diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 7d063ea0f61af..a24206d5eceaa 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -8011,6 +8011,42 @@ paths: '200': content: application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -8682,6 +8718,23 @@ paths: requestBody: content: application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -8690,13 +8743,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 76, + total: 1, + updated: 1, + version_conflicts: 0, description: Indicates a successful call. '400': description: Invalid request. @@ -8711,6 +8783,35 @@ paths: requestBody: content: application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: '2025-01-17T08:00:00.000Z' + lte: '2025-01-18T07:59:59.999Z' + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -8748,6 +8849,31 @@ paths: '200': content: application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -8784,6 +8910,43 @@ paths: requestBody: content: application/json: + examples: + byId: + value: + signal_ids: + - 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' @@ -8794,6 +8957,41 @@ paths: '200': content: application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -8833,6 +9031,23 @@ paths: requestBody: content: application/json: + examples: + add: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -8849,6 +9064,24 @@ paths: '200': content: application/json: + examples: + success: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 68, + total: 1, + updated: 1, + version_conflicts: 0, schema: additionalProperties: true description: Elasticsearch update by query response @@ -44817,22 +45050,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove Security_Detections_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Detections_API_AlertsIndex: @@ -44854,6 +45093,7 @@ components: - additionalProperties: true type: object Security_Detections_API_AlertStatus: + description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. enum: - open - closed @@ -44904,8 +45144,12 @@ components: - suppress type: string Security_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Use alert tags to organize related alerts into categories that you can filter and group. + format: nonempty + minLength: 1 + type: string Security_Detections_API_AlertTags: + description: List of keywords to organize related alerts into categories that you can filter and group. items: $ref: '#/components/schemas/Security_Detections_API_AlertTag' type: array @@ -48911,8 +49155,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -48938,6 +49185,7 @@ components: - query - status Security_Detections_API_SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: @@ -50694,9 +50942,11 @@ components: - microsoft_defender_endpoint type: string Security_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Endpoint_Management_API_CaseIds: @@ -50977,11 +51227,6 @@ components: type: string required: - hostStatuses - Security_Endpoint_Management_API_NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Security_Endpoint_Management_API_Page: default: 1 description: Page number diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index f8dbe07f174e9..98735ad10c07a 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -9498,6 +9498,11 @@ paths: '200': content: application/json: + examples: + success: + value: + index_mapping_outdated: false + name: .alerts-security.alerts-default schema: type: object properties: @@ -9590,6 +9595,42 @@ paths: '200': content: application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -10509,6 +10550,23 @@ paths: requestBody: content: application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -10517,13 +10575,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 76, + total: 1, + updated: 1, + version_conflicts: 0, description: Indicates a successful call. '400': description: Invalid request. @@ -10542,9 +10619,13 @@ paths: content: application/json: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to finalize. items: type: string minItems: 1 @@ -10557,6 +10638,17 @@ paths: '200': content: application/json: + examples: + success: + value: + migrations: + - completed: true + destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: '2021-01-06T22:05:56.859Z' + version: 16 schema: items: $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult' @@ -10601,9 +10693,13 @@ paths: content: application/json: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to cleanup. items: type: string minItems: 1 @@ -10616,6 +10712,16 @@ paths: '200': content: application/json: + examples: + success: + value: + migrations: + - destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: '2021-01-06T22:05:56.859Z' + version: 16 schema: items: $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult' @@ -10653,13 +10759,21 @@ paths: requestBody: content: application/json: + examples: + singleIndex: + value: + index: + - .siem-signals-default-000001 schema: allOf: - type: object properties: index: + description: Array of index names to migrate. