, allowing it to rejoin a network.' @@ -11246,7 +11193,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody required: true responses: '200': @@ -11254,11 +11201,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Release an isolated endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/upload: post: description: Upload a file to an endpoint. @@ -11268,7 +11215,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UploadRouteRequestBody + #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody required: true responses: '200': @@ -11276,11 +11223,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Upload a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/isolate: post: deprecated: true @@ -11300,22 +11247,22 @@ paths: properties: agent_type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + #/components/schemas/Security_Endpoint_Management_API_AgentTypes alert_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + #/components/schemas/Security_Endpoint_Management_API_AlertIds case_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + #/components/schemas/Security_Endpoint_Management_API_CaseIds comment: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + #/components/schemas/Security_Endpoint_Management_API_Comment endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + #/components/schemas/Security_Endpoint_Management_API_Parameters required: - endpoint_ids required: true @@ -11325,7 +11272,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK '308': description: Permanent Redirect @@ -11337,7 +11284,7 @@ paths: type: string summary: Isolate an endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -11347,18 +11294,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ListRequestQuery + #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get a metadata list tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/metadata/{id}': get: operationId: GetEndpointMetadata @@ -11374,11 +11321,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get metadata tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata/transforms: get: operationId: GetEndpointMetadataTransform @@ -11388,11 +11335,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get metadata transforms tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -11404,19 +11351,18 @@ paths: type: object properties: agentId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get a policy response tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy/summaries: get: deprecated: true @@ -11439,11 +11385,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get an agent policy summary tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/protection_updates_note/{package_policy_id}': get: operationId: GetProtectionUpdatesNote @@ -11459,11 +11405,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK summary: Get a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API post: operationId: CreateUpdateProtectionUpdatesNote parameters: @@ -11487,11 +11433,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK summary: Create or update a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/suggestions/{suggestion_type}': post: operationId: GetEndpointSuggestions @@ -11524,11 +11470,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK summary: Get suggestions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/unisolate: post: deprecated: true @@ -11548,22 +11494,22 @@ paths: properties: agent_type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + #/components/schemas/Security_Endpoint_Management_API_AgentTypes alert_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + #/components/schemas/Security_Endpoint_Management_API_AlertIds case_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + #/components/schemas/Security_Endpoint_Management_API_CaseIds comment: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + #/components/schemas/Security_Endpoint_Management_API_Comment endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + #/components/schemas/Security_Endpoint_Management_API_Parameters required: - endpoint_ids required: true @@ -11573,7 +11519,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_SuccessResponse + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK '308': description: Permanent Redirect @@ -11585,7 +11531,7 @@ paths: type: string summary: Release an isolated endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/entity_store/engines: get: operationId: ListEntityEngines @@ -11601,12 +11547,12 @@ paths: engines: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineDescriptor + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor type: array description: Successful response summary: List the Entity Engines tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}': delete: operationId: DeleteEntityEngine @@ -11616,8 +11562,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' - description: Control flag to also delete the entity data. in: query name: data @@ -11636,7 +11581,7 @@ paths: description: Successful response summary: Delete the Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: operationId: GetEntityEngine parameters: @@ -11645,19 +11590,18 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineDescriptor + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor description: Successful response summary: Get an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/init': post: operationId: InitEntityEngine @@ -11667,8 +11611,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: @@ -11679,7 +11622,7 @@ paths: type: string indexPattern: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IndexPattern + #/components/schemas/Security_Entity_Analytics_API_IndexPattern description: Schema for the engine initialization required: true responses: @@ -11688,11 +11631,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineDescriptor + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor description: Successful response summary: Initialize an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/start': post: operationId: StartEntityEngine @@ -11702,8 +11645,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -11716,7 +11658,7 @@ paths: description: Successful response summary: Start an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stats': post: operationId: GetEntityEngineStats @@ -11726,8 +11668,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -11737,25 +11678,25 @@ paths: properties: indexPattern: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IndexPattern + #/components/schemas/Security_Entity_Analytics_API_IndexPattern indices: items: type: object type: array status: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineStatus + #/components/schemas/Security_Entity_Analytics_API_EngineStatus transforms: items: type: object type: array type: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + #/components/schemas/Security_Entity_Analytics_API_EntityType description: Successful response summary: Get Entity Engine stats tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stop': post: operationId: StopEntityEngine @@ -11765,8 +11706,7 @@ paths: name: entityType required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -11779,7 +11719,7 @@ paths: description: Successful response summary: Stop an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/entity_store/entities/list: get: description: 'List entities records, paging, sorting and filtering as needed.' @@ -11822,8 +11762,7 @@ paths: required: true schema: items: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' type: array responses: '200': @@ -11834,7 +11773,7 @@ paths: properties: inspect: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_InspectQuery + #/components/schemas/Security_Entity_Analytics_API_InspectQuery page: minimum: 1 type: integer @@ -11845,7 +11784,7 @@ paths: records: items: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_Entity + #/components/schemas/Security_Entity_Analytics_API_Entity type: array total: minimum: 0 @@ -11858,7 +11797,7 @@ paths: description: Entities returned successfully summary: List Entity Store Entities tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/exception_lists: delete: operationId: DeleteExceptionList @@ -11868,29 +11807,26 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified in: query name: list_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -11898,41 +11834,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Deletes an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionList parameters: @@ -11941,29 +11875,26 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Either `id` or `list_id` must be specified in: query name: list_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -11971,41 +11902,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Retrieves an exception list using its `id` or `list_id` field tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionList requestBody: @@ -12016,33 +11945,33 @@ paths: properties: description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Exceptions_API_ExceptionListTags default: [] type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType + #/components/schemas/Security_Exceptions_API_ExceptionListType version: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Exceptions_API_ExceptionListVersion default: 1 required: - name @@ -12055,8 +11984,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -12064,41 +11992,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionList requestBody: @@ -12111,36 +12037,35 @@ paths: type: string description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Exceptions_API_ExceptionListTags type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType + #/components/schemas/Security_Exceptions_API_ExceptionListType version: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Exceptions_API_ExceptionListVersion required: - name - description @@ -12152,8 +12077,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -12161,41 +12085,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Updates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_duplicate: post: operationId: DuplicateExceptionList @@ -12205,14 +12127,13 @@ paths: name: list_id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: true schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - description: >- Determines whether to include expired exceptions in the exported list @@ -12230,8 +12151,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -12239,41 +12159,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '405': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list to duplicate not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Duplicates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_export: post: description: Exports an exception list and its associated items to an .ndjson file @@ -12284,21 +12202,19 @@ paths: name: id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human identifier in: query name: list_id required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: true schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType - description: >- Determines whether to include expired exceptions in the exported list @@ -12328,41 +12244,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Exports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_find: get: operationId: FindExceptionLists @@ -12385,7 +12299,7 @@ paths: required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListsFilter + #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter - description: > Determines whether the returned containers are Kibana associated with a Kibana space @@ -12399,7 +12313,7 @@ paths: - single items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType type: array - description: The page number to return in: query @@ -12440,7 +12354,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + #/components/schemas/Security_Exceptions_API_ExceptionList type: array page: minimum: 1 @@ -12463,34 +12377,33 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Finds exception lists tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_import: post: description: Imports an exception list and associated items @@ -12554,7 +12467,7 @@ paths: properties: errors: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray success: type: boolean success_count: @@ -12585,34 +12498,33 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Imports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items: delete: operationId: DeleteExceptionListItem @@ -12622,29 +12534,27 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -12652,41 +12562,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Deletes an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionListItem parameters: @@ -12695,29 +12603,27 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -12725,41 +12631,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Gets an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionListItem requestBody: @@ -12770,44 +12674,44 @@ paths: properties: comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags default: [] type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - list_id - type @@ -12821,8 +12725,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -12830,41 +12733,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionListItem requestBody: @@ -12877,48 +12778,48 @@ paths: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Exceptions_API_ExceptionListItemId description: Either `id` or `item_id` must be specified item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId description: Either `id` or `item_id` must be specified list_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags type: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - type - name @@ -12931,8 +12832,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: @@ -12940,41 +12840,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Updates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items/_find: get: operationId: FindExceptionListItems @@ -12986,7 +12884,7 @@ paths: schema: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId type: array - description: > Filters the returned results according to the value of the specified @@ -13000,7 +12898,7 @@ paths: default: [] items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_FindExceptionListItemsFilter + #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter type: array - description: > Determines whether the returned containers are Kibana associated @@ -13015,7 +12913,7 @@ paths: - single items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType type: array - in: query name: search @@ -13041,8 +12939,7 @@ paths: name: sort_field required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -13062,7 +12959,7 @@ paths: data: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItem + #/components/schemas/Security_Exceptions_API_ExceptionListItem type: array page: minimum: 1 @@ -13087,41 +12984,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Finds exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/summary: get: operationId: ReadExceptionListSummary @@ -13131,21 +13026,19 @@ paths: name: id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - description: Exception list's human readable identifier in: query name: list_id required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query name: namespace_type required: false schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType default: single - description: Search filter clause in: query @@ -13179,41 +13072,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Retrieves an exception list summary tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exceptions/shared: post: operationId: CreateSharedExceptionList @@ -13225,10 +13116,10 @@ paths: properties: description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription name: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + #/components/schemas/Security_Exceptions_API_ExceptionListName required: - name - description @@ -13238,8 +13129,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionList + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: @@ -13247,41 +13137,39 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + #/components/schemas/Security_Exceptions_API_SiemErrorResponse description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_PlatformErrorResponse + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response summary: Creates a shared exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/fleet/agent_download_sources: get: operationId: get-download-sources @@ -16988,7 +16876,7 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - in: query name: deleteReferences required: false @@ -17006,7 +16894,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -17014,41 +16902,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Deletes a list tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadList parameters: @@ -17057,13 +16940,13 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -17071,41 +16954,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Retrieves a list using its id field tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchList requestBody: @@ -17117,15 +16995,13 @@ paths: _version: type: string description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription + $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' version: minimum: 1 type: integer @@ -17138,7 +17014,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -17146,41 +17022,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Patches a list tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateList requestBody: @@ -17190,21 +17061,19 @@ paths: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription + $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: type: string type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' version: default: 1 minimum: 1 @@ -17220,7 +17089,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -17228,41 +17097,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Creates a list tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateList requestBody: @@ -17274,15 +17138,13 @@ paths: _version: type: string description: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListDescription + $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListMetadata + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' version: minimum: 1 type: integer @@ -17297,7 +17159,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -17305,41 +17167,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Updates a list tags: - - Security Solution Lists API + - Security Lists API /api/lists/_find: get: operationId: FindLists @@ -17361,7 +17218,7 @@ paths: name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -17384,7 +17241,7 @@ paths: name: cursor required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsCursor' + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' - description: > Filters the returned results according to the value of the specified field, @@ -17394,7 +17251,7 @@ paths: name: filter required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_FindListsFilter' + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' responses: '200': content: @@ -17403,11 +17260,10 @@ paths: type: object properties: cursor: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListsCursor + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' data: items: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' type: array page: minimum: 0 @@ -17431,34 +17287,30 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Finds lists tags: - - Security Solution Lists API + - Security Lists API /api/lists/index: delete: operationId: DeleteListIndex @@ -17480,41 +17332,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Deletes list data streams tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListIndex responses: @@ -17538,41 +17385,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream(s) not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Get list data stream existence status tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListIndex responses: @@ -17593,41 +17435,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Creates necessary list data streams tags: - - Security Solution Lists API + - Security Lists API /api/lists/items: delete: operationId: DeleteListItem @@ -17637,13 +17474,13 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: list_id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: value @@ -17669,10 +17506,9 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + - $ref: '#/components/schemas/Security_Lists_API_ListItem' - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array description: Successful response '400': @@ -17681,41 +17517,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Deletes a list item tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListItem parameters: @@ -17724,13 +17555,13 @@ paths: name: id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: list_id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: Required if `id` is not specified in: query name: value @@ -17743,10 +17574,9 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: oneOf: - - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + - $ref: '#/components/schemas/Security_Lists_API_ListItem' - items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array description: Successful response '400': @@ -17755,41 +17585,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Gets a list item tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchListItem requestBody: @@ -17801,10 +17626,9 @@ paths: _version: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: description: >- Determines when changes made by the request are made visible @@ -17815,8 +17639,7 @@ paths: - wait_for type: string value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id description: List item's properties @@ -17826,7 +17649,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: @@ -17834,41 +17657,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Patches a list item tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListItem requestBody: @@ -17878,12 +17696,11 @@ paths: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: description: >- Determines when changes made by the request are made visible @@ -17894,8 +17711,7 @@ paths: - wait_for type: string value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - list_id - value @@ -17906,7 +17722,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: @@ -17914,41 +17730,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item already exists response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Creates a list item tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateListItem requestBody: @@ -17960,13 +17771,11 @@ paths: _version: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemMetadata + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' value: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemValue + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - value @@ -17977,7 +17786,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItem' + $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: @@ -17985,41 +17794,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Updates a list item tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_export: post: description: Exports list item values from the specified list @@ -18030,7 +17834,7 @@ paths: name: list_id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' responses: '200': content: @@ -18046,41 +17850,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Exports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_find: get: operationId: FindListItems @@ -18090,7 +17889,7 @@ paths: name: list_id required: true schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: The page number to return in: query name: page @@ -18108,7 +17907,7 @@ paths: name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - description: 'Determines the sort order, which can be `desc` or `asc`' in: query name: sort_order @@ -18131,8 +17930,7 @@ paths: name: cursor required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' - description: > Filters the returned results according to the value of the specified field, @@ -18142,8 +17940,7 @@ paths: name: filter required: false schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsFilter + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' responses: '200': content: @@ -18153,11 +17950,10 @@ paths: properties: cursor: $ref: >- - #/components/schemas/Security_Solution_Lists_API_FindListItemsCursor + #/components/schemas/Security_Lists_API_FindListItemsCursor data: items: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItem + $ref: '#/components/schemas/Security_Lists_API_ListItem' type: array page: minimum: 0 @@ -18181,34 +17977,30 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Finds list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_import: post: description: > @@ -18227,7 +18019,7 @@ paths: name: list_id required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' - description: > Type of the importing list. @@ -18238,7 +18030,7 @@ paths: name: type required: false schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' - in: query name: serializer required: false @@ -18279,7 +18071,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Solution_Lists_API_List' + $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: @@ -18287,41 +18079,36 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List with specified list_id does not exist response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Imports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/privileges: get: operationId: ReadListPrivileges @@ -18335,11 +18122,9 @@ paths: is_authenticated: type: boolean listItems: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListItemPrivileges + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' lists: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_ListPrivileges + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' required: - lists - listItems @@ -18351,34 +18136,30 @@ paths: schema: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse - - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Invalid input data response '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_PlatformErrorResponse + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Lists_API_SiemErrorResponse + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response summary: Gets list privileges tags: - - Security Solution Lists API + - Security Lists API /api/ml/saved_objects/sync: get: description: > @@ -18447,7 +18228,7 @@ paths: description: Indicates the note was successfully deleted. summary: Deletes a note from a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: description: Gets notes @@ -18457,7 +18238,7 @@ paths: name: documentIds required: true schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DocumentIds' + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' - in: query name: page schema: @@ -18493,7 +18274,7 @@ paths: description: Indicates the requested notes were returned. summary: Get all notes for a given document. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: operationId: PersistNoteRoute @@ -18513,7 +18294,7 @@ paths: nullable: true type: string note: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + $ref: '#/components/schemas/Security_Timeline_API_BareNote' noteId: nullable: true type: string @@ -18545,8 +18326,7 @@ paths: message: type: string note: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Note + $ref: '#/components/schemas/Security_Timeline_API_Note' required: - code - message @@ -18558,7 +18338,7 @@ paths: description: Indicates the note was successfully created. summary: Persists a note to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/osquery/live_queries: get: @@ -18570,18 +18350,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindLiveQueryRequestQuery + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get live queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a live query. operationId: OsqueryCreateLiveQuery @@ -18590,7 +18370,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateLiveQueryRequestBody + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody required: true responses: '200': @@ -18598,11 +18378,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Create a live query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}': get: description: Get the details of a live query using the query ID. @@ -18612,7 +18392,7 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: query name: query schema: @@ -18624,11 +18404,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get live query details tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}/results/{actionId}': get: description: Get the results of a live query using the query action ID. @@ -18638,29 +18418,29 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: path name: actionId required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' - in: query name: query required: true schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get live query results tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/packs: get: description: Get a list of all query packs. @@ -18670,19 +18450,18 @@ paths: name: query required: true schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindPacksRequestQuery + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get packs tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create a query pack. operationId: OsqueryCreatePacks @@ -18690,8 +18469,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreatePacksRequestBody + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' required: true responses: '200': @@ -18699,11 +18477,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Create a pack tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/packs/{id}': delete: description: Delete a query pack using the pack ID. @@ -18713,18 +18491,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Delete a pack tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a query pack using the pack ID. operationId: OsqueryGetPacksDetails @@ -18733,18 +18511,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get pack details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a query pack using the pack ID. @@ -18756,13 +18534,12 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdatePacksRequestBody + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' required: true responses: '200': @@ -18770,11 +18547,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Update a pack tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/saved_queries: get: description: Get a list of all saved queries. @@ -18785,18 +18562,18 @@ paths: required: true schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_FindSavedQueryRequestQuery + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get saved queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a saved query. operationId: OsqueryCreateSavedQuery @@ -18805,7 +18582,7 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_CreateSavedQueryRequestBody + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody required: true responses: '200': @@ -18813,11 +18590,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Create a saved query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/saved_queries/{id}': delete: description: Delete a saved query using the query ID. @@ -18827,18 +18604,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Delete a saved query tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a saved query using the query ID. operationId: OsqueryGetSavedQueryDetails @@ -18847,18 +18624,18 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Get saved query details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a saved query using the query ID. @@ -18870,13 +18647,13 @@ paths: name: id required: true schema: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_UpdateSavedQueryRequestBody + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody required: true responses: '200': @@ -18884,11 +18661,11 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DefaultSuccessResponse + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse description: OK summary: Update a saved query tags: - - Security Solution Osquery API + - Security Osquery API /api/pinned_event: patch: operationId: PersistPinnedEventRoute @@ -18923,7 +18700,7 @@ paths: persistPinnedEventOnTimeline: allOf: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent + #/components/schemas/Security_Timeline_API_PinnedEvent - type: object properties: code: @@ -18937,7 +18714,7 @@ paths: description: Indicate the event was successfully pinned in the timeline. summary: Persists a pinned event to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/risk_score/engine/schedule_now: post: @@ -18951,25 +18728,25 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowResponse + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_TaskManagerUnavailableResponse + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse description: Task manager is unavailable default: content: application/json; Elastic-Api-Version=2023-10-31: schema: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse description: Unexpected error summary: Schedule the risk engine to run as soon as possible tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/saved_objects/_bulk_create: post: deprecated: true @@ -20506,7 +20283,7 @@ paths: description: Indicates the timeline was successfully deleted. summary: Deletes one or more timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: operationId: GetTimeline @@ -20533,7 +20310,7 @@ paths: properties: getOneTimeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse nullable: true required: - getOneTimeline @@ -20544,7 +20321,7 @@ paths: Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: description: >- @@ -20559,8 +20336,7 @@ paths: type: object properties: timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' timelineId: nullable: true type: string @@ -20588,7 +20364,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - timeline required: @@ -20614,7 +20390,7 @@ paths: a draft timeline. summary: Updates an existing timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: operationId: CreateTimelines @@ -20625,8 +20401,7 @@ paths: type: object properties: status: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineStatus + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' nullable: true templateTimelineId: nullable: true @@ -20635,14 +20410,12 @@ paths: nullable: true type: number timeline: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' timelineId: nullable: true type: string timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true version: nullable: true @@ -20668,7 +20441,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - persistTimeline required: @@ -20687,7 +20460,7 @@ paths: description: Indicates that there was an error in the timeline creation. summary: Creates a new timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_draft: get: @@ -20697,7 +20470,7 @@ paths: name: timelineType required: true schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' responses: '200': content: @@ -20713,7 +20486,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - timeline required: @@ -20753,7 +20526,7 @@ paths: Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: description: > @@ -20767,8 +20540,7 @@ paths: type: object properties: timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' required: - timelineType description: >- @@ -20790,7 +20562,7 @@ paths: properties: timeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse required: - timeline required: @@ -20829,7 +20601,7 @@ paths: timelineId. summary: Retrieves a draft timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_export: post: @@ -20875,7 +20647,7 @@ paths: description: Indicates that the export size limit was exceeded summary: Exports timelines as an NDJSON file tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_favorite: patch: @@ -20896,8 +20668,7 @@ paths: nullable: true type: string timelineType: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineType + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true required: - timelineId @@ -20918,7 +20689,7 @@ paths: properties: persistFavorite: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResponse + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse required: - persistFavorite required: @@ -20939,7 +20710,7 @@ paths: the favorite status. summary: Persists a given users favorite status of a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_import: post: @@ -20952,8 +20723,7 @@ paths: properties: file: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_Readable + - $ref: '#/components/schemas/Security_Timeline_API_Readable' - type: object properties: hapi: @@ -20984,7 +20754,7 @@ paths: properties: data: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult + #/components/schemas/Security_Timeline_API_ImportTimelineResult required: - data description: Indicates the import of timelines was successful. @@ -21031,7 +20801,7 @@ paths: description: Indicates the import of timelines was unsuccessful. summary: Imports timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_prepackaged: post: @@ -21044,19 +20814,16 @@ paths: properties: prepackagedTimelines: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SavedTimeline + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' type: array timelinesToInstall: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' nullable: true type: array timelinesToUpdate: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelines + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' nullable: true type: array required: @@ -21074,7 +20841,7 @@ paths: properties: data: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ImportTimelineResult + #/components/schemas/Security_Timeline_API_ImportTimelineResult required: - data description: Indicates the installation of prepackaged timelines was successful. @@ -21093,7 +20860,7 @@ paths: unsuccessful. summary: Installs prepackaged timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/resolve: get: @@ -21121,7 +20888,7 @@ paths: properties: getOneTimeline: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse nullable: true required: - getOneTimeline @@ -21134,7 +20901,7 @@ paths: description: The (template) timeline was not found summary: Get an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timelines: get: @@ -21154,13 +20921,12 @@ paths: - in: query name: timeline_type schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true - in: query name: sort_field schema: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SortFieldTimeline + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' - in: query name: sort_order schema: @@ -21186,7 +20952,7 @@ paths: - in: query name: status schema: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineStatus' + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' nullable: true responses: '200': @@ -21211,7 +20977,7 @@ paths: timelines: items: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_TimelineResponse + #/components/schemas/Security_Timeline_API_TimelineResponse type: array totalCount: type: number @@ -21241,7 +21007,7 @@ paths: This API is used to retrieve a list of existing saved timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' '/s/{spaceId}/api/observability/slos': get: @@ -30924,35 +30690,33 @@ components: name: description: User name type: string - Security_Solution_Detections_API_AlertAssignees: + Security_Detections_API_AlertAssignees: type: object properties: add: description: A list of users ids to assign. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array remove: description: A list of users ids to unassign. items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array required: - add - remove - Security_Solution_Detections_API_AlertIds: + Security_Detections_API_AlertIds: description: A list of alerts ids. items: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array - Security_Solution_Detections_API_AlertsIndex: + Security_Detections_API_AlertsIndex: deprecated: true description: (deprecated) Has no effect. type: string - Security_Solution_Detections_API_AlertsIndexMigrationError: + Security_Detections_API_AlertsIndexMigrationError: type: object properties: error: @@ -30970,7 +30734,7 @@ components: required: - index - error - Security_Solution_Detections_API_AlertsIndexMigrationSuccess: + Security_Detections_API_AlertsIndexMigrationSuccess: type: object properties: index: @@ -30983,10 +30747,10 @@ components: - index - migration_id - migration_index - Security_Solution_Detections_API_AlertsIndexNamespace: + Security_Detections_API_AlertsIndexNamespace: description: Has no effect. type: string - Security_Solution_Detections_API_AlertsReindexOptions: + Security_Detections_API_AlertsReindexOptions: type: object properties: requests_per_second: @@ -30998,41 +30762,39 @@ components: slices: minimum: 1 type: integer - Security_Solution_Detections_API_AlertsSort: + Security_Detections_API_AlertsSort: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' - items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsSortCombinations + #/components/schemas/Security_Detections_API_AlertsSortCombinations type: array - Security_Solution_Detections_API_AlertsSortCombinations: + Security_Detections_API_AlertsSortCombinations: anyOf: - type: string - additionalProperties: true type: object - Security_Solution_Detections_API_AlertStatus: + Security_Detections_API_AlertStatus: enum: - open - closed - acknowledged - in-progress type: string - Security_Solution_Detections_API_AlertSuppression: + Security_Detections_API_AlertSuppression: type: object properties: duration: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration + #/components/schemas/Security_Detections_API_AlertSuppressionDuration group_by: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionGroupBy + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' missing_fields_strategy: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy + #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy required: - group_by - Security_Solution_Detections_API_AlertSuppressionDuration: + Security_Detections_API_AlertSuppressionDuration: type: object properties: unit: @@ -31047,13 +30809,13 @@ components: required: - value - unit - Security_Solution_Detections_API_AlertSuppressionGroupBy: + Security_Detections_API_AlertSuppressionGroupBy: items: type: string maxItems: 3 minItems: 1 type: array - Security_Solution_Detections_API_AlertSuppressionMissingFieldsStrategy: + Security_Detections_API_AlertSuppressionMissingFieldsStrategy: description: >- Describes how alerts will be generated for documents with missing suppress by fields: @@ -31065,13 +30827,13 @@ components: - doNotSuppress - suppress type: string - Security_Solution_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_AlertTags: + Security_Detections_API_AlertTag: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_AlertTags: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTag' + $ref: '#/components/schemas/Security_Detections_API_AlertTag' type: array - Security_Solution_Detections_API_AlertVersion: + Security_Detections_API_AlertVersion: type: object properties: count: @@ -31081,32 +30843,32 @@ components: required: - version - count - Security_Solution_Detections_API_AnomalyThreshold: + Security_Detections_API_AnomalyThreshold: description: Anomaly threshold minimum: 0 type: integer - Security_Solution_Detections_API_BuildingBlockType: + Security_Detections_API_BuildingBlockType: description: >- Determines if the rule acts as a building block. By default, building-block alerts are not displayed in the UI. These rules are used as a foundation for other rules that do generate alerts. Its value must be default. type: string - Security_Solution_Detections_API_BulkActionEditPayload: + Security_Detections_API_BulkActionEditPayload: anyOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTags + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns + #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields + #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadTimeline + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadRuleActions + #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayloadSchedule - Security_Solution_Detections_API_BulkActionEditPayloadIndexPatterns: + #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule + Security_Detections_API_BulkActionEditPayloadIndexPatterns: type: object properties: overwrite_data_views: @@ -31118,12 +30880,11 @@ components: - set_index_patterns type: string value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadInvestigationFields: + Security_Detections_API_BulkActionEditPayloadInvestigationFields: type: object properties: type: @@ -31133,12 +30894,11 @@ components: - set_investigation_fields type: string value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadRuleActions: + Security_Detections_API_BulkActionEditPayloadRuleActions: type: object properties: type: @@ -31152,17 +30912,17 @@ components: actions: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleAction + #/components/schemas/Security_Detections_API_NormalizedRuleAction type: array throttle: $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThrottleForBulkActions + #/components/schemas/Security_Detections_API_ThrottleForBulkActions required: - actions required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadSchedule: + Security_Detections_API_BulkActionEditPayloadSchedule: type: object properties: type: @@ -31190,7 +30950,7 @@ components: required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadTags: + Security_Detections_API_BulkActionEditPayloadTags: type: object properties: type: @@ -31200,11 +30960,11 @@ components: - set_tags type: string value: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleTagArray' + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' required: - type - value - Security_Solution_Detections_API_BulkActionEditPayloadTimeline: + Security_Detections_API_BulkActionEditPayloadTimeline: type: object properties: type: @@ -31215,18 +30975,17 @@ components: type: object properties: timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle required: - timeline_id - timeline_title required: - type - value - Security_Solution_Detections_API_BulkActionsDryRunErrCode: + Security_Detections_API_BulkActionsDryRunErrCode: enum: - IMMUTABLE - MACHINE_LEARNING_AUTH @@ -31235,7 +30994,7 @@ components: - MANUAL_RULE_RUN_FEATURE - MANUAL_RULE_RUN_DISABLED_RULE type: string - Security_Solution_Detections_API_BulkActionSkipResult: + Security_Detections_API_BulkActionSkipResult: type: object properties: id: @@ -31243,18 +31002,17 @@ components: name: type: string skip_reason: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditSkipReason + $ref: '#/components/schemas/Security_Detections_API_BulkEditSkipReason' required: - id - skip_reason - Security_Solution_Detections_API_BulkCrudRulesResponse: + Security_Detections_API_BulkCrudRulesResponse: items: oneOf: - - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' - - $ref: '#/components/schemas/Security_Solution_Detections_API_ErrorSchema' + - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' type: array - Security_Solution_Detections_API_BulkDeleteRules: + Security_Detections_API_BulkDeleteRules: type: object properties: action: @@ -31272,7 +31030,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkDisableRules: + Security_Detections_API_BulkDisableRules: type: object properties: action: @@ -31290,7 +31048,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkDuplicateRules: + Security_Detections_API_BulkDuplicateRules: type: object properties: action: @@ -31320,7 +31078,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkEditActionResponse: + Security_Detections_API_BulkEditActionResponse: type: object properties: attributes: @@ -31329,14 +31087,14 @@ components: errors: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_NormalizedRuleError + #/components/schemas/Security_Detections_API_NormalizedRuleError type: array results: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionResults + #/components/schemas/Security_Detections_API_BulkEditActionResults summary: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkEditActionSummary + #/components/schemas/Security_Detections_API_BulkEditActionSummary required: - results - summary @@ -31350,32 +31108,31 @@ components: type: boolean required: - attributes - Security_Solution_Detections_API_BulkEditActionResults: + Security_Detections_API_BulkEditActionResults: type: object properties: created: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array deleted: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array skipped: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionSkipResult + $ref: '#/components/schemas/Security_Detections_API_BulkActionSkipResult' type: array updated: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleResponse' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array required: - updated - created - deleted - skipped - Security_Solution_Detections_API_BulkEditActionSummary: + Security_Detections_API_BulkEditActionSummary: type: object properties: failed: @@ -31391,7 +31148,7 @@ components: - skipped - succeeded - total - Security_Solution_Detections_API_BulkEditRules: + Security_Detections_API_BulkEditRules: type: object properties: action: @@ -31401,8 +31158,7 @@ components: edit: description: Array of objects containing the edit operations items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionEditPayload + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload' minItems: 1 type: array ids: @@ -31417,11 +31173,11 @@ components: required: - action - edit - Security_Solution_Detections_API_BulkEditSkipReason: + Security_Detections_API_BulkEditSkipReason: enum: - RULE_NOT_MODIFIED type: string - Security_Solution_Detections_API_BulkEnableRules: + Security_Detections_API_BulkEnableRules: type: object properties: action: @@ -31439,9 +31195,9 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkExportActionResponse: + Security_Detections_API_BulkExportActionResponse: type: string - Security_Solution_Detections_API_BulkExportRules: + Security_Detections_API_BulkExportRules: type: object properties: action: @@ -31459,7 +31215,7 @@ components: type: string required: - action - Security_Solution_Detections_API_BulkManualRuleRun: + Security_Detections_API_BulkManualRuleRun: type: object properties: action: @@ -31489,12 +31245,12 @@ components: required: - action - run - Security_Solution_Detections_API_ConcurrentSearches: + Security_Detections_API_ConcurrentSearches: minimum: 1 type: integer - Security_Solution_Detections_API_DataViewId: + Security_Detections_API_DataViewId: type: string - Security_Solution_Detections_API_DefaultParams: + Security_Detections_API_DefaultParams: type: object properties: command: @@ -31505,7 +31261,7 @@ components: type: string required: - command - Security_Solution_Detections_API_EcsMapping: + Security_Detections_API_EcsMapping: additionalProperties: type: object properties: @@ -31518,7 +31274,7 @@ components: type: string type: array type: object - Security_Solution_Detections_API_EndpointResponseAction: + Security_Detections_API_EndpointResponseAction: type: object properties: action_type_id: @@ -31527,53 +31283,44 @@ components: type: string params: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_DefaultParams - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ProcessesParams + - $ref: '#/components/schemas/Security_Detections_API_DefaultParams' + - $ref: '#/components/schemas/Security_Detections_API_ProcessesParams' required: - action_type_id - params - Security_Solution_Detections_API_EqlOptionalFields: + Security_Detections_API_EqlOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' event_category_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EventCategoryOverride + $ref: '#/components/schemas/Security_Detections_API_EventCategoryOverride' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array tiebreaker_field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TiebreakerField + $ref: '#/components/schemas/Security_Detections_API_TiebreakerField' timestamp_field: - $ref: '#/components/schemas/Security_Solution_Detections_API_TimestampField' - Security_Solution_Detections_API_EqlQueryLanguage: + $ref: '#/components/schemas/Security_Detections_API_TimestampField' + Security_Detections_API_EqlQueryLanguage: enum: - eql type: string - Security_Solution_Detections_API_EqlRequiredFields: + Security_Detections_API_EqlRequiredFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' description: Query language to use query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: EQL query to execute type: description: Rule type @@ -31584,125 +31331,101 @@ components: - type - query - language - Security_Solution_Detections_API_EqlRule: + Security_Detections_API_EqlRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -31726,428 +31449,341 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleResponseFields - Security_Solution_Detections_API_EqlRuleCreateFields: + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' + Security_Detections_API_EqlRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleCreateProps: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_EqlRulePatchFields: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_EqlRulePatchFields: allOf: - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' description: Query language to use query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: EQL query to execute type: description: Rule type enum: - eql type: string - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRulePatchProps: + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchFields - Security_Solution_Detections_API_EqlRuleResponseFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' + Security_Detections_API_EqlRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlOptionalFields - Security_Solution_Detections_API_EqlRuleUpdateProps: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateFields - Security_Solution_Detections_API_ErrorSchema: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_ErrorSchema: additionalProperties: false type: object properties: @@ -32171,133 +31807,108 @@ components: minLength: 1 type: string rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' required: - error - Security_Solution_Detections_API_EsqlQueryLanguage: + Security_Detections_API_EsqlQueryLanguage: enum: - esql type: string - Security_Solution_Detections_API_EsqlRule: + Security_Detections_API_EsqlRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -32321,301 +31932,241 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleResponseFields - Security_Solution_Detections_API_EsqlRuleCreateFields: + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' + Security_Detections_API_EsqlRuleCreateFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleCreateProps: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EsqlRuleOptionalFields: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EsqlRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - Security_Solution_Detections_API_EsqlRulePatchProps: + Security_Detections_API_EsqlRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: ESQL query to execute references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' type: description: Rule type enum: - esql type: string version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - Security_Solution_Detections_API_EsqlRuleRequiredFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + Security_Detections_API_EsqlRuleRequiredFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' description: ESQL query to execute type: description: Rule type @@ -32626,147 +32177,118 @@ components: - type - language - query - Security_Solution_Detections_API_EsqlRuleResponseFields: + Security_Detections_API_EsqlRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleRequiredFields - Security_Solution_Detections_API_EsqlRuleUpdateProps: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateFields - Security_Solution_Detections_API_EventCategoryOverride: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EventCategoryOverride: type: string - Security_Solution_Detections_API_ExceptionListType: + Security_Detections_API_ExceptionListType: description: The exception type enum: - detection @@ -32777,7 +32299,7 @@ components: - endpoint_host_isolation_exceptions - endpoint_blocklists type: string - Security_Solution_Detections_API_ExternalRuleSource: + Security_Detections_API_ExternalRuleSource: description: >- Type of rule source for externally sourced rules, i.e. rules that have an external source, such as the Elastic Prebuilt rules repo. @@ -32785,7 +32307,7 @@ components: properties: is_customized: $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsExternalRuleCustomized + #/components/schemas/Security_Detections_API_IsExternalRuleCustomized type: enum: - external @@ -32793,7 +32315,7 @@ components: required: - type - is_customized - Security_Solution_Detections_API_FindRulesSortField: + Security_Detections_API_FindRulesSortField: enum: - created_at - createdAt @@ -32810,23 +32332,22 @@ components: - updated_at - updatedAt type: string - Security_Solution_Detections_API_HistoryWindowStart: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' - Security_Solution_Detections_API_IndexMigrationStatus: + Security_Detections_API_HistoryWindowStart: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_IndexMigrationStatus: type: object properties: index: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' is_outdated: type: boolean migrations: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MigrationStatus + $ref: '#/components/schemas/Security_Detections_API_MigrationStatus' type: array signal_versions: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertVersion' + $ref: '#/components/schemas/Security_Detections_API_AlertVersion' type: array version: type: integer @@ -32836,11 +32357,11 @@ components: - signal_versions - migrations - is_outdated - Security_Solution_Detections_API_IndexPatternArray: + Security_Detections_API_IndexPatternArray: items: type: string type: array - Security_Solution_Detections_API_InternalRuleSource: + Security_Detections_API_InternalRuleSource: description: >- Type of rule source for internally sourced rules, i.e. created within the Kibana apps. @@ -32852,7 +32373,7 @@ components: type: string required: - type - Security_Solution_Detections_API_InvestigationFields: + Security_Detections_API_InvestigationFields: description: > Schema for fields relating to investigation fields. These are user defined fields we use to highlight @@ -32885,39 +32406,38 @@ components: properties: field_names: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array required: - field_names - Security_Solution_Detections_API_InvestigationGuide: + Security_Detections_API_InvestigationGuide: description: Notes to help investigate alerts produced by the rule. type: string - Security_Solution_Detections_API_IsExternalRuleCustomized: + Security_Detections_API_IsExternalRuleCustomized: description: >- Determines whether an external/prebuilt rule has been customized by the user (i.e. any of its fields have been modified and diverged from the base value). type: boolean - Security_Solution_Detections_API_IsRuleEnabled: + Security_Detections_API_IsRuleEnabled: description: Determines whether the rule is enabled. type: boolean - Security_Solution_Detections_API_IsRuleImmutable: + Security_Detections_API_IsRuleImmutable: deprecated: true description: >- This field determines whether the rule is a prebuilt Elastic rule. It will be replaced with the `rule_source` field. type: boolean - Security_Solution_Detections_API_ItemsPerSearch: + Security_Detections_API_ItemsPerSearch: minimum: 1 type: integer - Security_Solution_Detections_API_KqlQueryLanguage: + Security_Detections_API_KqlQueryLanguage: enum: - kuery - lucene type: string - Security_Solution_Detections_API_MachineLearningJobId: + Security_Detections_API_MachineLearningJobId: description: Machine learning job ID oneOf: - type: string @@ -32925,125 +32445,101 @@ components: type: string minItems: 1 type: array - Security_Solution_Detections_API_MachineLearningRule: + Security_Detections_API_MachineLearningRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -33067,303 +32563,248 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleResponseFields - Security_Solution_Detections_API_MachineLearningRuleCreateFields: + #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields + Security_Detections_API_MachineLearningRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleCreateProps: + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MachineLearningRuleOptionalFields: + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MachineLearningRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression - Security_Solution_Detections_API_MachineLearningRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + Security_Detections_API_MachineLearningRulePatchFields: allOf: - type: object properties: anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' machine_learning_job_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId + #/components/schemas/Security_Detections_API_MachineLearningJobId type: description: Rule type enum: - machine_learning type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRulePatchProps: + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchFields - Security_Solution_Detections_API_MachineLearningRuleRequiredFields: + #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields + Security_Detections_API_MachineLearningRuleRequiredFields: type: object properties: anomaly_threshold: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AnomalyThreshold + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' machine_learning_job_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningJobId + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' type: description: Rule type enum: @@ -33373,148 +32814,122 @@ components: - type - machine_learning_job_id - anomaly_threshold - Security_Solution_Detections_API_MachineLearningRuleResponseFields: + Security_Detections_API_MachineLearningRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleRequiredFields + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleOptionalFields - Security_Solution_Detections_API_MachineLearningRuleUpdateProps: + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateFields - Security_Solution_Detections_API_MaxSignals: + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MaxSignals: minimum: 1 type: integer - Security_Solution_Detections_API_MigrationCleanupResult: + Security_Detections_API_MigrationCleanupResult: type: object properties: destinationIndex: @@ -33551,7 +32966,7 @@ components: - sourceIndex - version - updated - Security_Solution_Detections_API_MigrationFinalizationResult: + Security_Detections_API_MigrationFinalizationResult: type: object properties: completed: @@ -33591,11 +33006,11 @@ components: - sourceIndex - version - updated - Security_Solution_Detections_API_MigrationStatus: + Security_Detections_API_MigrationStatus: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' status: enum: - success @@ -33612,131 +33027,107 @@ components: - status - version - updated - Security_Solution_Detections_API_NewTermsFields: + Security_Detections_API_NewTermsFields: items: type: string maxItems: 3 minItems: 1 type: array - Security_Solution_Detections_API_NewTermsRule: + Security_Detections_API_NewTermsRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -33760,329 +33151,269 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleResponseFields - Security_Solution_Detections_API_NewTermsRuleCreateFields: + #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields + Security_Detections_API_NewTermsRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRuleCreateProps: + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NewTermsRuleDefaultableFields: + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NewTermsRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_NewTermsRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_NewTermsRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - Security_Solution_Detections_API_NewTermsRulePatchFields: + Security_Detections_API_NewTermsRulePatchFields: allOf: - type: object properties: history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' new_terms_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsFields + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' type: description: Rule type enum: - new_terms type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleDefaultableFields - Security_Solution_Detections_API_NewTermsRulePatchProps: + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchFields - Security_Solution_Detections_API_NewTermsRuleRequiredFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' + Security_Detections_API_NewTermsRuleRequiredFields: type: object properties: history_window_start: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_HistoryWindowStart + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' new_terms_fields: - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsFields' + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' type: description: Rule type enum: @@ -34093,189 +33424,157 @@ components: - query - new_terms_fields - history_window_start - Security_Solution_Detections_API_NewTermsRuleResponseFields: + Security_Detections_API_NewTermsRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleRequiredFields + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleOptionalFields + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_NewTermsRuleUpdateProps: + Security_Detections_API_NewTermsRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateFields - Security_Solution_Detections_API_NonEmptyString: + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Detections_API_NormalizedRuleAction: + Security_Detections_API_NormalizedRuleAction: additionalProperties: false type: object properties: alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' required: - id - params - Security_Solution_Detections_API_NormalizedRuleError: + Security_Detections_API_NormalizedRuleError: type: object properties: err_code: $ref: >- - #/components/schemas/Security_Solution_Detections_API_BulkActionsDryRunErrCode + #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode message: type: string rules: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDetailsInError + $ref: '#/components/schemas/Security_Detections_API_RuleDetailsInError' type: array status_code: type: integer @@ -34283,16 +33582,16 @@ components: - message - status_code - rules - Security_Solution_Detections_API_OsqueryParams: + Security_Detections_API_OsqueryParams: type: object properties: ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' pack_id: type: string queries: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryQuery' + $ref: '#/components/schemas/Security_Detections_API_OsqueryQuery' type: array query: type: string @@ -34300,11 +33599,11 @@ components: type: string timeout: type: number - Security_Solution_Detections_API_OsqueryQuery: + Security_Detections_API_OsqueryQuery: type: object properties: ecs_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_EcsMapping' + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' id: description: Query ID type: string @@ -34323,7 +33622,7 @@ components: required: - id - query - Security_Solution_Detections_API_OsqueryResponseAction: + Security_Detections_API_OsqueryResponseAction: type: object properties: action_type_id: @@ -34331,11 +33630,11 @@ components: - .osquery type: string params: - $ref: '#/components/schemas/Security_Solution_Detections_API_OsqueryParams' + $ref: '#/components/schemas/Security_Detections_API_OsqueryParams' required: - action_type_id - params - Security_Solution_Detections_API_PlatformErrorResponse: + Security_Detections_API_PlatformErrorResponse: type: object properties: error: @@ -34348,7 +33647,7 @@ components: - statusCode - error - message - Security_Solution_Detections_API_ProcessesParams: + Security_Detections_API_ProcessesParams: type: object properties: command: @@ -34373,125 +33672,101 @@ components: required: - command - config - Security_Solution_Detections_API_QueryRule: + Security_Detections_API_QueryRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -34515,176 +33790,142 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleResponseFields - Security_Solution_Detections_API_QueryRuleCreateFields: + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' + Security_Detections_API_QueryRuleCreateFields: allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRuleCreateProps: + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_QueryRuleDefaultableFields: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_QueryRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' - Security_Solution_Detections_API_QueryRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + Security_Detections_API_QueryRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_QueryRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_QueryRulePatchFields: allOf: - type: object properties: @@ -34693,138 +33934,110 @@ components: enum: - query type: string + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleDefaultableFields - Security_Solution_Detections_API_QueryRulePatchProps: + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchFields - Security_Solution_Detections_API_QueryRuleRequiredFields: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' + Security_Detections_API_QueryRuleRequiredFields: type: object properties: type: @@ -34834,155 +34047,125 @@ components: type: string required: - type - Security_Solution_Detections_API_QueryRuleResponseFields: + Security_Detections_API_QueryRuleResponseFields: allOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleRequiredFields - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleOptionalFields + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' required: - query - language - Security_Solution_Detections_API_QueryRuleUpdateProps: + Security_Detections_API_QueryRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateFields - Security_Solution_Detections_API_RelatedIntegration: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_RelatedIntegration: description: > Related integration is a potential dependency of a rule. It's assumed that if the user installs @@ -35043,20 +34226,19 @@ components: type: object properties: integration: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' package: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' version: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - package - version - Security_Solution_Detections_API_RelatedIntegrationArray: + Security_Detections_API_RelatedIntegrationArray: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegration + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' type: array - Security_Solution_Detections_API_RequiredField: + Security_Detections_API_RequiredField: description: > Describes an Elasticsearch field that is needed for the rule to function. @@ -35097,20 +34279,20 @@ components: description: Whether the field is an ECS field type: boolean name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Name of an Elasticsearch field type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Type of the Elasticsearch field required: - name - type - ecs - Security_Solution_Detections_API_RequiredFieldArray: + Security_Detections_API_RequiredFieldArray: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_RequiredField' + $ref: '#/components/schemas/Security_Detections_API_RequiredField' type: array - Security_Solution_Detections_API_RequiredFieldInput: + Security_Detections_API_RequiredFieldInput: description: >- Input parameters to create a RequiredField. Does not include the `ecs` field, because `ecs` is calculated on the backend based on the field @@ -35118,21 +34300,19 @@ components: type: object properties: name: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Name of an Elasticsearch field type: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: Type of an Elasticsearch field required: - name - type - Security_Solution_Detections_API_ResponseAction: + Security_Detections_API_ResponseAction: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_OsqueryResponseAction - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EndpointResponseAction - Security_Solution_Detections_API_ResponseFields: + - $ref: '#/components/schemas/Security_Detections_API_OsqueryResponseAction' + - $ref: '#/components/schemas/Security_Detections_API_EndpointResponseAction' + Security_Detections_API_ResponseFields: type: object properties: created_at: @@ -35141,24 +34321,20 @@ components: created_by: type: string execution_summary: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionSummary + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary' id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleObjectId' + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' immutable: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleImmutable + $ref: '#/components/schemas/Security_Detections_API_IsRuleImmutable' required_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldArray + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldArray' revision: minimum: 0 type: integer rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_source: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleSource' + $ref: '#/components/schemas/Security_Detections_API_RuleSource' updated_at: format: date-time type: string @@ -35175,12 +34351,12 @@ components: - revision - related_integrations - required_fields - Security_Solution_Detections_API_RiskScore: + Security_Detections_API_RiskScore: description: Risk score (0 to 100) maximum: 100 minimum: 0 type: integer - Security_Solution_Detections_API_RiskScoreMapping: + Security_Detections_API_RiskScoreMapping: description: >- Overrides generated alerts' risk_score with a value from the source event @@ -35194,7 +34370,7 @@ components: - equals type: string risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' value: type: string required: @@ -35202,66 +34378,60 @@ components: - operator - value type: array - Security_Solution_Detections_API_RuleAction: + Security_Detections_API_RuleAction: type: object properties: action_type_id: description: The action type used for sending notifications. type: string alerts_filter: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionAlertsFilter + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' frequency: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionFrequency + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' group: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionGroup + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' id: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleActionId' + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' params: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionParams + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' uuid: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - action_type_id - id - params - Security_Solution_Detections_API_RuleActionAlertsFilter: + Security_Detections_API_RuleActionAlertsFilter: additionalProperties: true type: object - Security_Solution_Detections_API_RuleActionFrequency: + Security_Detections_API_RuleActionFrequency: description: >- The action frequency defines when the action runs (for example, only on rule execution or at specific time intervals). type: object properties: notifyWhen: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionNotifyWhen + $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' summary: description: >- Action summary indicates whether we will send a summary notification about all the generate alerts or notification per individual alert type: boolean throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' nullable: true required: - summary - notifyWhen - throttle - Security_Solution_Detections_API_RuleActionGroup: + Security_Detections_API_RuleActionGroup: description: >- Optionally groups actions by use cases. Use `default` for alert notifications. type: string - Security_Solution_Detections_API_RuleActionId: + Security_Detections_API_RuleActionId: description: The connector ID. type: string - Security_Solution_Detections_API_RuleActionNotifyWhen: + Security_Detections_API_RuleActionNotifyWhen: description: >- The condition for throttling the notification: `onActionGroupChange`, `onActiveAlert`, or `onThrottleInterval` @@ -35270,13 +34440,13 @@ components: - onThrottleInterval - onActionGroupChange type: string - Security_Solution_Detections_API_RuleActionParams: + Security_Detections_API_RuleActionParams: additionalProperties: true description: >- Object containing the allowed connector fields, which varies according to the connector type. type: object - Security_Solution_Detections_API_RuleActionThrottle: + Security_Detections_API_RuleActionThrottle: description: Defines how often rule actions are taken. oneOf: - enum: @@ -35287,34 +34457,30 @@ components: example: 1h pattern: '^[1-9]\d*[smhd]$' type: string - Security_Solution_Detections_API_RuleAuthorArray: + Security_Detections_API_RuleAuthorArray: items: type: string type: array - Security_Solution_Detections_API_RuleCreateProps: + Security_Detections_API_RuleCreateProps: anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateProps + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateProps + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleCreateProps + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleCreateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleCreateProps + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' discriminator: propertyName: type - Security_Solution_Detections_API_RuleDescription: + Security_Detections_API_RuleDescription: minLength: 1 type: string - Security_Solution_Detections_API_RuleDetailsInError: + Security_Detections_API_RuleDetailsInError: type: object properties: id: @@ -35323,14 +34489,14 @@ components: type: string required: - id - Security_Solution_Detections_API_RuleExceptionList: + Security_Detections_API_RuleExceptionList: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: ID of the exception container list_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' description: List ID of the exception container namespace_type: description: Determines the exceptions validity in rule's Kibana space @@ -35339,14 +34505,13 @@ components: - single type: string type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExceptionListType + $ref: '#/components/schemas/Security_Detections_API_ExceptionListType' required: - id - list_id - type - namespace_type - Security_Solution_Detections_API_RuleExecutionMetrics: + Security_Detections_API_RuleExecutionMetrics: type: object properties: execution_gap_duration_s: @@ -35372,7 +34537,7 @@ components: request/response minimum: 0 type: integer - Security_Solution_Detections_API_RuleExecutionStatus: + Security_Detections_API_RuleExecutionStatus: description: >- Custom execution status of Security rules that is different from the status used in the Alerting Framework. We merge our custom status with @@ -35405,9 +34570,9 @@ components: - failed - succeeded type: string - Security_Solution_Detections_API_RuleExecutionStatusOrder: + Security_Detections_API_RuleExecutionStatusOrder: type: integer - Security_Solution_Detections_API_RuleExecutionSummary: + Security_Detections_API_RuleExecutionSummary: type: object properties: last_execution: @@ -35421,14 +34586,13 @@ components: type: string metrics: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionMetrics + #/components/schemas/Security_Detections_API_RuleExecutionMetrics status: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatus + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' description: Status of the last execution status_order: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExecutionStatusOrder + #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder required: - date - status @@ -35437,19 +34601,19 @@ components: - metrics required: - last_execution - Security_Solution_Detections_API_RuleFalsePositiveArray: + Security_Detections_API_RuleFalsePositiveArray: items: type: string type: array - Security_Solution_Detections_API_RuleFilterArray: + Security_Detections_API_RuleFilterArray: items: {} type: array - Security_Solution_Detections_API_RuleInterval: + Security_Detections_API_RuleInterval: description: >- Frequency of rule execution, using a date math range. For example, "1h" means the rule runs every hour. Defaults to 5m (5 minutes). type: string - Security_Solution_Detections_API_RuleIntervalFrom: + Security_Detections_API_RuleIntervalFrom: description: >- Time from which data is analyzed each time the rule runs, using a date math range. For example, now-4200s means the rule analyzes data from 70 @@ -35457,52 +34621,47 @@ components: minutes before the start time). format: date-math type: string - Security_Solution_Detections_API_RuleIntervalTo: + Security_Detections_API_RuleIntervalTo: type: string - Security_Solution_Detections_API_RuleLicense: + Security_Detections_API_RuleLicense: description: The rule's license. type: string - Security_Solution_Detections_API_RuleMetadata: + Security_Detections_API_RuleMetadata: additionalProperties: true type: object - Security_Solution_Detections_API_RuleName: + Security_Detections_API_RuleName: minLength: 1 type: string - Security_Solution_Detections_API_RuleNameOverride: + Security_Detections_API_RuleNameOverride: description: Sets the source field for the alert's signal.rule.name value type: string - Security_Solution_Detections_API_RuleObjectId: - $ref: '#/components/schemas/Security_Solution_Detections_API_UUID' - Security_Solution_Detections_API_RulePatchProps: + Security_Detections_API_RuleObjectId: + $ref: '#/components/schemas/Security_Detections_API_UUID' + Security_Detections_API_RulePatchProps: anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRulePatchProps + #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchProps + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRulePatchProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRulePatchProps - Security_Solution_Detections_API_RulePreviewLoggedRequest: + #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' + Security_Detections_API_RulePreviewLoggedRequest: type: object properties: description: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' duration: type: integer request: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - request - Security_Solution_Detections_API_RulePreviewLogs: + Security_Detections_API_RulePreviewLogs: type: object properties: duration: @@ -35510,26 +34669,24 @@ components: type: integer errors: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array requests: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RulePreviewLoggedRequest + #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest type: array startedAt: - $ref: '#/components/schemas/Security_Solution_Detections_API_NonEmptyString' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' warnings: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array required: - errors - warnings - duration - Security_Solution_Detections_API_RulePreviewParams: + Security_Detections_API_RulePreviewParams: type: object properties: invocationCount: @@ -35540,30 +34697,28 @@ components: required: - invocationCount - timeframeEnd - Security_Solution_Detections_API_RuleQuery: + Security_Detections_API_RuleQuery: type: string - Security_Solution_Detections_API_RuleReferenceArray: + Security_Detections_API_RuleReferenceArray: items: type: string type: array - Security_Solution_Detections_API_RuleResponse: + Security_Detections_API_RuleResponse: anyOf: - - $ref: '#/components/schemas/Security_Solution_Detections_API_EqlRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_QueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdRule' - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRule - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRule - - $ref: '#/components/schemas/Security_Solution_Detections_API_NewTermsRule' - - $ref: '#/components/schemas/Security_Solution_Detections_API_EsqlRule' + - $ref: '#/components/schemas/Security_Detections_API_EqlRule' + - $ref: '#/components/schemas/Security_Detections_API_QueryRule' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRule' discriminator: propertyName: type - Security_Solution_Detections_API_RuleSignatureId: + Security_Detections_API_RuleSignatureId: description: 'Could be any string, not necessarily a UUID' type: string - Security_Solution_Detections_API_RuleSource: + Security_Detections_API_RuleSource: description: >- Discriminated union that determines whether the rule is internally sourced (created within the Kibana app) or has an external source, such @@ -35571,175 +34726,145 @@ components: discriminator: propertyName: type oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ExternalRuleSource - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InternalRuleSource - Security_Solution_Detections_API_RuleTagArray: + - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' + - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' + Security_Detections_API_RuleTagArray: description: >- String array containing words and phrases to help categorize, filter, and search rules. Defaults to an empty array. items: type: string type: array - Security_Solution_Detections_API_RuleUpdateProps: + Security_Detections_API_RuleUpdateProps: anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EqlRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_QueryRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleUpdateProps + #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleUpdateProps + #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleUpdateProps + #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps - $ref: >- - #/components/schemas/Security_Solution_Detections_API_MachineLearningRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NewTermsRuleUpdateProps - - $ref: >- - #/components/schemas/Security_Solution_Detections_API_EsqlRuleUpdateProps + #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' discriminator: propertyName: type - Security_Solution_Detections_API_RuleVersion: + Security_Detections_API_RuleVersion: description: The rule's version number. minimum: 1 type: integer - Security_Solution_Detections_API_SavedObjectResolveAliasPurpose: + Security_Detections_API_SavedObjectResolveAliasPurpose: enum: - savedObjectConversion - savedObjectImport type: string - Security_Solution_Detections_API_SavedObjectResolveAliasTargetId: + Security_Detections_API_SavedObjectResolveAliasTargetId: type: string - Security_Solution_Detections_API_SavedObjectResolveOutcome: + Security_Detections_API_SavedObjectResolveOutcome: enum: - exactMatch - aliasMatch - conflict type: string - Security_Solution_Detections_API_SavedQueryId: + Security_Detections_API_SavedQueryId: type: string - Security_Solution_Detections_API_SavedQueryRule: + Security_Detections_API_SavedQueryRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -35763,321 +34888,264 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleResponseFields - Security_Solution_Detections_API_SavedQueryRuleCreateFields: + #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields + Security_Detections_API_SavedQueryRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRuleCreateProps: + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SavedQueryRuleDefaultableFields: + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SavedQueryRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_SavedQueryRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_SavedQueryRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' response_actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ResponseAction + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - Security_Solution_Detections_API_SavedQueryRulePatchFields: + Security_Detections_API_SavedQueryRulePatchFields: allOf: - type: object properties: saved_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryId + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' type: description: Rule type enum: - saved_query type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleDefaultableFields - Security_Solution_Detections_API_SavedQueryRulePatchProps: + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRulePatchFields - Security_Solution_Detections_API_SavedQueryRuleRequiredFields: + #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields + Security_Detections_API_SavedQueryRuleRequiredFields: type: object properties: saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' type: description: Rule type enum: @@ -36086,166 +35154,138 @@ components: required: - type - saved_id - Security_Solution_Detections_API_SavedQueryRuleResponseFields: + Security_Detections_API_SavedQueryRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleRequiredFields + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleOptionalFields + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_SavedQueryRuleUpdateProps: + Security_Detections_API_SavedQueryRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedQueryRuleCreateFields - Security_Solution_Detections_API_SetAlertsStatusByIds: + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SetAlertsStatusByIds: type: object properties: signal_ids: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' minItems: 1 type: array status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' required: - signal_ids - status - Security_Solution_Detections_API_SetAlertsStatusByQuery: + Security_Detections_API_SetAlertsStatusByQuery: type: object properties: conflicts: @@ -36258,23 +35298,23 @@ components: additionalProperties: true type: object status: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertStatus' + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' required: - query - status - Security_Solution_Detections_API_SetAlertTags: + Security_Detections_API_SetAlertTags: type: object properties: tags_to_add: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' + $ref: '#/components/schemas/Security_Detections_API_AlertTags' tags_to_remove: - $ref: '#/components/schemas/Security_Solution_Detections_API_AlertTags' + $ref: '#/components/schemas/Security_Detections_API_AlertTags' required: - tags_to_add - tags_to_remove - Security_Solution_Detections_API_SetupGuide: + Security_Detections_API_SetupGuide: type: string - Security_Solution_Detections_API_Severity: + Security_Detections_API_Severity: description: Severity of the rule enum: - low @@ -36282,7 +35322,7 @@ components: - high - critical type: string - Security_Solution_Detections_API_SeverityMapping: + Security_Detections_API_SeverityMapping: description: Overrides generated alerts' severity with values from the source event items: type: object @@ -36294,7 +35334,7 @@ components: - equals type: string severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' value: type: string required: @@ -36303,7 +35343,7 @@ components: - severity - value type: array - Security_Solution_Detections_API_SiemErrorResponse: + Security_Detections_API_SiemErrorResponse: type: object properties: message: @@ -36313,55 +35353,54 @@ components: required: - status_code - message - Security_Solution_Detections_API_SkippedAlertsIndexMigration: + Security_Detections_API_SkippedAlertsIndexMigration: type: object properties: index: type: string required: - index - Security_Solution_Detections_API_SortOrder: + Security_Detections_API_SortOrder: enum: - asc - desc type: string - Security_Solution_Detections_API_Threat: + Security_Detections_API_Threat: type: object properties: framework: description: Relevant attack framework type: string tactic: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatTactic' + $ref: '#/components/schemas/Security_Detections_API_ThreatTactic' technique: description: Array containing information on the attack techniques (optional) items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatTechnique + $ref: '#/components/schemas/Security_Detections_API_ThreatTechnique' type: array required: - framework - tactic - Security_Solution_Detections_API_ThreatArray: + Security_Detections_API_ThreatArray: items: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threat' + $ref: '#/components/schemas/Security_Detections_API_Threat' type: array - Security_Solution_Detections_API_ThreatFilters: + Security_Detections_API_ThreatFilters: items: description: >- Query and filter context array used to filter documents from the Elasticsearch index containing the threat values type: array - Security_Solution_Detections_API_ThreatIndex: + Security_Detections_API_ThreatIndex: items: type: string type: array - Security_Solution_Detections_API_ThreatIndicatorPath: + Security_Detections_API_ThreatIndicatorPath: description: >- Defines the path to the threat indicator in the indicator documents (optional) type: string - Security_Solution_Detections_API_ThreatMapping: + Security_Detections_API_ThreatMapping: items: type: object properties: @@ -36370,15 +35409,13 @@ components: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: enum: - mapping type: string value: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_NonEmptyString + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - field - type @@ -36388,125 +35425,101 @@ components: - entries minItems: 1 type: array - Security_Solution_Detections_API_ThreatMatchRule: + Security_Detections_API_ThreatMatchRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -36530,343 +35543,282 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleResponseFields - Security_Solution_Detections_API_ThreatMatchRuleCreateFields: + #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields + Security_Detections_API_ThreatMatchRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRuleCreateProps: + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields: + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRuleOptionalFields: type: object properties: alert_suppression: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppression + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' concurrent_searches: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ConcurrentSearches + $ref: '#/components/schemas/Security_Detections_API_ConcurrentSearches' data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' items_per_search: - $ref: '#/components/schemas/Security_Solution_Detections_API_ItemsPerSearch' + $ref: '#/components/schemas/Security_Detections_API_ItemsPerSearch' saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' threat_filters: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatFilters' + $ref: '#/components/schemas/Security_Detections_API_ThreatFilters' threat_indicator_path: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndicatorPath + $ref: '#/components/schemas/Security_Detections_API_ThreatIndicatorPath' threat_language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThreatMatchRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRulePatchFields: allOf: - type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threat_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatIndex + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' threat_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMapping + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' threat_query: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatQuery + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' type: description: Rule type enum: - threat_match type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleDefaultableFields - Security_Solution_Detections_API_ThreatMatchRulePatchProps: + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRulePatchFields - Security_Solution_Detections_API_ThreatMatchRuleRequiredFields: + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields + Security_Detections_API_ThreatMatchRuleRequiredFields: type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threat_index: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatIndex' + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' threat_mapping: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatMapping' + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' threat_query: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThreatQuery' + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' type: description: Rule type enum: @@ -36878,155 +35830,128 @@ components: - threat_query - threat_mapping - threat_index - Security_Solution_Detections_API_ThreatMatchRuleResponseFields: + Security_Detections_API_ThreatMatchRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleRequiredFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleOptionalFields + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_ThreatMatchRuleUpdateProps: + Security_Detections_API_ThreatMatchRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatMatchRuleCreateFields - Security_Solution_Detections_API_ThreatQuery: + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatQuery: description: Query to run type: string - Security_Solution_Detections_API_ThreatSubtechnique: + Security_Detections_API_ThreatSubtechnique: type: object properties: id: @@ -37042,7 +35967,7 @@ components: - id - name - reference - Security_Solution_Detections_API_ThreatTactic: + Security_Detections_API_ThreatTactic: type: object properties: id: @@ -37058,7 +35983,7 @@ components: - id - name - reference - Security_Solution_Detections_API_ThreatTechnique: + Security_Detections_API_ThreatTechnique: type: object properties: id: @@ -37073,35 +35998,33 @@ components: subtechnique: description: Array containing more specific information on the attack technique items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatSubtechnique + $ref: '#/components/schemas/Security_Detections_API_ThreatSubtechnique' type: array required: - id - name - reference - Security_Solution_Detections_API_Threshold: + Security_Detections_API_Threshold: type: object properties: cardinality: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdCardinality + $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality' field: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdField' + $ref: '#/components/schemas/Security_Detections_API_ThresholdField' value: - $ref: '#/components/schemas/Security_Solution_Detections_API_ThresholdValue' + $ref: '#/components/schemas/Security_Detections_API_ThresholdValue' required: - field - value - Security_Solution_Detections_API_ThresholdAlertSuppression: + Security_Detections_API_ThresholdAlertSuppression: type: object properties: duration: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertSuppressionDuration + #/components/schemas/Security_Detections_API_AlertSuppressionDuration required: - duration - Security_Solution_Detections_API_ThresholdCardinality: + Security_Detections_API_ThresholdCardinality: items: type: object properties: @@ -37114,132 +36037,108 @@ components: - field - value type: array - Security_Solution_Detections_API_ThresholdField: + Security_Detections_API_ThresholdField: description: Field to aggregate on oneOf: - type: string - items: type: string type: array - Security_Solution_Detections_API_ThresholdRule: + Security_Detections_API_ThresholdRule: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description @@ -37263,319 +36162,265 @@ components: - setup - related_integrations - required_fields - - $ref: '#/components/schemas/Security_Solution_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleResponseFields - Security_Solution_Detections_API_ThresholdRuleCreateFields: + #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields + Security_Detections_API_ThresholdRuleCreateFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRuleCreateProps: + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRuleCreateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdRuleDefaultableFields: + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdRuleDefaultableFields: type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage - Security_Solution_Detections_API_ThresholdRuleOptionalFields: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThresholdRuleOptionalFields: type: object properties: alert_suppression: $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdAlertSuppression + #/components/schemas/Security_Detections_API_ThresholdAlertSuppression data_view_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_DataViewId' + $ref: '#/components/schemas/Security_Detections_API_DataViewId' filters: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFilterArray + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IndexPatternArray + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' saved_id: - $ref: '#/components/schemas/Security_Solution_Detections_API_SavedQueryId' - Security_Solution_Detections_API_ThresholdRulePatchFields: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_ThresholdRulePatchFields: allOf: - type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' + $ref: '#/components/schemas/Security_Detections_API_Threshold' type: description: Rule type enum: - threshold type: string - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleDefaultableFields - Security_Solution_Detections_API_ThresholdRulePatchProps: + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRulePatchProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRulePatchFields - Security_Solution_Detections_API_ThresholdRuleRequiredFields: + #/components/schemas/Security_Detections_API_ThresholdRulePatchFields + Security_Detections_API_ThresholdRuleRequiredFields: type: object properties: query: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleQuery' + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' threshold: - $ref: '#/components/schemas/Security_Solution_Detections_API_Threshold' + $ref: '#/components/schemas/Security_Detections_API_Threshold' type: description: Rule type enum: @@ -37585,156 +36430,129 @@ components: - type - query - threshold - Security_Solution_Detections_API_ThresholdRuleResponseFields: + Security_Detections_API_ThresholdRuleResponseFields: allOf: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleRequiredFields + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleOptionalFields + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields - type: object properties: language: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_KqlQueryLanguage + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' required: - language - Security_Solution_Detections_API_ThresholdRuleUpdateProps: + Security_Detections_API_ThresholdRuleUpdateProps: allOf: - type: object properties: actions: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAction + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array alias_purpose: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasPurpose + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose alias_target_id: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveAliasTargetId + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId author: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleAuthorArray + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' building_block_type: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_BuildingBlockType + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' description: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleDescription + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_IsRuleEnabled + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' exceptions_list: items: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleExceptionList + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' type: array false_positives: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleFalsePositiveArray + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray from: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalFrom + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleObjectId + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' interval: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleInterval + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' investigation_fields: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationFields + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' license: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleLicense + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' max_signals: - $ref: '#/components/schemas/Security_Solution_Detections_API_MaxSignals' + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleMetadata + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - $ref: '#/components/schemas/Security_Solution_Detections_API_RuleName' + $ref: '#/components/schemas/Security_Detections_API_RuleName' namespace: $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndexNamespace + #/components/schemas/Security_Detections_API_AlertsIndexNamespace note: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_InvestigationGuide + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' outcome: $ref: >- - #/components/schemas/Security_Solution_Detections_API_SavedObjectResolveOutcome + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome output_index: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_AlertsIndex + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' references: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleReferenceArray + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' related_integrations: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RelatedIntegrationArray + #/components/schemas/Security_Detections_API_RelatedIntegrationArray required_fields: items: $ref: >- - #/components/schemas/Security_Solution_Detections_API_RequiredFieldInput + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array risk_score: - $ref: '#/components/schemas/Security_Solution_Detections_API_RiskScore' + $ref: '#/components/schemas/Security_Detections_API_RiskScore' risk_score_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RiskScoreMapping + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' rule_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleSignatureId + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' rule_name_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleNameOverride + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' setup: - $ref: '#/components/schemas/Security_Solution_Detections_API_SetupGuide' + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' severity: - $ref: '#/components/schemas/Security_Solution_Detections_API_Severity' + $ref: '#/components/schemas/Security_Detections_API_Severity' severity_mapping: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_SeverityMapping + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' tags: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleTagArray + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' threat: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThreatArray + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' throttle: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleActionThrottle + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' timeline_id: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateId + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' timeline_title: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimelineTemplateTitle + #/components/schemas/Security_Detections_API_TimelineTemplateTitle timestamp_override: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverride + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' timestamp_override_fallback_disabled: $ref: >- - #/components/schemas/Security_Solution_Detections_API_TimestampOverrideFallbackDisabled + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled to: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleIntervalTo + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - $ref: >- - #/components/schemas/Security_Solution_Detections_API_RuleVersion + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - description - risk_score - severity - $ref: >- - #/components/schemas/Security_Solution_Detections_API_ThresholdRuleCreateFields - Security_Solution_Detections_API_ThresholdValue: + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdValue: description: Threshold value minimum: 1 type: integer - Security_Solution_Detections_API_ThrottleForBulkActions: + Security_Detections_API_ThrottleForBulkActions: description: >- The condition for throttling the notification: 'rule', 'no_actions', or time duration @@ -37744,29 +36562,29 @@ components: - 1d - 7d type: string - Security_Solution_Detections_API_TiebreakerField: + Security_Detections_API_TiebreakerField: description: Sets a secondary field for sorting events type: string - Security_Solution_Detections_API_TimelineTemplateId: + Security_Detections_API_TimelineTemplateId: description: Timeline template ID type: string - Security_Solution_Detections_API_TimelineTemplateTitle: + Security_Detections_API_TimelineTemplateTitle: description: Timeline template title type: string - Security_Solution_Detections_API_TimestampField: + Security_Detections_API_TimestampField: description: Contains the event timestamp used for sorting a sequence of events type: string - Security_Solution_Detections_API_TimestampOverride: + Security_Detections_API_TimestampOverride: description: Sets the time field used to query indices type: string - Security_Solution_Detections_API_TimestampOverrideFallbackDisabled: + Security_Detections_API_TimestampOverrideFallbackDisabled: description: Disables the fallback to the event's @timestamp field type: boolean - Security_Solution_Detections_API_UUID: + Security_Detections_API_UUID: description: A universally unique identifier format: uuid type: string - Security_Solution_Detections_API_WarningSchema: + Security_Detections_API_WarningSchema: type: object properties: actionPath: @@ -37781,16 +36599,14 @@ components: - type - message - actionPath - Security_Solution_Endpoint_Exceptions_API_EndpointList: + Security_Endpoint_Exceptions_API_EndpointList: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionList + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' - additionalProperties: false type: object - Security_Solution_Endpoint_Exceptions_API_EndpointListItem: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItem - Security_Solution_Endpoint_Exceptions_API_ExceptionList: + Security_Endpoint_Exceptions_API_EndpointListItem: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' + Security_Endpoint_Exceptions_API_ExceptionList: type: object properties: _version: @@ -37802,35 +36618,35 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId immutable: type: boolean list_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags tie_breaker_id: type: string type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType updated_at: format: date-time type: string @@ -37838,7 +36654,7 @@ components: type: string version: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion required: - id - list_id @@ -37853,23 +36669,21 @@ components: - created_by - updated_at - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListDescription: + Security_Endpoint_Exceptions_API_ExceptionListDescription: type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + Security_Endpoint_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Endpoint_Exceptions_API_ExceptionListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItem: + Security_Endpoint_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray created_at: format: date-time type: string @@ -37877,42 +36691,42 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId item_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId list_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListHumanId + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId meta: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName namespace_type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType os_types: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray tags: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags tie_breaker_id: type: string type: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType updated_at: format: date-time type: string @@ -37933,69 +36747,64 @@ components: - created_by - updated_at - updated_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment: + Security_Endpoint_Exceptions_API_ExceptionListItemComment: type: object properties: comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: format: date-time type: string created_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: format: date-time type: string updated_by: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - id - comment - created_at - created_by - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemComment + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemDescription: + Security_Endpoint_Exceptions_API_ExceptionListItemDescription: type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry: + Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard discriminator: propertyName: type - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryArray: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntry + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - exists @@ -38004,27 +36813,24 @@ components: - type - field - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryList: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryList: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' list: type: object properties: id: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListId + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ListType + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' required: - id - type operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - list @@ -38034,36 +36840,33 @@ components: - field - list - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match type: string value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match_any @@ -38071,7 +36874,7 @@ components: value: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString minItems: 1 type: array required: @@ -38079,39 +36882,36 @@ components: - field - value - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: type: object properties: field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - wildcard type: string value: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNested: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested: type: object properties: entries: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem minItems: 1 type: array field: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' type: enum: - nested @@ -38120,66 +36920,62 @@ components: - type - field - entries - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded - included type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemMeta: + Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: + Security_Endpoint_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemTags: + Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListItemType: + Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: - simple type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListMeta: + Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true type: object - Security_Solution_Endpoint_Exceptions_API_ExceptionListName: + Security_Endpoint_Exceptions_API_ExceptionListName: type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType: + Security_Endpoint_Exceptions_API_ExceptionListOsType: enum: - linux - macos - windows type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: items: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_ExceptionListOsType + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListTags: + Security_Endpoint_Exceptions_API_ExceptionListTags: items: type: string type: array - Security_Solution_Endpoint_Exceptions_API_ExceptionListType: + Security_Endpoint_Exceptions_API_ExceptionListType: enum: - detection - rule_default @@ -38189,10 +36985,10 @@ components: - endpoint_host_isolation_exceptions - endpoint_blocklists type: string - Security_Solution_Endpoint_Exceptions_API_ExceptionListVersion: + Security_Endpoint_Exceptions_API_ExceptionListVersion: minimum: 1 type: integer - Security_Solution_Endpoint_Exceptions_API_ExceptionNamespaceType: + Security_Endpoint_Exceptions_API_ExceptionNamespaceType: description: > Determines whether the exception container is available in all Kibana spaces or just the space @@ -38207,13 +37003,11 @@ components: - agnostic - single type: string - Security_Solution_Endpoint_Exceptions_API_FindEndpointListItemsFilter: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListId: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Exceptions_API_NonEmptyString - Security_Solution_Endpoint_Exceptions_API_ListType: + Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListType: enum: - binary - boolean @@ -38239,12 +37033,12 @@ components: - short - text type: string - Security_Solution_Endpoint_Exceptions_API_NonEmptyString: + Security_Endpoint_Exceptions_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Endpoint_Exceptions_API_PlatformErrorResponse: + Security_Endpoint_Exceptions_API_PlatformErrorResponse: type: object properties: error: @@ -38257,7 +37051,7 @@ components: - statusCode - error - message - Security_Solution_Endpoint_Exceptions_API_SiemErrorResponse: + Security_Endpoint_Exceptions_API_SiemErrorResponse: type: object properties: message: @@ -38267,21 +37061,18 @@ components: required: - status_code - message - Security_Solution_Endpoint_Management_API_ActionLogRequestQuery: + Security_Endpoint_Management_API_ActionLogRequestQuery: type: object properties: end_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' page_size: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PageSize + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' start_date: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate - Security_Solution_Endpoint_Management_API_ActionStateSuccessResponse: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + Security_Endpoint_Management_API_ActionStateSuccessResponse: type: object properties: body: @@ -38296,7 +37087,7 @@ components: - data required: - body - Security_Solution_Endpoint_Management_API_ActionStatusSuccessResponse: + Security_Endpoint_Management_API_ActionStatusSuccessResponse: type: object properties: body: @@ -38307,10 +37098,10 @@ components: properties: agent_id: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentId + #/components/schemas/Security_Endpoint_Management_API_AgentId pending_actions: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionsSchema + #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema required: - agent_id - pending_actions @@ -38318,10 +37109,10 @@ components: - data required: - body - Security_Solution_Endpoint_Management_API_AgentId: + Security_Endpoint_Management_API_AgentId: description: Agent ID type: string - Security_Solution_Endpoint_Management_API_AgentIds: + Security_Endpoint_Management_API_AgentIds: minLength: 1 oneOf: - items: @@ -38332,27 +37123,26 @@ components: type: array - minLength: 1 type: string - Security_Solution_Endpoint_Management_API_AgentTypes: + Security_Endpoint_Management_API_AgentTypes: enum: - endpoint - sentinel_one - crowdstrike type: string - Security_Solution_Endpoint_Management_API_AlertIds: + Security_Endpoint_Management_API_AlertIds: description: A list of alerts ids. items: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NonEmptyString + $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' minItems: 1 type: array - Security_Solution_Endpoint_Management_API_CaseIds: + Security_Endpoint_Management_API_CaseIds: description: Case IDs to be updated (cannot contain empty strings) items: minLength: 1 type: string minItems: 1 type: array - Security_Solution_Endpoint_Management_API_Command: + Security_Endpoint_Management_API_Command: description: The command to be executed (cannot be an empty string) enum: - isolate @@ -38366,51 +37156,46 @@ components: - scan minLength: 1 type: string - Security_Solution_Endpoint_Management_API_Commands: + Security_Endpoint_Management_API_Commands: items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Command' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' type: array - Security_Solution_Endpoint_Management_API_Comment: + Security_Endpoint_Management_API_Comment: description: Optional comment type: string - Security_Solution_Endpoint_Management_API_EndDate: + Security_Endpoint_Management_API_EndDate: description: End date type: string - Security_Solution_Endpoint_Management_API_EndpointIds: + Security_Endpoint_Management_API_EndpointIds: description: List of endpoint IDs (cannot contain empty strings) items: minLength: 1 type: string minItems: 1 type: array - Security_Solution_Endpoint_Management_API_EntityId: + Security_Endpoint_Management_API_EntityId: type: object properties: entity_id: minLength: 1 type: string - Security_Solution_Endpoint_Management_API_ExecuteRouteRequestBody: + Security_Endpoint_Management_API_ExecuteRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -38420,31 +37205,27 @@ components: properties: command: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Command + #/components/schemas/Security_Endpoint_Management_API_Command timeout: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Timeout + #/components/schemas/Security_Endpoint_Management_API_Timeout required: - command required: - parameters - Security_Solution_Endpoint_Management_API_GetEndpointActionListRouteQuery: + Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: type: object properties: agentIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' agentTypes: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' commands: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Commands + $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' endDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndDate + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' page: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Page' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' pageSize: default: 10 description: Number of items per page @@ -38452,38 +37233,30 @@ components: minimum: 1 type: integer startDate: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_StartDate + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' types: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Types' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' userIds: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_UserIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' withOutputs: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_WithOutputs - Security_Solution_Endpoint_Management_API_GetFileRouteRequestBody: + $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + Security_Endpoint_Management_API_GetFileRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -38497,44 +37270,38 @@ components: - path required: - parameters - Security_Solution_Endpoint_Management_API_GetProcessesRouteRequestBody: + Security_Endpoint_Management_API_GetProcessesRouteRequestBody: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_IsolateRouteRequestBody: + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_IsolateRouteRequestBody: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_KillProcessRouteRequestBody: + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object properties: parameters: oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Pid - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EntityId + #/components/schemas/Security_Endpoint_Management_API_EntityId - type: object properties: process_name: @@ -38543,7 +37310,7 @@ components: type: string required: - parameters - Security_Solution_Endpoint_Management_API_ListRequestQuery: + Security_Endpoint_Management_API_ListRequestQuery: type: object properties: hostStatuses: @@ -38590,121 +37357,111 @@ components: type: string required: - hostStatuses - Security_Solution_Endpoint_Management_API_NonEmptyString: + Security_Endpoint_Management_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Endpoint_Management_API_NoParametersRequestSchema: + Security_Endpoint_Management_API_NoParametersRequestSchema: type: object properties: body: type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids required: - body - Security_Solution_Endpoint_Management_API_Page: + Security_Endpoint_Management_API_Page: default: 1 description: Page number minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_PageSize: + Security_Endpoint_Management_API_PageSize: default: 10 description: Number of items per page maximum: 100 minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_Parameters: + Security_Endpoint_Management_API_Parameters: description: Optional parameters object type: object - Security_Solution_Endpoint_Management_API_PendingActionDataType: + Security_Endpoint_Management_API_PendingActionDataType: type: integer - Security_Solution_Endpoint_Management_API_PendingActionsSchema: + Security_Endpoint_Management_API_PendingActionsSchema: oneOf: - type: object properties: execute: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType get-file: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType isolate: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType kill-process: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType running-processes: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType scan: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType suspend-process: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType unisolate: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType upload: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_PendingActionDataType + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType - additionalProperties: true type: object - Security_Solution_Endpoint_Management_API_Pid: + Security_Endpoint_Management_API_Pid: type: object properties: pid: minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_ProtectionUpdatesNoteResponse: + Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: type: object properties: note: type: string - Security_Solution_Endpoint_Management_API_ScanRouteRequestBody: + Security_Endpoint_Management_API_ScanRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -38718,88 +37475,77 @@ components: - path required: - parameters - Security_Solution_Endpoint_Management_API_StartDate: + Security_Endpoint_Management_API_StartDate: description: Start date type: string - Security_Solution_Endpoint_Management_API_SuccessResponse: + Security_Endpoint_Management_API_SuccessResponse: type: object properties: {} - Security_Solution_Endpoint_Management_API_SuspendProcessRouteRequestBody: + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object properties: parameters: oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Pid - - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EntityId + #/components/schemas/Security_Endpoint_Management_API_EntityId required: - parameters - Security_Solution_Endpoint_Management_API_Timeout: + Security_Endpoint_Management_API_Timeout: description: The maximum timeout value in milliseconds (optional) minimum: 1 type: integer - Security_Solution_Endpoint_Management_API_Type: + Security_Endpoint_Management_API_Type: description: Type of response action enum: - automated - manual type: string - Security_Solution_Endpoint_Management_API_Types: + Security_Endpoint_Management_API_Types: description: List of types of response actions items: - $ref: '#/components/schemas/Security_Solution_Endpoint_Management_API_Type' + $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' maxLength: 2 minLength: 1 type: array - Security_Solution_Endpoint_Management_API_UnisolateRouteRequestBody: + Security_Endpoint_Management_API_UnisolateRouteRequestBody: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_NoParametersRequestSchema - Security_Solution_Endpoint_Management_API_UploadRouteRequestBody: + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object properties: agent_type: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AgentTypes + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' alert_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_AlertIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' case_ids: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_CaseIds + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' comment: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Comment + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' endpoint_ids: $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_EndpointIds + #/components/schemas/Security_Endpoint_Management_API_EndpointIds parameters: - $ref: >- - #/components/schemas/Security_Solution_Endpoint_Management_API_Parameters + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids - type: object @@ -38816,7 +37562,7 @@ components: required: - parameters - file - Security_Solution_Endpoint_Management_API_UserIds: + Security_Endpoint_Management_API_UserIds: description: User IDs oneOf: - items: @@ -38826,7 +37572,7 @@ components: type: array - minLength: 1 type: string - Security_Solution_Endpoint_Management_API_WithOutputs: + Security_Endpoint_Management_API_WithOutputs: description: Shows detailed outputs for an action response oneOf: - items: @@ -38836,7 +37582,7 @@ components: type: array - minLength: 1 type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: + Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: type: object properties: index: @@ -38846,7 +37592,7 @@ components: required: - message - index - Security_Solution_Entity_Analytics_API_AssetCriticalityBulkUploadStats: + Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats: type: object properties: failed: @@ -38859,7 +37605,7 @@ components: - successful - failed - total - Security_Solution_Entity_Analytics_API_AssetCriticalityLevel: + Security_Entity_Analytics_API_AssetCriticalityLevel: description: The criticality level of the asset. enum: - low_impact @@ -38867,10 +37613,10 @@ components: - high_impact - extreme_impact type: string - Security_Solution_Entity_Analytics_API_AssetCriticalityRecord: + Security_Entity_Analytics_API_AssetCriticalityRecord: allOf: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord - type: object properties: '@timestamp': @@ -38880,11 +37626,11 @@ components: type: string required: - '@timestamp' - Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts: + Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: type: object properties: id_field: - $ref: '#/components/schemas/Security_Solution_Entity_Analytics_API_IdField' + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' description: The field representing the ID. example: host.name id_value: @@ -38893,49 +37639,44 @@ components: required: - id_value - id_field - Security_Solution_Entity_Analytics_API_CreateAssetCriticalityRecord: + Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityRecordIdParts + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts - type: object properties: criticality_level: $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_AssetCriticalityLevel + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel required: - criticality_level - Security_Solution_Entity_Analytics_API_EngineDescriptor: + Security_Entity_Analytics_API_EngineDescriptor: type: object properties: filter: type: string indexPattern: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_IndexPattern + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' status: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EngineStatus + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' type: - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_EntityType - Security_Solution_Entity_Analytics_API_EngineStatus: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + Security_Entity_Analytics_API_EngineStatus: enum: - installing - started - stopped type: string - Security_Solution_Entity_Analytics_API_Entity: + Security_Entity_Analytics_API_Entity: oneOf: - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_UserEntity - - $ref: >- - #/components/schemas/Security_Solution_Entity_Analytics_API_HostEntity - Security_Solution_Entity_Analytics_API_EntityType: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity' + Security_Entity_Analytics_API_EntityType: enum: - user - host type: string - Security_Solution_Entity_Analytics_API_HostEntity: + Security_Entity_Analytics_API_HostEntity: type: object properties: entity: @@ -39010,14 +37751,14 @@ components: type: array required: - name - Security_Solution_Entity_Analytics_API_IdField: + Security_Entity_Analytics_API_IdField: enum: - host.name - user.name type: string - Security_Solution_Entity_Analytics_API_IndexPattern: + Security_Entity_Analytics_API_IndexPattern: type: string - Security_Solution_Entity_Analytics_API_InspectQuery: + Security_Entity_Analytics_API_InspectQuery: type: object properties: dsl: @@ -39031,7 +37772,7 @@ components: required: - dsl - response - Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: + Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: type: object properties: full_error: @@ -39041,12 +37782,12 @@ components: required: - message - full_error - Security_Solution_Entity_Analytics_API_RiskEngineScheduleNowResponse: + Security_Entity_Analytics_API_RiskEngineScheduleNowResponse: type: object properties: success: type: boolean - Security_Solution_Entity_Analytics_API_TaskManagerUnavailableResponse: + Security_Entity_Analytics_API_TaskManagerUnavailableResponse: description: Task manager is unavailable type: object properties: @@ -39058,7 +37799,7 @@ components: required: - status_code - message - Security_Solution_Entity_Analytics_API_UserEntity: + Security_Entity_Analytics_API_UserEntity: type: object properties: entity: @@ -39129,76 +37870,71 @@ components: type: array required: - name - Security_Solution_Exceptions_API_CreateExceptionListItemComment: + Security_Exceptions_API_CreateExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - comment - Security_Solution_Exceptions_API_CreateExceptionListItemCommentArray: + Security_Exceptions_API_CreateExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateExceptionListItemComment + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment: + Security_Exceptions_API_CreateRuleExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - comment - Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray: + Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemComment + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment type: array - Security_Solution_Exceptions_API_CreateRuleExceptionListItemProps: + Security_Exceptions_API_CreateRuleExceptionListItemProps: type: object properties: comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_CreateRuleExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray default: [] description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' default: single os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray default: [] tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' default: [] type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: - type - name - description - entries - Security_Solution_Exceptions_API_ExceptionList: + Security_Exceptions_API_ExceptionList: type: object properties: _version: @@ -39210,43 +37946,35 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListDescription + #/components/schemas/Security_Exceptions_API_ExceptionListDescription id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' immutable: type: boolean list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: format: date-time type: string updated_by: type: string version: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListVersion + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' required: - id - list_id @@ -39261,21 +37989,21 @@ components: - created_by - updated_at - updated_by - Security_Solution_Exceptions_API_ExceptionListDescription: + Security_Exceptions_API_ExceptionListDescription: type: string - Security_Solution_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' description: 'Human readable string identifier, e.g. `trusted-linux-processes`' - Security_Solution_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItem: + Security_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItem: type: object properties: _version: type: string comments: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemCommentArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray created_at: format: date-time type: string @@ -39283,42 +38011,35 @@ components: type: string description: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemDescription + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription entries: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray expire_time: format: date-time type: string id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' meta: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemMeta + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemName + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' namespace_type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionNamespaceType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' os_types: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray tags: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemTags + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: type: string type: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: format: date-time type: string @@ -39339,64 +38060,62 @@ components: - created_by - updated_at - updated_by - Security_Solution_Exceptions_API_ExceptionListItemComment: + Security_Exceptions_API_ExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: format: date-time type: string created_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: format: date-time type: string updated_by: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - id - comment - created_at - created_by - Security_Solution_Exceptions_API_ExceptionListItemCommentArray: + Security_Exceptions_API_ExceptionListItemCommentArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemComment + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array - Security_Solution_Exceptions_API_ExceptionListItemDescription: + Security_Exceptions_API_ExceptionListItemDescription: type: string - Security_Solution_Exceptions_API_ExceptionListItemEntry: + Security_Exceptions_API_ExceptionListItemEntry: anyOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryList + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNested + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard discriminator: propertyName: type - Security_Solution_Exceptions_API_ExceptionListItemEntryArray: + Security_Exceptions_API_ExceptionListItemEntryArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntry + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry' type: array - Security_Solution_Exceptions_API_ExceptionListItemEntryExists: + Security_Exceptions_API_ExceptionListItemEntryExists: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - exists @@ -39405,24 +38124,24 @@ components: - type - field - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryList: + Security_Exceptions_API_ExceptionListItemEntryList: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' list: type: object properties: id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListId' + $ref: '#/components/schemas/Security_Exceptions_API_ListId' type: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_ListType' + $ref: '#/components/schemas/Security_Exceptions_API_ListType' required: - id - type operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - list @@ -39432,41 +38151,40 @@ components: - field - list - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatch: + Security_Exceptions_API_ExceptionListItemEntryMatch: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match type: string value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny: + Security_Exceptions_API_ExceptionListItemEntryMatchAny: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - match_any type: string value: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_NonEmptyString + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' minItems: 1 type: array required: @@ -39474,36 +38192,36 @@ components: - field - value - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryMatchWildcard: + Security_Exceptions_API_ExceptionListItemEntryMatchWildcard: type: object properties: field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' operator: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryOperator + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - wildcard type: string value: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - type - field - value - operator - Security_Solution_Exceptions_API_ExceptionListItemEntryNested: + Security_Exceptions_API_ExceptionListItemEntryNested: type: object properties: entries: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem minItems: 1 type: array field: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' type: enum: - nested @@ -39512,58 +38230,56 @@ components: - type - field - entries - Security_Solution_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatch + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryMatchAny + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemEntryExists - Security_Solution_Exceptions_API_ExceptionListItemEntryOperator: + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + Security_Exceptions_API_ExceptionListItemEntryOperator: enum: - excluded - included type: string - Security_Solution_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemMeta: + Security_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object - Security_Solution_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ExceptionListItemOsTypeArray: + Security_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array - Security_Solution_Exceptions_API_ExceptionListItemTags: + Security_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' type: array - Security_Solution_Exceptions_API_ExceptionListItemType: + Security_Exceptions_API_ExceptionListItemType: enum: - simple type: string - Security_Solution_Exceptions_API_ExceptionListMeta: + Security_Exceptions_API_ExceptionListMeta: additionalProperties: true type: object - Security_Solution_Exceptions_API_ExceptionListName: + Security_Exceptions_API_ExceptionListName: type: string - Security_Solution_Exceptions_API_ExceptionListOsType: + Security_Exceptions_API_ExceptionListOsType: enum: - linux - macos - windows type: string - Security_Solution_Exceptions_API_ExceptionListOsTypeArray: + Security_Exceptions_API_ExceptionListOsTypeArray: items: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListOsType + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array - Security_Solution_Exceptions_API_ExceptionListsImportBulkError: + Security_Exceptions_API_ExceptionListsImportBulkError: type: object properties: error: @@ -39577,26 +38293,24 @@ components: - status_code - message id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' item_id: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListItemHumanId + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId list_id: - $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListHumanId + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' required: - error - Security_Solution_Exceptions_API_ExceptionListsImportBulkErrorArray: + Security_Exceptions_API_ExceptionListsImportBulkErrorArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_ExceptionListsImportBulkError + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError type: array - Security_Solution_Exceptions_API_ExceptionListTags: + Security_Exceptions_API_ExceptionListTags: items: type: string type: array - Security_Solution_Exceptions_API_ExceptionListType: + Security_Exceptions_API_ExceptionListType: enum: - detection - rule_default @@ -39606,10 +38320,10 @@ components: - endpoint_host_isolation_exceptions - endpoint_blocklists type: string - Security_Solution_Exceptions_API_ExceptionListVersion: + Security_Exceptions_API_ExceptionListVersion: minimum: 1 type: integer - Security_Solution_Exceptions_API_ExceptionNamespaceType: + Security_Exceptions_API_ExceptionNamespaceType: description: > Determines whether the exception container is available in all Kibana spaces or just the space @@ -39624,13 +38338,13 @@ components: - agnostic - single type: string - Security_Solution_Exceptions_API_FindExceptionListItemsFilter: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_FindExceptionListsFilter: + Security_Exceptions_API_FindExceptionListItemsFilter: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_FindExceptionListsFilter: type: string - Security_Solution_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' - Security_Solution_Exceptions_API_ListType: + Security_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ListType: enum: - binary - boolean @@ -39656,12 +38370,12 @@ components: - short - text type: string - Security_Solution_Exceptions_API_NonEmptyString: + Security_Exceptions_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Exceptions_API_PlatformErrorResponse: + Security_Exceptions_API_PlatformErrorResponse: type: object properties: error: @@ -39674,9 +38388,9 @@ components: - statusCode - error - message - Security_Solution_Exceptions_API_RuleId: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_UUID' - Security_Solution_Exceptions_API_SiemErrorResponse: + Security_Exceptions_API_RuleId: + $ref: '#/components/schemas/Security_Exceptions_API_UUID' + Security_Exceptions_API_SiemErrorResponse: type: object properties: message: @@ -39686,33 +38400,33 @@ components: required: - status_code - message - Security_Solution_Exceptions_API_UpdateExceptionListItemComment: + Security_Exceptions_API_UpdateExceptionListItemComment: type: object properties: comment: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' id: - $ref: '#/components/schemas/Security_Solution_Exceptions_API_NonEmptyString' + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - comment - Security_Solution_Exceptions_API_UpdateExceptionListItemCommentArray: + Security_Exceptions_API_UpdateExceptionListItemCommentArray: items: $ref: >- - #/components/schemas/Security_Solution_Exceptions_API_UpdateExceptionListItemComment + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment type: array - Security_Solution_Exceptions_API_UUID: + Security_Exceptions_API_UUID: description: A universally unique identifier format: uuid type: string - Security_Solution_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListItemsFilter: + Security_Lists_API_FindListItemsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListItemsFilter: type: string - Security_Solution_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_FindListsFilter: + Security_Lists_API_FindListsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListsFilter: type: string - Security_Solution_Lists_API_List: + Security_Lists_API_List: type: object properties: _version: @@ -39726,23 +38440,23 @@ components: created_by: type: string description: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListDescription' + $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' immutable: type: boolean meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListMetadata' + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListName' + $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: type: string tie_breaker_id: type: string type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: format: date-time type: string @@ -39763,11 +38477,11 @@ components: - created_by - updated_at - updated_by - Security_Solution_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItem: + Security_Lists_API_ListDescription: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItem: type: object properties: _version: @@ -39783,24 +38497,24 @@ components: deserializer: type: string id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemId' + $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListId' + $ref: '#/components/schemas/Security_Lists_API_ListId' meta: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemMetadata' + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' serializer: type: string tie_breaker_id: type: string type: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListType' + $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: format: date-time type: string updated_by: type: string value: - $ref: '#/components/schemas/Security_Solution_Lists_API_ListItemValue' + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - type @@ -39811,12 +38525,12 @@ components: - created_by - updated_at - updated_by - Security_Solution_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListItemMetadata: + Security_Lists_API_ListItemId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItemMetadata: additionalProperties: true type: object - Security_Solution_Lists_API_ListItemPrivileges: + Security_Lists_API_ListItemPrivileges: type: object properties: application: @@ -39843,14 +38557,14 @@ components: - cluster - index - application - Security_Solution_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListMetadata: + Security_Lists_API_ListItemValue: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListMetadata: additionalProperties: true type: object - Security_Solution_Lists_API_ListName: - $ref: '#/components/schemas/Security_Solution_Lists_API_NonEmptyString' - Security_Solution_Lists_API_ListPrivileges: + Security_Lists_API_ListName: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListPrivileges: type: object properties: application: @@ -39877,7 +38591,7 @@ components: - cluster - index - application - Security_Solution_Lists_API_ListType: + Security_Lists_API_ListType: enum: - binary - boolean @@ -39903,12 +38617,12 @@ components: - short - text type: string - Security_Solution_Lists_API_NonEmptyString: + Security_Lists_API_NonEmptyString: description: A string that is not empty and does not contain only whitespace minLength: 1 pattern: ^(?! *$).+$ type: string - Security_Solution_Lists_API_PlatformErrorResponse: + Security_Lists_API_PlatformErrorResponse: type: object properties: error: @@ -39921,7 +38635,7 @@ components: - statusCode - error - message - Security_Solution_Lists_API_SiemErrorResponse: + Security_Lists_API_SiemErrorResponse: type: object properties: message: @@ -39931,33 +38645,28 @@ components: required: - status_code - message - Security_Solution_Osquery_API_ArrayQueries: + Security_Osquery_API_ArrayQueries: items: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueriesItem' + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueriesItem' type: array - Security_Solution_Osquery_API_ArrayQueriesItem: + Security_Osquery_API_ArrayQueriesItem: type: object properties: ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' + $ref: '#/components/schemas/Security_Osquery_API_Query' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_CreateLiveQueryRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_CreateLiveQueryRequestBody: type: object properties: agent_all: @@ -39983,8 +38692,7 @@ components: type: string type: array ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' event_ids: items: type: string @@ -39993,72 +38701,62 @@ components: nullable: true type: object pack_id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackIdOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PackIdOrUndefined' queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ArrayQueries' + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueries' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined - Security_Solution_Osquery_API_CreatePacksRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' + Security_Osquery_API_CreatePacksRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' name: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackName' + $ref: '#/components/schemas/Security_Osquery_API_PackName' policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_CreateSavedQueryRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_CreateSavedQueryRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' interval: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' + $ref: '#/components/schemas/Security_Osquery_API_Interval' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_DefaultSuccessResponse: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_DefaultSuccessResponse: type: object properties: {} - Security_Solution_Osquery_API_Description: + Security_Osquery_API_Description: type: string - Security_Solution_Osquery_API_DescriptionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Description' + Security_Osquery_API_DescriptionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Description' nullable: true - Security_Solution_Osquery_API_ECSMapping: + Security_Osquery_API_ECSMapping: additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMappingItem' + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem' type: object - Security_Solution_Osquery_API_ECSMappingItem: + Security_Osquery_API_ECSMappingItem: type: object properties: field: @@ -40069,220 +38767,196 @@ components: - items: type: string type: array - Security_Solution_Osquery_API_ECSMappingOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ECSMapping' + Security_Osquery_API_ECSMappingOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' nullable: true - Security_Solution_Osquery_API_Enabled: + Security_Osquery_API_Enabled: type: boolean - Security_Solution_Osquery_API_EnabledOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Enabled' + Security_Osquery_API_EnabledOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Enabled' nullable: true - Security_Solution_Osquery_API_FindLiveQueryRequestQuery: + Security_Osquery_API_FindLiveQueryRequestQuery: type: object properties: kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindPacksRequestQuery: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindPacksRequestQuery: type: object properties: page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_FindSavedQueryRequestQuery: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindSavedQueryRequestQuery: type: object properties: page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_GetLiveQueryResultsRequestQuery: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_GetLiveQueryResultsRequestQuery: type: object properties: kuery: - $ref: '#/components/schemas/Security_Solution_Osquery_API_KueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' page: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PageOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' pageSize: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PageSizeOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' sort: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SortOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' sortOrder: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SortOrderOrUndefined - Security_Solution_Osquery_API_Id: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_Id: type: string - Security_Solution_Osquery_API_Interval: + Security_Osquery_API_Interval: type: string - Security_Solution_Osquery_API_IntervalOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Interval' + Security_Osquery_API_IntervalOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Interval' nullable: true - Security_Solution_Osquery_API_KueryOrUndefined: + Security_Osquery_API_KueryOrUndefined: nullable: true type: string - Security_Solution_Osquery_API_ObjectQueries: + Security_Osquery_API_ObjectQueries: additionalProperties: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueriesItem' + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueriesItem' type: object - Security_Solution_Osquery_API_ObjectQueriesItem: + Security_Osquery_API_ObjectQueriesItem: type: object properties: ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Id' + $ref: '#/components/schemas/Security_Osquery_API_Id' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PlatformOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' + $ref: '#/components/schemas/Security_Osquery_API_Query' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' saved_query_id: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SavedQueryIdOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_PackId: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_PackId: type: string - Security_Solution_Osquery_API_PackIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + Security_Osquery_API_PackIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PackId' nullable: true - Security_Solution_Osquery_API_PackName: + Security_Osquery_API_PackName: type: string - Security_Solution_Osquery_API_PageOrUndefined: + Security_Osquery_API_PageOrUndefined: nullable: true type: integer - Security_Solution_Osquery_API_PageSizeOrUndefined: + Security_Osquery_API_PageSizeOrUndefined: nullable: true type: integer - Security_Solution_Osquery_API_Platform: + Security_Osquery_API_Platform: type: string - Security_Solution_Osquery_API_PlatformOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Platform' + Security_Osquery_API_PlatformOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Platform' nullable: true - Security_Solution_Osquery_API_PolicyIds: + Security_Osquery_API_PolicyIds: items: type: string type: array - Security_Solution_Osquery_API_PolicyIdsOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PolicyIds' + Security_Osquery_API_PolicyIdsOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIds' nullable: true - Security_Solution_Osquery_API_Query: + Security_Osquery_API_Query: type: string - Security_Solution_Osquery_API_QueryOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Query' + Security_Osquery_API_QueryOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Query' nullable: true - Security_Solution_Osquery_API_Removed: + Security_Osquery_API_Removed: type: boolean - Security_Solution_Osquery_API_RemovedOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Removed' + Security_Osquery_API_RemovedOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Removed' nullable: true - Security_Solution_Osquery_API_SavedQueryId: + Security_Osquery_API_SavedQueryId: type: string - Security_Solution_Osquery_API_SavedQueryIdOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + Security_Osquery_API_SavedQueryIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' nullable: true - Security_Solution_Osquery_API_Shards: + Security_Osquery_API_Shards: additionalProperties: type: number type: object - Security_Solution_Osquery_API_Snapshot: + Security_Osquery_API_Snapshot: type: boolean - Security_Solution_Osquery_API_SnapshotOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Snapshot' + Security_Osquery_API_SnapshotOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Snapshot' nullable: true - Security_Solution_Osquery_API_SortOrderOrUndefined: + Security_Osquery_API_SortOrderOrUndefined: oneOf: - nullable: true type: string - enum: - asc - desc - Security_Solution_Osquery_API_SortOrUndefined: + Security_Osquery_API_SortOrUndefined: nullable: true type: string - Security_Solution_Osquery_API_UpdatePacksRequestBody: + Security_Osquery_API_UpdatePacksRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' enabled: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_EnabledOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_PackId' + $ref: '#/components/schemas/Security_Osquery_API_PackId' policy_ids: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_PolicyIdsOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' queries: - $ref: '#/components/schemas/Security_Solution_Osquery_API_ObjectQueries' + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' shards: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Shards' - Security_Solution_Osquery_API_UpdateSavedQueryRequestBody: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_UpdateSavedQueryRequestBody: type: object properties: description: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' ecs_mapping: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_ECSMappingOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' id: - $ref: '#/components/schemas/Security_Solution_Osquery_API_SavedQueryId' + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' interval: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_IntervalOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_IntervalOrUndefined' platform: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_DescriptionOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' query: - $ref: '#/components/schemas/Security_Solution_Osquery_API_QueryOrUndefined' + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' removed: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_RemovedOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' snapshot: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_SnapshotOrUndefined + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' version: - $ref: >- - #/components/schemas/Security_Solution_Osquery_API_VersionOrUndefined - Security_Solution_Osquery_API_Version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_Version: type: string - Security_Solution_Osquery_API_VersionOrUndefined: - $ref: '#/components/schemas/Security_Solution_Osquery_API_Version' + Security_Osquery_API_VersionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Version' nullable: true - Security_Solution_Timeline_API_BareNote: + Security_Timeline_API_BareNote: type: object properties: created: @@ -40308,7 +38982,7 @@ components: type: string required: - timelineId - Security_Solution_Timeline_API_ColumnHeaderResult: + Security_Timeline_API_ColumnHeaderResult: type: object properties: aggregatable: @@ -40337,7 +39011,7 @@ components: type: boolean type: type: string - Security_Solution_Timeline_API_DataProviderQueryMatch: + Security_Timeline_API_DataProviderQueryMatch: type: object properties: enabled: @@ -40356,14 +39030,13 @@ components: nullable: true type: string queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' - Security_Solution_Timeline_API_DataProviderResult: + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' + Security_Timeline_API_DataProviderResult: type: object properties: and: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderQueryMatch + $ref: '#/components/schemas/Security_Timeline_API_DataProviderQueryMatch' nullable: true type: array enabled: @@ -40382,12 +39055,12 @@ components: nullable: true type: string queryMatch: - $ref: '#/components/schemas/Security_Solution_Timeline_API_QueryMatchResult' + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' nullable: true type: - $ref: '#/components/schemas/Security_Solution_Timeline_API_DataProviderType' + $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' nullable: true - Security_Solution_Timeline_API_DataProviderType: + Security_Timeline_API_DataProviderType: description: >- The type of data provider to create. Valid values are `default` and `template`. @@ -40395,13 +39068,13 @@ components: - default - template type: string - Security_Solution_Timeline_API_DocumentIds: + Security_Timeline_API_DocumentIds: oneOf: - items: type: string type: array - type: string - Security_Solution_Timeline_API_FavoriteTimelineResponse: + Security_Timeline_API_FavoriteTimelineResponse: type: object properties: code: @@ -40409,8 +39082,7 @@ components: type: number favorite: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' type: array message: nullable: true @@ -40424,13 +39096,13 @@ components: nullable: true type: number timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' version: type: string required: - savedObjectId - version - Security_Solution_Timeline_API_FavoriteTimelineResult: + Security_Timeline_API_FavoriteTimelineResult: type: object properties: favoriteDate: @@ -40442,7 +39114,7 @@ components: userName: nullable: true type: string - Security_Solution_Timeline_API_FilterTimelineResult: + Security_Timeline_API_FilterTimelineResult: type: object properties: exists: @@ -40482,7 +39154,7 @@ components: type: string script: type: string - Security_Solution_Timeline_API_ImportTimelineResult: + Security_Timeline_API_ImportTimelineResult: type: object properties: errors: @@ -40507,19 +39179,19 @@ components: type: number timelines_updated: type: number - Security_Solution_Timeline_API_ImportTimelines: + Security_Timeline_API_ImportTimelines: allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - type: object properties: eventNotes: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + $ref: '#/components/schemas/Security_Timeline_API_BareNote' nullable: true type: array globalNotes: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + $ref: '#/components/schemas/Security_Timeline_API_BareNote' nullable: true type: array pinnedEventIds: @@ -40533,16 +39205,16 @@ components: version: nullable: true type: string - Security_Solution_Timeline_API_Note: + Security_Timeline_API_Note: allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_BareNote' + - $ref: '#/components/schemas/Security_Timeline_API_BareNote' - type: object properties: noteId: type: string version: type: string - Security_Solution_Timeline_API_PinnedEvent: + Security_Timeline_API_PinnedEvent: type: object properties: created: @@ -40570,7 +39242,7 @@ components: - pinnedEventId - timelineId - version - Security_Solution_Timeline_API_QueryMatchResult: + Security_Timeline_API_QueryMatchResult: type: object properties: displayField: @@ -40588,7 +39260,7 @@ components: value: nullable: true type: string - Security_Solution_Timeline_API_Readable: + Security_Timeline_API_Readable: type: object properties: _data: @@ -40614,7 +39286,7 @@ components: type: object readable: type: boolean - Security_Solution_Timeline_API_RowRendererId: + Security_Timeline_API_RowRendererId: enum: - alert - alerts @@ -40635,13 +39307,12 @@ components: - threat_match - zeek type: string - Security_Solution_Timeline_API_SavedTimeline: + Security_Timeline_API_SavedTimeline: type: object properties: columns: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_ColumnHeaderResult + $ref: '#/components/schemas/Security_Timeline_API_ColumnHeaderResult' nullable: true type: array created: @@ -40652,8 +39323,7 @@ components: type: string dataProviders: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_DataProviderResult + $ref: '#/components/schemas/Security_Timeline_API_DataProviderResult' nullable: true type: array dataViewId: @@ -40701,19 +39371,17 @@ components: type: string excludedRowRendererIds: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_RowRendererId' + $ref: '#/components/schemas/Security_Timeline_API_RowRendererId' nullable: true type: array favorite: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FavoriteTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' nullable: true type: array filters: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_FilterTimelineResult + $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult' nullable: true type: array indexNames: @@ -40726,7 +39394,7 @@ components: type: string kqlQuery: $ref: >- - #/components/schemas/Security_Solution_Timeline_API_SerializedFilterQueryResult + #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult nullable: true savedQueryId: nullable: true @@ -40735,7 +39403,7 @@ components: nullable: true type: string sort: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Sort' + $ref: '#/components/schemas/Security_Timeline_API_Sort' nullable: true status: enum: @@ -40751,7 +39419,7 @@ components: nullable: true type: number timelineType: - $ref: '#/components/schemas/Security_Solution_Timeline_API_TimelineType' + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' nullable: true title: nullable: true @@ -40762,7 +39430,7 @@ components: updatedBy: nullable: true type: string - Security_Solution_Timeline_API_SerializedFilterQueryResult: + Security_Timeline_API_SerializedFilterQueryResult: type: object properties: filterQuery: @@ -40782,13 +39450,13 @@ components: serializedQuery: nullable: true type: string - Security_Solution_Timeline_API_Sort: + Security_Timeline_API_Sort: oneOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' + - $ref: '#/components/schemas/Security_Timeline_API_SortObject' - items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_SortObject' + $ref: '#/components/schemas/Security_Timeline_API_SortObject' type: array - Security_Solution_Timeline_API_SortFieldTimeline: + Security_Timeline_API_SortFieldTimeline: description: The field to sort the timelines by. enum: - title @@ -40796,7 +39464,7 @@ components: - updated - created type: string - Security_Solution_Timeline_API_SortObject: + Security_Timeline_API_SortObject: type: object properties: columnId: @@ -40808,14 +39476,14 @@ components: sortDirection: nullable: true type: string - Security_Solution_Timeline_API_TimelineResponse: + Security_Timeline_API_TimelineResponse: allOf: - - $ref: '#/components/schemas/Security_Solution_Timeline_API_SavedTimeline' + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' - type: object properties: eventIdToNoteIds: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' + $ref: '#/components/schemas/Security_Timeline_API_Note' type: array noteIds: items: @@ -40823,7 +39491,7 @@ components: type: array notes: items: - $ref: '#/components/schemas/Security_Solution_Timeline_API_Note' + $ref: '#/components/schemas/Security_Timeline_API_Note' type: array pinnedEventIds: items: @@ -40831,8 +39499,7 @@ components: type: array pinnedEventsSaveObject: items: - $ref: >- - #/components/schemas/Security_Solution_Timeline_API_PinnedEvent + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' type: array savedObjectId: type: string @@ -40841,7 +39508,7 @@ components: required: - savedObjectId - version - Security_Solution_Timeline_API_TimelineStatus: + Security_Timeline_API_TimelineStatus: description: >- The status of the timeline. Valid values are `active`, `draft`, and `immutable`. @@ -40850,7 +39517,7 @@ components: - draft - immutable type: string - Security_Solution_Timeline_API_TimelineType: + Security_Timeline_API_TimelineType: description: >- The type of timeline to create. Valid values are `default` and `template`. @@ -42127,29 +40794,29 @@ tags: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. - name: Security Solution Detections API + name: Security Detections API - description: >- Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Endpoint Exceptions API + name: Security Endpoint Exceptions API - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Solution Endpoint Management API + name: Security Endpoint Management API - description: '' - name: Security Solution Entity Analytics API + name: Security Entity Analytics API - description: >- Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Exceptions API + name: Security Exceptions API - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - name: Security Solution Lists API + name: Security Lists API - description: 'Run live queries, manage packs and saved queries.' - name: Security Solution Osquery API + name: Security Osquery API - description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. - name: Security Solution Timeline API + name: Security Timeline API - description: 'SLO APIs enable you to define, manage and track service-level objectives' name: slo - name: system diff --git a/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml index 293bcb5a440c9..fa4119b9cf590 100644 --- a/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: Endpoint Exceptions API allow you to manage Endpoint lists. - title: Security Solution Endpoint Exceptions API (Elastic Cloud and self-hosted) + title: Security Endpoint Exceptions API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -50,7 +50,7 @@ paths: description: Internal server error summary: Creates an endpoint list tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items: delete: operationId: DeleteEndpointListItem @@ -108,7 +108,7 @@ paths: description: Internal server error summary: Deletes an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API get: operationId: ReadEndpointListItem parameters: @@ -167,7 +167,7 @@ paths: description: Internal server error summary: Reads an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API post: operationId: CreateEndpointListItem requestBody: @@ -245,7 +245,7 @@ paths: description: Internal server error summary: Creates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API put: operationId: UpdateEndpointListItem requestBody: @@ -328,7 +328,7 @@ paths: description: Internal server error summary: Updates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items/_find: get: operationId: FindEndpointListItems @@ -434,7 +434,7 @@ paths: description: Internal server error summary: Finds endpoint list items tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API components: schemas: EndpointList: @@ -868,4 +868,4 @@ tags: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Endpoint Exceptions API + name: Security Endpoint Exceptions API diff --git a/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml index 3c6a6d329af18..00cbd18faa832 100644 --- a/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/security_solution_endpoint_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: Endpoint Exceptions API allow you to manage Endpoint lists. - title: Security Solution Endpoint Exceptions API (Elastic Cloud Serverless) + title: Security Endpoint Exceptions API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -50,7 +50,7 @@ paths: description: Internal server error summary: Creates an endpoint list tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items: delete: operationId: DeleteEndpointListItem @@ -108,7 +108,7 @@ paths: description: Internal server error summary: Deletes an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API get: operationId: ReadEndpointListItem parameters: @@ -167,7 +167,7 @@ paths: description: Internal server error summary: Reads an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API post: operationId: CreateEndpointListItem requestBody: @@ -245,7 +245,7 @@ paths: description: Internal server error summary: Creates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API put: operationId: UpdateEndpointListItem requestBody: @@ -328,7 +328,7 @@ paths: description: Internal server error summary: Updates an endpoint list item tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API /api/endpoint_list/items/_find: get: operationId: FindEndpointListItems @@ -434,7 +434,7 @@ paths: description: Internal server error summary: Finds endpoint list items tags: - - Security Solution Endpoint Exceptions API + - Security Endpoint Exceptions API components: schemas: EndpointList: @@ -868,4 +868,4 @@ tags: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Endpoint Exceptions API + name: Security Endpoint Exceptions API diff --git a/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_bundle.js index 1c394ce1106ac..edd9cb25f6d44 100644 --- a/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-endpoint-exceptions-common/scripts/openapi_bundle.js @@ -24,12 +24,12 @@ const ROOT = resolve(__dirname, '..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Endpoint Exceptions API (Elastic Cloud Serverless)', + title: 'Security Endpoint Exceptions API (Elastic Cloud Serverless)', description: 'Endpoint Exceptions API allow you to manage Endpoint lists.', }, tags: [ { - name: 'Security Solution Endpoint Exceptions API', + name: 'Security Endpoint Exceptions API', description: "Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, @@ -48,12 +48,12 @@ const ROOT = resolve(__dirname, '..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Endpoint Exceptions API (Elastic Cloud and self-hosted)', + title: 'Security Endpoint Exceptions API (Elastic Cloud and self-hosted)', description: 'Endpoint Exceptions API allow you to manage Endpoint lists.', }, tags: [ { - name: 'Security Solution Endpoint Exceptions API', + name: 'Security Endpoint Exceptions API', description: "Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 8acc028520f11..1a847d16dfbad 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -4,7 +4,7 @@ info: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - title: Security Solution Exceptions API (Elastic Cloud and self-hosted) + title: Security Exceptions API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -75,7 +75,7 @@ paths: description: Internal server error response summary: Creates rule exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists: delete: operationId: DeleteExceptionList @@ -139,7 +139,7 @@ paths: description: Internal server error response summary: Deletes an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionList parameters: @@ -202,7 +202,7 @@ paths: description: Internal server error response summary: Retrieves an exception list using its `id` or `list_id` field tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionList requestBody: @@ -279,7 +279,7 @@ paths: description: Internal server error response summary: Creates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionList requestBody: @@ -359,7 +359,7 @@ paths: description: Internal server error response summary: Updates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_duplicate: post: operationId: DuplicateExceptionList @@ -428,7 +428,7 @@ paths: description: Internal server error response summary: Duplicates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_export: post: description: Exports an exception list and its associated items to an .ndjson file @@ -508,7 +508,7 @@ paths: description: Internal server error response summary: Exports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_find: get: operationId: FindExceptionLists @@ -628,7 +628,7 @@ paths: description: Internal server error response summary: Finds exception lists tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_import: post: description: Imports an exception list and associated items @@ -744,7 +744,7 @@ paths: description: Internal server error response summary: Imports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items: delete: operationId: DeleteExceptionListItem @@ -808,7 +808,7 @@ paths: description: Internal server error response summary: Deletes an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionListItem parameters: @@ -871,7 +871,7 @@ paths: description: Internal server error response summary: Gets an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionListItem requestBody: @@ -958,7 +958,7 @@ paths: description: Internal server error response summary: Creates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionListItem requestBody: @@ -1049,7 +1049,7 @@ paths: description: Internal server error response summary: Updates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items/_find: get: operationId: FindExceptionListItems @@ -1185,7 +1185,7 @@ paths: description: Internal server error response summary: Finds exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/summary: get: operationId: ReadExceptionListSummary @@ -1268,7 +1268,7 @@ paths: description: Internal server error response summary: Retrieves an exception list summary tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exceptions/shared: post: operationId: CreateSharedExceptionList @@ -1327,7 +1327,7 @@ paths: description: Internal server error response summary: Creates a shared exception list tags: - - Security Solution Exceptions API + - Security Exceptions API components: schemas: CreateExceptionListItemComment: @@ -1857,4 +1857,4 @@ tags: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Exceptions API + name: Security Exceptions API diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index cd104baacda20..01fb14336d17d 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -4,7 +4,7 @@ info: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - title: Security Solution Exceptions API (Elastic Cloud Serverless) + title: Security Exceptions API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -75,7 +75,7 @@ paths: description: Internal server error response summary: Creates rule exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists: delete: operationId: DeleteExceptionList @@ -139,7 +139,7 @@ paths: description: Internal server error response summary: Deletes an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionList parameters: @@ -202,7 +202,7 @@ paths: description: Internal server error response summary: Retrieves an exception list using its `id` or `list_id` field tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionList requestBody: @@ -279,7 +279,7 @@ paths: description: Internal server error response summary: Creates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionList requestBody: @@ -359,7 +359,7 @@ paths: description: Internal server error response summary: Updates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_duplicate: post: operationId: DuplicateExceptionList @@ -428,7 +428,7 @@ paths: description: Internal server error response summary: Duplicates an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_export: post: description: Exports an exception list and its associated items to an .ndjson file @@ -508,7 +508,7 @@ paths: description: Internal server error response summary: Exports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_find: get: operationId: FindExceptionLists @@ -628,7 +628,7 @@ paths: description: Internal server error response summary: Finds exception lists tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/_import: post: description: Imports an exception list and associated items @@ -744,7 +744,7 @@ paths: description: Internal server error response summary: Imports an exception list tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items: delete: operationId: DeleteExceptionListItem @@ -808,7 +808,7 @@ paths: description: Internal server error response summary: Deletes an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API get: operationId: ReadExceptionListItem parameters: @@ -871,7 +871,7 @@ paths: description: Internal server error response summary: Gets an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API post: operationId: CreateExceptionListItem requestBody: @@ -958,7 +958,7 @@ paths: description: Internal server error response summary: Creates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API put: operationId: UpdateExceptionListItem requestBody: @@ -1049,7 +1049,7 @@ paths: description: Internal server error response summary: Updates an exception list item tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/items/_find: get: operationId: FindExceptionListItems @@ -1185,7 +1185,7 @@ paths: description: Internal server error response summary: Finds exception list items tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exception_lists/summary: get: operationId: ReadExceptionListSummary @@ -1268,7 +1268,7 @@ paths: description: Internal server error response summary: Retrieves an exception list summary tags: - - Security Solution Exceptions API + - Security Exceptions API /api/exceptions/shared: post: operationId: CreateSharedExceptionList @@ -1327,7 +1327,7 @@ paths: description: Internal server error response summary: Creates a shared exception list tags: - - Security Solution Exceptions API + - Security Exceptions API components: schemas: CreateExceptionListItemComment: @@ -1857,4 +1857,4 @@ tags: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. - name: Security Solution Exceptions API + name: Security Exceptions API diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index 718f28560e094..edbe0f14ed75f 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -24,13 +24,13 @@ const ROOT = resolve(__dirname, '..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Exceptions API (Elastic Cloud Serverless)', + title: 'Security Exceptions API (Elastic Cloud Serverless)', description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, tags: [ { - name: 'Security Solution Exceptions API', + name: 'Security Exceptions API', description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, @@ -49,13 +49,13 @@ const ROOT = resolve(__dirname, '..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Exceptions API (Elastic Cloud and self-hosted)', + title: 'Security Exceptions API (Elastic Cloud and self-hosted)', description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, tags: [ { - name: 'Security Solution Exceptions API', + name: 'Security Exceptions API', description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml index 7fdb215489101..e56258d2f9da6 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - title: Security Solution Lists API (Elastic Cloud and self-hosted) + title: Security Lists API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -74,7 +74,7 @@ paths: description: Internal server error response summary: Deletes a list tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadList parameters: @@ -125,7 +125,7 @@ paths: description: Internal server error response summary: Retrieves a list using its id field tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchList requestBody: @@ -192,7 +192,7 @@ paths: description: Internal server error response summary: Patches a list tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateList requestBody: @@ -266,7 +266,7 @@ paths: description: Internal server error response summary: Creates a list tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateList requestBody: @@ -335,7 +335,7 @@ paths: description: Internal server error response summary: Updates a list tags: - - Security Solution Lists API + - Security Lists API /api/lists/_find: get: operationId: FindLists @@ -448,7 +448,7 @@ paths: description: Internal server error response summary: Finds lists tags: - - Security Solution Lists API + - Security Lists API /api/lists/index: delete: operationId: DeleteListIndex @@ -498,7 +498,7 @@ paths: description: Internal server error response summary: Deletes list data streams tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListIndex responses: @@ -550,7 +550,7 @@ paths: description: Internal server error response summary: Get list data stream existence status tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListIndex responses: @@ -599,7 +599,7 @@ paths: description: Internal server error response summary: Creates necessary list data streams tags: - - Security Solution Lists API + - Security Lists API /api/lists/items: delete: operationId: DeleteListItem @@ -680,7 +680,7 @@ paths: description: Internal server error response summary: Deletes a list item tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListItem parameters: @@ -747,7 +747,7 @@ paths: description: Internal server error response summary: Gets a list item tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchListItem requestBody: @@ -818,7 +818,7 @@ paths: description: Internal server error response summary: Patches a list item tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListItem requestBody: @@ -890,7 +890,7 @@ paths: description: Internal server error response summary: Creates a list item tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateListItem requestBody: @@ -953,7 +953,7 @@ paths: description: Internal server error response summary: Updates a list item tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_export: post: description: Exports list item values from the specified list @@ -1008,7 +1008,7 @@ paths: description: Internal server error response summary: Exports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_find: get: operationId: FindListItems @@ -1127,7 +1127,7 @@ paths: description: Internal server error response summary: Finds list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_import: post: description: > @@ -1234,7 +1234,7 @@ paths: description: Internal server error response summary: Imports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/privileges: get: operationId: ReadListPrivileges @@ -1284,7 +1284,7 @@ paths: description: Internal server error response summary: Gets list privileges tags: - - Security Solution Lists API + - Security Lists API components: schemas: FindListItemsCursor: @@ -1522,4 +1522,4 @@ security: - BasicAuth: [] tags: - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - name: Security Solution Lists API + name: Security Lists API diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml index c55ffe963a607..cc98f9dcb9450 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - title: Security Solution Lists API (Elastic Cloud Serverless) + title: Security Lists API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -74,7 +74,7 @@ paths: description: Internal server error response summary: Deletes a list tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadList parameters: @@ -125,7 +125,7 @@ paths: description: Internal server error response summary: Retrieves a list using its id field tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchList requestBody: @@ -192,7 +192,7 @@ paths: description: Internal server error response summary: Patches a list tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateList requestBody: @@ -266,7 +266,7 @@ paths: description: Internal server error response summary: Creates a list tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateList requestBody: @@ -335,7 +335,7 @@ paths: description: Internal server error response summary: Updates a list tags: - - Security Solution Lists API + - Security Lists API /api/lists/_find: get: operationId: FindLists @@ -448,7 +448,7 @@ paths: description: Internal server error response summary: Finds lists tags: - - Security Solution Lists API + - Security Lists API /api/lists/index: delete: operationId: DeleteListIndex @@ -498,7 +498,7 @@ paths: description: Internal server error response summary: Deletes list data streams tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListIndex responses: @@ -550,7 +550,7 @@ paths: description: Internal server error response summary: Get list data stream existence status tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListIndex responses: @@ -599,7 +599,7 @@ paths: description: Internal server error response summary: Creates necessary list data streams tags: - - Security Solution Lists API + - Security Lists API /api/lists/items: delete: operationId: DeleteListItem @@ -680,7 +680,7 @@ paths: description: Internal server error response summary: Deletes a list item tags: - - Security Solution Lists API + - Security Lists API get: operationId: ReadListItem parameters: @@ -747,7 +747,7 @@ paths: description: Internal server error response summary: Gets a list item tags: - - Security Solution Lists API + - Security Lists API patch: operationId: PatchListItem requestBody: @@ -818,7 +818,7 @@ paths: description: Internal server error response summary: Patches a list item tags: - - Security Solution Lists API + - Security Lists API post: operationId: CreateListItem requestBody: @@ -890,7 +890,7 @@ paths: description: Internal server error response summary: Creates a list item tags: - - Security Solution Lists API + - Security Lists API put: operationId: UpdateListItem requestBody: @@ -953,7 +953,7 @@ paths: description: Internal server error response summary: Updates a list item tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_export: post: description: Exports list item values from the specified list @@ -1008,7 +1008,7 @@ paths: description: Internal server error response summary: Exports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_find: get: operationId: FindListItems @@ -1127,7 +1127,7 @@ paths: description: Internal server error response summary: Finds list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/items/_import: post: description: > @@ -1234,7 +1234,7 @@ paths: description: Internal server error response summary: Imports list items tags: - - Security Solution Lists API + - Security Lists API /api/lists/privileges: get: operationId: ReadListPrivileges @@ -1284,7 +1284,7 @@ paths: description: Internal server error response summary: Gets list privileges tags: - - Security Solution Lists API + - Security Lists API components: schemas: FindListItemsCursor: @@ -1522,4 +1522,4 @@ security: - BasicAuth: [] tags: - description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.' - name: Security Solution Lists API + name: Security Lists API diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index 3d16d8272d7e4..2f809aa1f5ee2 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -24,12 +24,12 @@ const ROOT = resolve(__dirname, '..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Lists API (Elastic Cloud Serverless)', + title: 'Security Lists API (Elastic Cloud Serverless)', description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', }, tags: [ { - name: 'Security Solution Lists API', + name: 'Security Lists API', description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', }, @@ -48,12 +48,12 @@ const ROOT = resolve(__dirname, '..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Lists API (Elastic Cloud and self-hosted)', + title: 'Security Lists API (Elastic Cloud and self-hosted)', description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', }, tags: [ { - name: 'Security Solution Lists API', + name: 'Security Lists API', description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', }, diff --git a/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml index 4f6933aef5f2f..9079f12e92a3d 100644 --- a/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: 'Run live queries, manage packs and saved queries.' - title: Security Solution Osquery API (Elastic Cloud and self-hosted) + title: Security Osquery API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -30,7 +30,7 @@ paths: description: OK summary: Get live queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a live query. operationId: OsqueryCreateLiveQuery @@ -49,7 +49,7 @@ paths: description: OK summary: Create a live query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}': get: description: Get the details of a live query using the query ID. @@ -74,7 +74,7 @@ paths: description: OK summary: Get live query details tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}/results/{actionId}': get: description: Get the results of a live query using the query action ID. @@ -104,7 +104,7 @@ paths: description: OK summary: Get live query results tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/packs: get: description: Get a list of all query packs. @@ -124,7 +124,7 @@ paths: description: OK summary: Get packs tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create a query pack. operationId: OsqueryCreatePacks @@ -143,7 +143,7 @@ paths: description: OK summary: Create a pack tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/packs/{id}': delete: description: Delete a query pack using the pack ID. @@ -163,7 +163,7 @@ paths: description: OK summary: Delete a pack tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a query pack using the pack ID. operationId: OsqueryGetPacksDetails @@ -182,7 +182,7 @@ paths: description: OK summary: Get pack details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a query pack using the pack ID. @@ -210,7 +210,7 @@ paths: description: OK summary: Update a pack tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/saved_queries: get: description: Get a list of all saved queries. @@ -230,7 +230,7 @@ paths: description: OK summary: Get saved queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a saved query. operationId: OsqueryCreateSavedQuery @@ -249,7 +249,7 @@ paths: description: OK summary: Create a saved query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/saved_queries/{id}': delete: description: Delete a saved query using the query ID. @@ -269,7 +269,7 @@ paths: description: OK summary: Delete a saved query tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a saved query using the query ID. operationId: OsqueryGetSavedQueryDetails @@ -288,7 +288,7 @@ paths: description: OK summary: Get saved query details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a saved query using the query ID. @@ -316,7 +316,7 @@ paths: description: OK summary: Update a saved query tags: - - Security Solution Osquery API + - Security Osquery API components: schemas: ArrayQueries: @@ -638,4 +638,4 @@ security: - BasicAuth: [] tags: - description: 'Run live queries, manage packs and saved queries.' - name: Security Solution Osquery API + name: Security Osquery API diff --git a/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml index 836298b2e7cba..8c63ad1b3b64f 100644 --- a/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: 'Run live queries, manage packs and saved queries.' - title: Security Solution Osquery API (Elastic Cloud Serverless) + title: Security Osquery API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -30,7 +30,7 @@ paths: description: OK summary: Get live queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a live query. operationId: OsqueryCreateLiveQuery @@ -49,7 +49,7 @@ paths: description: OK summary: Create a live query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}': get: description: Get the details of a live query using the query ID. @@ -74,7 +74,7 @@ paths: description: OK summary: Get live query details tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/live_queries/{id}/results/{actionId}': get: description: Get the results of a live query using the query action ID. @@ -104,7 +104,7 @@ paths: description: OK summary: Get live query results tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/packs: get: description: Get a list of all query packs. @@ -124,7 +124,7 @@ paths: description: OK summary: Get packs tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create a query pack. operationId: OsqueryCreatePacks @@ -143,7 +143,7 @@ paths: description: OK summary: Create a pack tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/packs/{id}': delete: description: Delete a query pack using the pack ID. @@ -163,7 +163,7 @@ paths: description: OK summary: Delete a pack tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a query pack using the pack ID. operationId: OsqueryGetPacksDetails @@ -182,7 +182,7 @@ paths: description: OK summary: Get pack details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a query pack using the pack ID. @@ -210,7 +210,7 @@ paths: description: OK summary: Update a pack tags: - - Security Solution Osquery API + - Security Osquery API /api/osquery/saved_queries: get: description: Get a list of all saved queries. @@ -230,7 +230,7 @@ paths: description: OK summary: Get saved queries tags: - - Security Solution Osquery API + - Security Osquery API post: description: Create and run a saved query. operationId: OsqueryCreateSavedQuery @@ -249,7 +249,7 @@ paths: description: OK summary: Create a saved query tags: - - Security Solution Osquery API + - Security Osquery API '/api/osquery/saved_queries/{id}': delete: description: Delete a saved query using the query ID. @@ -269,7 +269,7 @@ paths: description: OK summary: Delete a saved query tags: - - Security Solution Osquery API + - Security Osquery API get: description: Get the details of a saved query using the query ID. operationId: OsqueryGetSavedQueryDetails @@ -288,7 +288,7 @@ paths: description: OK summary: Get saved query details tags: - - Security Solution Osquery API + - Security Osquery API put: description: | Update a saved query using the query ID. @@ -316,7 +316,7 @@ paths: description: OK summary: Update a saved query tags: - - Security Solution Osquery API + - Security Osquery API components: schemas: ArrayQueries: @@ -638,4 +638,4 @@ security: - BasicAuth: [] tags: - description: 'Run live queries, manage packs and saved queries.' - name: Security Solution Osquery API + name: Security Osquery API diff --git a/x-pack/plugins/osquery/scripts/openapi/bundle.js b/x-pack/plugins/osquery/scripts/openapi/bundle.js index 519b83bcc8a56..cc9e1dc93b66d 100644 --- a/x-pack/plugins/osquery/scripts/openapi/bundle.js +++ b/x-pack/plugins/osquery/scripts/openapi/bundle.js @@ -22,12 +22,12 @@ const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Osquery API (Elastic Cloud Serverless)', + title: 'Security Osquery API (Elastic Cloud Serverless)', description: 'Run live queries, manage packs and saved queries.', }, tags: [ { - name: 'Security Solution Osquery API', + name: 'Security Osquery API', description: 'Run live queries, manage packs and saved queries.', }, ], @@ -43,12 +43,12 @@ const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Osquery API (Elastic Cloud and self-hosted)', + title: 'Security Osquery API (Elastic Cloud and self-hosted)', description: 'Run live queries, manage packs and saved queries.', }, tags: [ { - name: 'Security Solution Osquery API', + name: 'Security Osquery API', description: 'Run live queries, manage packs and saved queries.', }, ], diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 9642a2129ba60..67aaf42b6a5e7 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -4,7 +4,7 @@ info: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. - title: Security Solution Detections API (Elastic Cloud and self-hosted) + title: Security Detections API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -55,7 +55,7 @@ paths: description: Internal server error response summary: Delete an alerts index tags: - - Security Solution Detections API + - Security Detections API - Alert index API get: operationId: ReadAlertsIndex @@ -101,7 +101,7 @@ paths: description: Internal server error response summary: Reads the alert index name if it exists tags: - - Security Solution Detections API + - Security Detections API - Alert index API post: operationId: CreateAlertsIndex @@ -143,7 +143,7 @@ paths: description: Internal server error response summary: Create an alerts index tags: - - Security Solution Detections API + - Security Detections API - Alert index API /api/detection_engine/privileges: get: @@ -186,7 +186,7 @@ paths: description: Internal server error response summary: Returns user privileges for the Kibana space tags: - - Security Solution Detections API + - Security Detections API - Privileges API /api/detection_engine/rules: delete: @@ -214,7 +214,7 @@ paths: description: Indicates a successful call. summary: Delete a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API get: description: Retrieve a detection rule using the `rule_id` or `id` field. @@ -241,7 +241,7 @@ paths: description: Indicates a successful call. summary: Retrieve a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API patch: description: >- @@ -263,7 +263,7 @@ paths: description: Indicates a successful call. summary: Patch a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API post: description: Create a new detection rule. @@ -283,7 +283,7 @@ paths: description: Indicates a successful call. summary: Create a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API put: description: > @@ -309,7 +309,7 @@ paths: description: Indicates a successful call. summary: Update a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_bulk_action: post: @@ -348,7 +348,7 @@ paths: description: OK summary: Apply a bulk action to detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_bulk_create: post: @@ -373,7 +373,7 @@ paths: description: Indicates a successful call. summary: Create multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_bulk_delete: delete: @@ -425,7 +425,7 @@ paths: description: Internal server error response summary: Delete multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API post: deprecated: true @@ -476,7 +476,7 @@ paths: description: Internal server error response summary: Delete multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_bulk_update: patch: @@ -503,7 +503,7 @@ paths: description: Indicates a successful call. summary: Patch multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API put: deprecated: true @@ -535,7 +535,7 @@ paths: description: Indicates a successful call. summary: Update multiple detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_export: post: @@ -599,7 +599,7 @@ paths: description: Indicates a successful call. summary: Export detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API /api/detection_engine/rules/_find: get: @@ -674,7 +674,7 @@ paths: description: Successful response summary: List all detection rules tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_import: post: @@ -789,7 +789,7 @@ paths: description: Indicates a successful call. summary: Import detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API /api/detection_engine/rules/prepackaged: put: @@ -827,7 +827,7 @@ paths: description: Indicates a successful call summary: Install prebuilt detection rules and Timelines tags: - - Security Solution Detections API + - Security Detections API - Prebuilt Rules API /api/detection_engine/rules/prepackaged/_status: get: @@ -886,7 +886,7 @@ paths: description: Indicates a successful call summary: Retrieve the status of prebuilt detection rules and Timelines tags: - - Security Solution Detections API + - Security Detections API - Prebuilt Rules API /api/detection_engine/rules/preview: post: @@ -975,7 +975,7 @@ paths: description: Internal server error response summary: Preview rule alerts generated on specified time range tags: - - Security Solution Detections API + - Security Detections API - Rule preview API /api/detection_engine/signals/assignees: post: @@ -1007,7 +1007,7 @@ paths: description: Invalid request. summary: Assign and unassign users from detection alerts tags: - - Security Solution Detections API + - Security Detections API /api/detection_engine/signals/finalize_migration: post: description: > @@ -1065,7 +1065,7 @@ paths: description: Internal server error response summary: Finalize detection alert migrations tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API /api/detection_engine/signals/migration: delete: @@ -1133,7 +1133,7 @@ paths: description: Internal server error response summary: Clean up detection alert migrations tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API post: description: > @@ -1200,7 +1200,7 @@ paths: description: Internal server error response summary: Initiate a detection alert migration tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API /api/detection_engine/signals/migration_status: post: @@ -1258,7 +1258,7 @@ paths: description: Internal server error response summary: Retrieve the status of detection alert migrations tags: - - Security Solution Detections API + - Security Detections API - Alerts migration API /api/detection_engine/signals/search: post: @@ -1331,7 +1331,7 @@ paths: description: Internal server error response summary: Find and/or aggregate detection alerts tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/status: post: @@ -1379,7 +1379,7 @@ paths: description: Internal server error response summary: Set a detection alert status tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/tags: post: @@ -1436,7 +1436,7 @@ paths: description: Internal server error response summary: Add and remove detection alert tags tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/tags: get: @@ -1451,7 +1451,7 @@ paths: description: Indicates a successful call summary: List all detection rule tags tags: - - Security Solution Detections API + - Security Detections API - Tags API components: schemas: @@ -6999,4 +6999,4 @@ tags: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. - name: Security Solution Detections API + name: Security Detections API diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index d2f297b6109fa..45c7d0d7b6683 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: Interact with and manage endpoints running the Elastic Defend integration. - title: Security Solution Endpoint Management API (Elastic Cloud and self-hosted) + title: Security Endpoint Management API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -30,7 +30,7 @@ paths: description: OK summary: Get response actions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action_log/{agent_id}': get: deprecated: true @@ -56,7 +56,7 @@ paths: description: OK summary: Get an action request log tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -79,7 +79,7 @@ paths: description: OK summary: Get response actions status tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}': get: description: Get the details of a response action using the action ID. @@ -99,7 +99,7 @@ paths: description: OK summary: Get action details tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}': get: description: Get information for the specified file using the file ID. @@ -124,7 +124,7 @@ paths: description: OK summary: Get file information tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}/download': get: description: Download a file from an endpoint. @@ -149,7 +149,7 @@ paths: description: OK summary: Download a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/execute: post: description: Run a shell command on an endpoint. @@ -169,7 +169,7 @@ paths: description: OK summary: Run a command tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/get_file: post: description: Get a file from an endpoint. @@ -189,7 +189,7 @@ paths: description: OK summary: Get a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/isolate: post: description: >- @@ -211,7 +211,7 @@ paths: description: OK summary: Isolate an endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/kill_process: post: description: Terminate a running process on an endpoint. @@ -231,7 +231,7 @@ paths: description: OK summary: Terminate a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/running_procs: post: description: Get a list of all processes running on an endpoint. @@ -251,7 +251,7 @@ paths: description: OK summary: Get running processes tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/scan: post: description: Scan a specific file or directory on an endpoint for malware. @@ -271,7 +271,7 @@ paths: description: OK summary: Scan a file or directory tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/state: get: description: >- @@ -287,7 +287,7 @@ paths: description: OK summary: Get actions state tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/suspend_process: post: description: Suspend a running process on an endpoint. @@ -307,7 +307,7 @@ paths: description: OK summary: Suspend a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/unisolate: post: description: 'Release an isolated endpoint, allowing it to rejoin a network.' @@ -327,7 +327,7 @@ paths: description: OK summary: Release an isolated endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/upload: post: description: Upload a file to an endpoint. @@ -347,7 +347,7 @@ paths: description: OK summary: Upload a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/isolate: post: deprecated: true @@ -397,7 +397,7 @@ paths: type: string summary: Isolate an endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -416,7 +416,7 @@ paths: description: OK summary: Get a metadata list tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/metadata/{id}': get: operationId: GetEndpointMetadata @@ -435,7 +435,7 @@ paths: description: OK summary: Get metadata tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata/transforms: get: operationId: GetEndpointMetadataTransform @@ -448,7 +448,7 @@ paths: description: OK summary: Get metadata transforms tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -470,7 +470,7 @@ paths: description: OK summary: Get a policy response tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy/summaries: get: deprecated: true @@ -496,7 +496,7 @@ paths: description: OK summary: Get an agent policy summary tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/protection_updates_note/{package_policy_id}': get: operationId: GetProtectionUpdatesNote @@ -515,7 +515,7 @@ paths: description: OK summary: Get a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API post: operationId: CreateUpdateProtectionUpdatesNote parameters: @@ -542,7 +542,7 @@ paths: description: OK summary: Create or update a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/suggestions/{suggestion_type}': post: operationId: GetEndpointSuggestions @@ -578,7 +578,7 @@ paths: description: OK summary: Get suggestions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/unisolate: post: deprecated: true @@ -628,7 +628,7 @@ paths: type: string summary: Release an isolated endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API components: schemas: ActionLogRequestQuery: @@ -1135,4 +1135,4 @@ security: - BasicAuth: [] tags: - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Solution Endpoint Management API + name: Security Endpoint Management API diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index f01ba154f67a9..2f8206929514f 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: '' - title: Security Solution Entity Analytics API (Elastic Cloud and self-hosted) + title: Security Entity Analytics API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -59,7 +59,7 @@ paths: description: Invalid request summary: Delete Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: description: Get the criticality record for a specific asset. operationId: GetAssetCriticalityRecord @@ -90,7 +90,7 @@ paths: description: Criticality record not found summary: Get Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API post: description: Create or update a criticality record for a specific asset. operationId: CreateAssetCriticalityRecord @@ -121,7 +121,7 @@ paths: description: Invalid request summary: Upsert Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/bulk: post: description: >- @@ -179,7 +179,7 @@ paths: description: File too large summary: Bulk Upsert Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/list: get: description: 'List asset criticality records, paging, sorting and filtering as needed.' @@ -255,7 +255,7 @@ paths: description: Bulk upload successful summary: List Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/entity_store/engines: get: operationId: ListEntityEngines @@ -275,7 +275,7 @@ paths: description: Successful response summary: List the Entity Engines tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}': delete: operationId: DeleteEntityEngine @@ -304,7 +304,7 @@ paths: description: Successful response summary: Delete the Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: operationId: GetEntityEngine parameters: @@ -323,7 +323,7 @@ paths: description: Successful response summary: Get an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/init': post: operationId: InitEntityEngine @@ -355,7 +355,7 @@ paths: description: Successful response summary: Initialize an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/start': post: operationId: StartEntityEngine @@ -378,7 +378,7 @@ paths: description: Successful response summary: Start an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stats': post: operationId: GetEntityEngineStats @@ -413,7 +413,7 @@ paths: description: Successful response summary: Get Entity Engine stats tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stop': post: operationId: StopEntityEngine @@ -436,7 +436,7 @@ paths: description: Successful response summary: Stop an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/entity_store/entities/list: get: description: 'List entities records, paging, sorting and filtering as needed.' @@ -512,7 +512,7 @@ paths: description: Entities returned successfully summary: List Entity Store Entities tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: operationId: ScheduleRiskEngineNow @@ -540,7 +540,7 @@ paths: description: Unexpected error summary: Schedule the risk engine to run as soon as possible tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API components: schemas: AssetCriticalityBulkUploadErrorItem: @@ -836,4 +836,4 @@ security: - BasicAuth: [] tags: - description: '' - name: Security Solution Entity Analytics API + name: Security Entity Analytics API diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml index e658a2df0284c..5161e63ec7b15 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml @@ -3,7 +3,7 @@ info: description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. - title: Security Solution Timeline API (Elastic Cloud and self-hosted) + title: Security Timeline API (Elastic Cloud and self-hosted) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -51,7 +51,7 @@ paths: description: Indicates the note was successfully deleted. summary: Deletes a note from a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: description: Gets notes @@ -97,7 +97,7 @@ paths: description: Indicates the requested notes were returned. summary: Get all notes for a given document. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: operationId: PersistNoteRoute @@ -161,7 +161,7 @@ paths: description: Indicates the note was successfully created. summary: Persists a note to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/pinned_event: patch: @@ -210,7 +210,7 @@ paths: description: Indicate the event was successfully pinned in the timeline. summary: Persists a pinned event to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline: delete: @@ -255,7 +255,7 @@ paths: description: Indicates the timeline was successfully deleted. summary: Deletes one or more timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: operationId: GetTimeline @@ -292,7 +292,7 @@ paths: Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: description: >- @@ -360,7 +360,7 @@ paths: a draft timeline. summary: Updates an existing timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: operationId: CreateTimelines @@ -429,7 +429,7 @@ paths: description: Indicates that there was an error in the timeline creation. summary: Creates a new timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_draft: get: @@ -494,7 +494,7 @@ paths: Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: description: > @@ -568,7 +568,7 @@ paths: timelineId. summary: Retrieves a draft timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_export: post: @@ -614,7 +614,7 @@ paths: description: Indicates that the export size limit was exceeded summary: Exports timelines as an NDJSON file tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_favorite: patch: @@ -676,7 +676,7 @@ paths: the favorite status. summary: Persists a given users favorite status of a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_import: post: @@ -766,7 +766,7 @@ paths: description: Indicates the import of timelines was unsuccessful. summary: Imports timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_prepackaged: post: @@ -824,7 +824,7 @@ paths: unsuccessful. summary: Installs prepackaged timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/resolve: get: @@ -864,7 +864,7 @@ paths: description: The (template) timeline was not found summary: Get an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timelines: get: @@ -969,7 +969,7 @@ paths: This API is used to retrieve a list of existing saved timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' components: schemas: @@ -1551,4 +1551,4 @@ tags: - description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. - name: Security Solution Timeline API + name: Security Timeline API diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 410d27479e19f..f5c7d812f560c 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -4,7 +4,7 @@ info: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. - title: Security Solution Detections API (Elastic Cloud Serverless) + title: Security Detections API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -55,7 +55,7 @@ paths: description: Internal server error response summary: Returns user privileges for the Kibana space tags: - - Security Solution Detections API + - Security Detections API - Privileges API /api/detection_engine/rules: delete: @@ -83,7 +83,7 @@ paths: description: Indicates a successful call. summary: Delete a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API get: description: Retrieve a detection rule using the `rule_id` or `id` field. @@ -110,7 +110,7 @@ paths: description: Indicates a successful call. summary: Retrieve a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API patch: description: >- @@ -132,7 +132,7 @@ paths: description: Indicates a successful call. summary: Patch a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API post: description: Create a new detection rule. @@ -152,7 +152,7 @@ paths: description: Indicates a successful call. summary: Create a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API put: description: > @@ -178,7 +178,7 @@ paths: description: Indicates a successful call. summary: Update a detection rule tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_bulk_action: post: @@ -217,7 +217,7 @@ paths: description: OK summary: Apply a bulk action to detection rules tags: - - Security Solution Detections API + - Security Detections API - Bulk API /api/detection_engine/rules/_export: post: @@ -281,7 +281,7 @@ paths: description: Indicates a successful call. summary: Export detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API /api/detection_engine/rules/_find: get: @@ -356,7 +356,7 @@ paths: description: Successful response summary: List all detection rules tags: - - Security Solution Detections API + - Security Detections API - Rules API /api/detection_engine/rules/_import: post: @@ -471,7 +471,7 @@ paths: description: Indicates a successful call. summary: Import detection rules tags: - - Security Solution Detections API + - Security Detections API - Import/Export API /api/detection_engine/rules/preview: post: @@ -560,7 +560,7 @@ paths: description: Internal server error response summary: Preview rule alerts generated on specified time range tags: - - Security Solution Detections API + - Security Detections API - Rule preview API /api/detection_engine/signals/assignees: post: @@ -592,7 +592,7 @@ paths: description: Invalid request. summary: Assign and unassign users from detection alerts tags: - - Security Solution Detections API + - Security Detections API /api/detection_engine/signals/search: post: description: Find and/or aggregate detection alerts that match the given query. @@ -664,7 +664,7 @@ paths: description: Internal server error response summary: Find and/or aggregate detection alerts tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/status: post: @@ -712,7 +712,7 @@ paths: description: Internal server error response summary: Set a detection alert status tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/signals/tags: post: @@ -769,7 +769,7 @@ paths: description: Internal server error response summary: Add and remove detection alert tags tags: - - Security Solution Detections API + - Security Detections API - Alerts API /api/detection_engine/tags: get: @@ -784,7 +784,7 @@ paths: description: Indicates a successful call summary: List all detection rule tags tags: - - Security Solution Detections API + - Security Detections API - Tags API components: schemas: @@ -6145,4 +6145,4 @@ tags: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. - name: Security Solution Detections API + name: Security Detections API diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index ad4133a5fd9c6..29e0b4e04807b 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: Interact with and manage endpoints running the Elastic Defend integration. - title: Security Solution Endpoint Management API (Elastic Cloud Serverless) + title: Security Endpoint Management API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -30,7 +30,7 @@ paths: description: OK summary: Get response actions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action_log/{agent_id}': get: deprecated: true @@ -56,7 +56,7 @@ paths: description: OK summary: Get an action request log tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -79,7 +79,7 @@ paths: description: OK summary: Get response actions status tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}': get: description: Get the details of a response action using the action ID. @@ -99,7 +99,7 @@ paths: description: OK summary: Get action details tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}': get: description: Get information for the specified file using the file ID. @@ -124,7 +124,7 @@ paths: description: OK summary: Get file information tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/action/{action_id}/file/{file_id}/download': get: description: Download a file from an endpoint. @@ -149,7 +149,7 @@ paths: description: OK summary: Download a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/execute: post: description: Run a shell command on an endpoint. @@ -169,7 +169,7 @@ paths: description: OK summary: Run a command tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/get_file: post: description: Get a file from an endpoint. @@ -189,7 +189,7 @@ paths: description: OK summary: Get a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/isolate: post: description: >- @@ -211,7 +211,7 @@ paths: description: OK summary: Isolate an endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/kill_process: post: description: Terminate a running process on an endpoint. @@ -231,7 +231,7 @@ paths: description: OK summary: Terminate a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/running_procs: post: description: Get a list of all processes running on an endpoint. @@ -251,7 +251,7 @@ paths: description: OK summary: Get running processes tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/scan: post: description: Scan a specific file or directory on an endpoint for malware. @@ -271,7 +271,7 @@ paths: description: OK summary: Scan a file or directory tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/state: get: description: >- @@ -287,7 +287,7 @@ paths: description: OK summary: Get actions state tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/suspend_process: post: description: Suspend a running process on an endpoint. @@ -307,7 +307,7 @@ paths: description: OK summary: Suspend a process tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/unisolate: post: description: 'Release an isolated endpoint, allowing it to rejoin a network.' @@ -327,7 +327,7 @@ paths: description: OK summary: Release an isolated endpoint tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/action/upload: post: description: Upload a file to an endpoint. @@ -347,7 +347,7 @@ paths: description: OK summary: Upload a file tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -366,7 +366,7 @@ paths: description: OK summary: Get a metadata list tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/metadata/{id}': get: operationId: GetEndpointMetadata @@ -385,7 +385,7 @@ paths: description: OK summary: Get metadata tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/metadata/transforms: get: operationId: GetEndpointMetadataTransform @@ -398,7 +398,7 @@ paths: description: OK summary: Get metadata transforms tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -420,7 +420,7 @@ paths: description: OK summary: Get a policy response tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API /api/endpoint/policy/summaries: get: deprecated: true @@ -446,7 +446,7 @@ paths: description: OK summary: Get an agent policy summary tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/protection_updates_note/{package_policy_id}': get: operationId: GetProtectionUpdatesNote @@ -465,7 +465,7 @@ paths: description: OK summary: Get a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API post: operationId: CreateUpdateProtectionUpdatesNote parameters: @@ -492,7 +492,7 @@ paths: description: OK summary: Create or update a protection updates note tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API '/api/endpoint/suggestions/{suggestion_type}': post: operationId: GetEndpointSuggestions @@ -528,7 +528,7 @@ paths: description: OK summary: Get suggestions tags: - - Security Solution Endpoint Management API + - Security Endpoint Management API components: schemas: ActionLogRequestQuery: @@ -1035,4 +1035,4 @@ security: - BasicAuth: [] tags: - description: Interact with and manage endpoints running the Elastic Defend integration. - name: Security Solution Endpoint Management API + name: Security Endpoint Management API diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index a3cc5c3000458..e69c13f4cc6f0 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: description: '' - title: Security Solution Entity Analytics API (Elastic Cloud Serverless) + title: Security Entity Analytics API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -59,7 +59,7 @@ paths: description: Invalid request summary: Delete Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: description: Get the criticality record for a specific asset. operationId: GetAssetCriticalityRecord @@ -90,7 +90,7 @@ paths: description: Criticality record not found summary: Get Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API post: description: Create or update a criticality record for a specific asset. operationId: CreateAssetCriticalityRecord @@ -121,7 +121,7 @@ paths: description: Invalid request summary: Upsert Criticality Record tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/bulk: post: description: >- @@ -179,7 +179,7 @@ paths: description: File too large summary: Bulk Upsert Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/asset_criticality/list: get: description: 'List asset criticality records, paging, sorting and filtering as needed.' @@ -255,7 +255,7 @@ paths: description: Bulk upload successful summary: List Asset Criticality Records tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/entity_store/engines: get: operationId: ListEntityEngines @@ -275,7 +275,7 @@ paths: description: Successful response summary: List the Entity Engines tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}': delete: operationId: DeleteEntityEngine @@ -304,7 +304,7 @@ paths: description: Successful response summary: Delete the Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API get: operationId: GetEntityEngine parameters: @@ -323,7 +323,7 @@ paths: description: Successful response summary: Get an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/init': post: operationId: InitEntityEngine @@ -355,7 +355,7 @@ paths: description: Successful response summary: Initialize an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/start': post: operationId: StartEntityEngine @@ -378,7 +378,7 @@ paths: description: Successful response summary: Start an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stats': post: operationId: GetEntityEngineStats @@ -413,7 +413,7 @@ paths: description: Successful response summary: Get Entity Engine stats tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API '/api/entity_store/engines/{entityType}/stop': post: operationId: StopEntityEngine @@ -436,7 +436,7 @@ paths: description: Successful response summary: Stop an Entity Engine tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/entity_store/entities/list: get: description: 'List entities records, paging, sorting and filtering as needed.' @@ -512,7 +512,7 @@ paths: description: Entities returned successfully summary: List Entity Store Entities tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: operationId: ScheduleRiskEngineNow @@ -540,7 +540,7 @@ paths: description: Unexpected error summary: Schedule the risk engine to run as soon as possible tags: - - Security Solution Entity Analytics API + - Security Entity Analytics API components: schemas: AssetCriticalityBulkUploadErrorItem: @@ -836,4 +836,4 @@ security: - BasicAuth: [] tags: - description: '' - name: Security Solution Entity Analytics API + name: Security Entity Analytics API diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml index d3b079e0551ab..efddff88e2ee8 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml @@ -3,7 +3,7 @@ info: description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. - title: Security Solution Timeline API (Elastic Cloud Serverless) + title: Security Timeline API (Elastic Cloud Serverless) version: '2023-10-31' servers: - url: 'http://{kibana_host}:{port}' @@ -51,7 +51,7 @@ paths: description: Indicates the note was successfully deleted. summary: Deletes a note from a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: description: Gets notes @@ -97,7 +97,7 @@ paths: description: Indicates the requested notes were returned. summary: Get all notes for a given document. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: operationId: PersistNoteRoute @@ -161,7 +161,7 @@ paths: description: Indicates the note was successfully created. summary: Persists a note to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/pinned_event: patch: @@ -210,7 +210,7 @@ paths: description: Indicate the event was successfully pinned in the timeline. summary: Persists a pinned event to a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline: delete: @@ -255,7 +255,7 @@ paths: description: Indicates the timeline was successfully deleted. summary: Deletes one or more timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' get: operationId: GetTimeline @@ -292,7 +292,7 @@ paths: Get an existing saved timeline or timeline template. This API is used to retrieve an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' patch: description: >- @@ -360,7 +360,7 @@ paths: a draft timeline. summary: Updates an existing timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: operationId: CreateTimelines @@ -429,7 +429,7 @@ paths: description: Indicates that there was an error in the timeline creation. summary: Creates a new timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_draft: get: @@ -494,7 +494,7 @@ paths: Retrieves the draft timeline for the current user. If the user does not have a draft timeline, an empty timeline is returned. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' post: description: > @@ -568,7 +568,7 @@ paths: timelineId. summary: Retrieves a draft timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_export: post: @@ -614,7 +614,7 @@ paths: description: Indicates that the export size limit was exceeded summary: Exports timelines as an NDJSON file tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_favorite: patch: @@ -676,7 +676,7 @@ paths: the favorite status. summary: Persists a given users favorite status of a timeline. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_import: post: @@ -766,7 +766,7 @@ paths: description: Indicates the import of timelines was unsuccessful. summary: Imports timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/_prepackaged: post: @@ -824,7 +824,7 @@ paths: unsuccessful. summary: Installs prepackaged timelines. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timeline/resolve: get: @@ -864,7 +864,7 @@ paths: description: The (template) timeline was not found summary: Get an existing saved timeline or timeline template. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' /api/timelines: get: @@ -969,7 +969,7 @@ paths: This API is used to retrieve a list of existing saved timelines or timeline templates. tags: - - Security Solution Timeline API + - Security Timeline API - 'access:securitySolution' components: schemas: @@ -1551,4 +1551,4 @@ tags: - description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. - name: Security Solution Timeline API + name: Security Timeline API diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index 0d503403b5667..7ae72255217e4 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -22,13 +22,13 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Detections API (Elastic Cloud Serverless)', + title: 'Security Detections API (Elastic Cloud Serverless)', description: 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', }, tags: [ { - name: 'Security Solution Detections API', + name: 'Security Detections API', description: 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', }, @@ -47,13 +47,13 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Detections API (Elastic Cloud and self-hosted)', + title: 'Security Detections API (Elastic Cloud and self-hosted)', description: 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', }, tags: [ { - name: 'Security Solution Detections API', + name: 'Security Detections API', description: 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', }, diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js index 2a63affc932b7..6ff13e46b0ccd 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js @@ -22,12 +22,12 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Endpoint Management API (Elastic Cloud Serverless)', + title: 'Security Endpoint Management API (Elastic Cloud Serverless)', description: 'Interact with and manage endpoints running the Elastic Defend integration.', }, tags: [ { - name: 'Security Solution Endpoint Management API', + name: 'Security Endpoint Management API', description: 'Interact with and manage endpoints running the Elastic Defend integration.', }, @@ -46,12 +46,12 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Endpoint Management API (Elastic Cloud and self-hosted)', + title: 'Security Endpoint Management API (Elastic Cloud and self-hosted)', description: 'Interact with and manage endpoints running the Elastic Defend integration.', }, tags: [ { - name: 'Security Solution Endpoint Management API', + name: 'Security Endpoint Management API', description: 'Interact with and manage endpoints running the Elastic Defend integration.', }, diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js index 3975e57f1c012..f8464b7dad367 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js @@ -22,12 +22,12 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Entity Analytics API (Elastic Cloud Serverless)', + title: 'Security Entity Analytics API (Elastic Cloud Serverless)', description: '', }, tags: [ { - name: 'Security Solution Entity Analytics API', + name: 'Security Entity Analytics API', description: '', }, ], @@ -45,12 +45,12 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Entity Analytics API (Elastic Cloud and self-hosted)', + title: 'Security Entity Analytics API (Elastic Cloud and self-hosted)', description: '', }, tags: [ { - name: 'Security Solution Entity Analytics API', + name: 'Security Entity Analytics API', description: '', }, ], diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js index a6b4a17d6cae3..507ca29293faf 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js @@ -22,13 +22,13 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['serverless'], prototypeDocument: { info: { - title: 'Security Solution Timeline API (Elastic Cloud Serverless)', + title: 'Security Timeline API (Elastic Cloud Serverless)', description: 'You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.', }, tags: [ { - name: 'Security Solution Timeline API', + name: 'Security Timeline API', description: 'You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.', }, @@ -47,13 +47,13 @@ const ROOT = resolve(__dirname, '../..'); includeLabels: ['ess'], prototypeDocument: { info: { - title: 'Security Solution Timeline API (Elastic Cloud and self-hosted)', + title: 'Security Timeline API (Elastic Cloud and self-hosted)', description: 'You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.', }, tags: [ { - name: 'Security Solution Timeline API', + name: 'Security Timeline API', description: 'You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.', },