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array required: @@ -10671,6 +10785,13 @@ paths: '200': content: application/json: + examples: + success: + value: + indices: + - index: .siem-signals-default-000001, + migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d + migration_index: .siem-signals-default-000001-r000016 schema: type: object properties: @@ -10708,7 +10829,7 @@ paths: tags: - Security Detections API /api/detection_engine/signals/migration_status: - post: + get: deprecated: true description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. operationId: ReadAlertsMigrationStatus @@ -10721,12 +10842,37 @@ paths: description: | Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). + example: now-30d format: date-math type: string responses: '200': content: application/json: + examples: + success: + value: + indices: + - index: .siem-signals-default-000002 + is_outdated: true + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + status: pending + updated: '2021-01-06T20:41:37.173Z' + version: 16 + signal_versions: + - count: 100 + version: 15 + - count: 87 + version: 16 + version: 15 + - index: .siem-signals-default-000003 + is_outdated: false + migrations: [] + signal_versions: + - count: 54 + version: 16 + version: 16 schema: type: object properties: @@ -10767,6 +10913,35 @@ paths: requestBody: content: application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: '2025-01-17T08:00:00.000Z' + lte: '2025-01-18T07:59:59.999Z' + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -10804,6 +10979,31 @@ paths: '200': content: application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -10839,6 +11039,43 @@ paths: requestBody: content: application/json: + examples: + byId: + value: + signal_ids: + - 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' @@ -10849,6 +11086,41 @@ paths: '200': content: application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -10887,6 +11159,23 @@ paths: requestBody: content: application/json: + examples: + add: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -10903,6 +11192,24 @@ paths: '200': content: application/json: + examples: + success: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 68, + total: 1, + updated: 1, + version_conflicts: 0, schema: additionalProperties: true description: Elasticsearch update by query response @@ -51320,22 +51627,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove Security_Detections_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Detections_API_AlertsIndex: @@ -51380,12 +51693,15 @@ components: type: object properties: requests_per_second: + description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API. minimum: 1 type: integer size: + description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API. minimum: 1 type: integer slices: + description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API. minimum: 1 type: integer Security_Detections_API_AlertsSort: @@ -51400,6 +51716,7 @@ components: - additionalProperties: true type: object Security_Detections_API_AlertStatus: + description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. enum: - open - closed @@ -51450,8 +51767,12 @@ components: - suppress type: string Security_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Use alert tags to organize related alerts into categories that you can filter and group. + format: nonempty + minLength: 1 + type: string Security_Detections_API_AlertTags: + description: List of keywords to organize related alerts into categories that you can filter and group. items: $ref: '#/components/schemas/Security_Detections_API_AlertTag' type: array @@ -55594,8 +55915,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -55621,6 +55945,7 @@ components: - query - status Security_Detections_API_SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: @@ -57384,9 +57709,11 @@ components: - microsoft_defender_endpoint type: string Security_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Endpoint_Management_API_CaseIds: @@ -57667,11 +57994,6 @@ components: type: string required: - hostStatuses - Security_Endpoint_Management_API_NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Security_Endpoint_Management_API_Page: default: 1 description: Page number diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts index 2cefcab9756b7..a4c51a07359ed 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts @@ -15,20 +15,14 @@ */ import { z } from '@kbn/zod'; +import { isNonEmptyString } from '@kbn/zod-helpers'; import { AlertIds } from '../../model/alert.gen'; -import { NonEmptyString } from '../../model/primitives.gen'; export type AlertAssignees = z.infer; export const AlertAssignees = z.object({ - /** - * A list of users ids to assign. - */ - add: z.array(NonEmptyString), - /** - * A list of users ids to unassign. - */ - remove: z.array(NonEmptyString), + add: z.array(z.string().min(1).superRefine(isNonEmptyString)), + remove: z.array(z.string().min(1).superRefine(isNonEmptyString)), }); export type SetAlertAssigneesRequestBody = z.infer; @@ -37,9 +31,6 @@ export const SetAlertAssigneesRequestBody = z.object({ * Details about the assignees to assign and unassign. */ assignees: AlertAssignees, - /** - * List of alerts ids to assign and unassign passed assignees. - */ ids: AlertIds, }); export type SetAlertAssigneesRequestBodyInput = z.input; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml index b4b5e858672dd..6c28c76a0b29a 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml @@ -28,10 +28,42 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '../../model/alert.schema.yaml#/components/schemas/AlertIds' - description: List of alerts ids to assign and unassign passed assignees. + examples: + add: + value: + assignees: + add: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0'] + remove: [] + ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6'] + remove: + value: + assignees: + add: [] + remove: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0'] + ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6'] responses: 200: description: Indicates a successful call. + content: + application/ndjson: + examples: + add: + value: + took: 76, + timed_out: false, + total: 1, + updated: 1, + deleted: 0, + batches: 1, + version_conflicts: 0, + noops: 0, + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + requests_per_second: -1, + throttled_until_millis: 0, + failures: [] 400: description: Invalid request. @@ -46,10 +78,14 @@ components: add: type: array items: - $ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' - description: A list of users ids to assign. + type: string + format: nonempty + minLength: 1 + description: A list of users ids to assign. remove: type: array items: - $ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' - description: A list of users ids to unassign. + type: string + format: nonempty + minLength: 1 + description: A list of users ids to unassign. diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts index b08d4ff877058..f4b40c03a634a 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts @@ -18,6 +18,9 @@ import { z } from '@kbn/zod'; import { AlertIds, AlertTags } from '../../../model/alert.gen'; +/** + * Object with list of tags to add and remove. + */ export type SetAlertTags = z.infer; export const SetAlertTags = z.object({ tags_to_add: AlertTags, diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml index 2e712ed3fec40..e80be52c99415 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml @@ -30,6 +30,19 @@ paths: required: - ids - tags + examples: + add: + value: + tags: + tags_to_add: ['Duplicate'] + tags_to_remove: [] + ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e'] + remove: + value: + tags: + tags_to_add: [] + tags_to_remove: ['Duplicate'] + ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e'] responses: 200: description: Successful response @@ -39,6 +52,24 @@ paths: type: object additionalProperties: true description: Elasticsearch update by query response + examples: + success: + value: + took: 68, + timed_out: false, + total: 1, + updated: 1, + deleted: 0, + batches: 1, + version_conflicts: 0, + noops: 0, + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + requests_per_second: -1, + throttled_until_millis: 0, + failures: [] 400: description: Invalid input data response content: @@ -63,6 +94,7 @@ paths: components: schemas: SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml index 70283f59ef79d..f9a854689c490 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml @@ -25,6 +25,11 @@ paths: type: boolean nullable: true required: [name, index_mapping_outdated] + examples: + success: + value: + index_mapping_outdated: false + name: '.alerts-security.alerts-default' 401: description: Unsuccessful authentication response content: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml index 168ad44849014..02239060325dc 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml @@ -29,6 +29,42 @@ paths: has_encryption_key: type: boolean required: [is_authenticated, has_encryption_key] + examples: + success: + value: + username: elastic + has_all_requested: true + cluster: + all: true + monitor_ml: true + manage_transform: true + manage_index_templates: true + monitor_transform: true + manage_ml: true + monitor: true + manage_pipeline: true + manage_api_key: true + manage_security: true + manage_own_api_key: true + manage: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + application: {} + is_authenticated: true + has_encryption_key: true 401: description: Unsuccessful authentication response content: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml index 00061cf50c60d..b16899d755599 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml @@ -48,6 +48,35 @@ paths: sort: $ref: '#/components/schemas/AlertsSort' description: Elasticsearch query and aggregation request + examples: + query: + value: + size: 0 + query: + bool: + filter: + - bool: + must: [] + filter: + - match_phrase: + kibana.alert.workflow_status: open + should: [] + must_not: + - exists: + field: kibana.alert.building_block_type + - range: + '@timestamp': + gte: 2025-01-17T08:00:00.000Z + lte: 2025-01-18T07:59:59.999Z + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + runtime_mappings: {} responses: 200: description: Successful response @@ -57,6 +86,31 @@ paths: type: object additionalProperties: true description: Elasticsearch search response + examples: + success: + value: + took: 0 + timed_out: false + _shards: + total: 1 + successful: 1 + skipped: 0 + failed: 0 + hits: + total: + value: 5 + relation: eq + max_score: null + hits: [] + aggregations: + alertsByGrouping: + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + buckets: + - key: Host-f43kkddfyc + doc_count: 5 + missingFields: + doc_count: 0 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts index c8def8a2fb305..b95be98a5c897 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts @@ -15,13 +15,16 @@ */ import { z } from '@kbn/zod'; +import { isNonEmptyString } from '@kbn/zod-helpers'; -import { NonEmptyString } from '../../../model/primitives.gen'; import { AlertStatus } from '../../../model/alert.gen'; export type SetAlertsStatusByIds = z.infer; export const SetAlertsStatusByIds = z.object({ - signal_ids: z.array(NonEmptyString).min(1), + /** + * List of alert `id`s. + */ + signal_ids: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1), status: AlertStatus, }); diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml index fe514c4dafe2e..2f3266254ebd3 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml @@ -21,6 +21,42 @@ paths: oneOf: - $ref: '#/components/schemas/SetAlertsStatusByIds' - $ref: '#/components/schemas/SetAlertsStatusByQuery' + examples: + byId: + value: + status: closed + signal_ids: ['80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1'] + byQuery: + value: + conflicts: proceed + status: closed + query: + bool: + must: [] + filter: + - range: + '@timestamp': + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + format: strict_date_optional_time + - bool: + filter: + bool: + must: [] + filter: + - match_phrase: + kibana.alert.workflow_status: open + - range: + '@timestamp': + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + format: strict_date_optional_time + should: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must_not: [] responses: 200: description: Successful response @@ -30,6 +66,41 @@ paths: type: object additionalProperties: true description: Elasticsearch update by query response + examples: + byId: + value: + took: 81 + timed_out: false + total: 1 + updated: 1 + deleted: 0 + batches: 1 + version_conflicts: 0 + noops: 0 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + requests_per_second: -1 + throttled_until_millis: 0 + failures: [] + byQuery: + value: + took: 100 + timed_out: false + total: 17 + updated: 17 + deleted: 0 + batches: 1 + version_conflicts: 0 + noops: 0 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + requests_per_second: -1 + throttled_until_millis: 0 + failures: [] 400: description: Invalid input data response content: @@ -58,8 +129,11 @@ components: properties: signal_ids: type: array + description: List of alert `id`s. items: - $ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + format: nonempty + minLength: 1 minItems: 1 status: $ref: '../../../model/alert.schema.yaml#/components/schemas/AlertStatus' diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts index 7f321de7c06da..8dd0f18334724 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts @@ -15,13 +15,21 @@ */ import { z } from '@kbn/zod'; - -import { NonEmptyString } from '../../../model/primitives.gen'; +import { isNonEmptyString } from '@kbn/zod-helpers'; export type AlertsReindexOptions = z.infer; export const AlertsReindexOptions = z.object({ + /** + * The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API. + */ requests_per_second: z.number().int().min(1).optional(), + /** + * Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API. + */ size: z.number().int().min(1).optional(), + /** + * The number of subtasks for the migration task. Corresponds to slices on the Reindex API. + */ slices: z.number().int().min(1).optional(), }); @@ -49,7 +57,10 @@ export const SkippedAlertsIndexMigration = z.object({ export type CreateAlertsMigrationRequestBody = z.infer; export const CreateAlertsMigrationRequestBody = z .object({ - index: z.array(NonEmptyString).min(1), + /** + * Array of index names to migrate. + */ + index: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1), }) .merge(AlertsReindexOptions); export type CreateAlertsMigrationRequestBodyInput = z.input< diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml index d77bb820ec59e..0196e031f8724 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml @@ -25,13 +25,19 @@ paths: - type: object properties: index: + description: Array of index names to migrate. type: array items: - $ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + format: nonempty + minLength: 1 minItems: 1 required: [index] - $ref: '#/components/schemas/AlertsReindexOptions' - + examples: + singleIndex: + value: + index: [.siem-signals-default-000001] responses: 200: description: Successful response @@ -48,6 +54,13 @@ paths: - $ref: '#/components/schemas/AlertsIndexMigrationError' - $ref: '#/components/schemas/SkippedAlertsIndexMigration' required: [indices] + examples: + success: + value: + indices: + - index: .siem-signals-default-000001, + migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d + migration_index: .siem-signals-default-000001-r000016 400: description: Invalid input data response content: @@ -77,12 +90,15 @@ components: requests_per_second: type: integer minimum: 1 + description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API. size: type: integer minimum: 1 + description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API. slices: type: integer minimum: 1 + description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API. AlertsIndexMigrationSuccess: type: object diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts index b9d9604f5449b..47b043706f40c 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts @@ -34,6 +34,9 @@ export const MigrationCleanupResult = z.object({ export type AlertsMigrationCleanupRequestBody = z.infer; export const AlertsMigrationCleanupRequestBody = z.object({ + /** + * Array of `migration_id`s to cleanup. + */ migration_ids: z.array(z.string()).min(1), }); export type AlertsMigrationCleanupRequestBodyInput = z.input< diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml index a03d7c476d65f..458f594091ddd 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml @@ -14,7 +14,7 @@ paths: Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted. - + While you can delete these indices manually, the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted after 30 days. It also deletes other artifacts specific to the migration implementation. @@ -29,11 +29,14 @@ paths: type: object properties: migration_ids: + description: Array of `migration_id`s to cleanup. type: array items: type: string minItems: 1 required: [migration_ids] + example: + migration_ids: [924f7c50-505f-11eb-ae0a-3fa2e626a51d] responses: 200: description: Successful response @@ -43,6 +46,16 @@ paths: type: array items: $ref: '#/components/schemas/MigrationCleanupResult' + examples: + success: + value: + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + destinationIndex: .siem-signals-default-000002-r000016 + status: success + sourceIndex: .siem-signals-default-000002 + version: 16 + updated: 2021-01-06T22:05:56.859Z 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts index d337beffb9f45..d5da5fcc892d8 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts @@ -35,6 +35,9 @@ export const MigrationFinalizationResult = z.object({ export type FinalizeAlertsMigrationRequestBody = z.infer; export const FinalizeAlertsMigrationRequestBody = z.object({ + /** + * Array of `migration_id`s to finalize. + */ migration_ids: z.array(z.string()).min(1), }); export type FinalizeAlertsMigrationRequestBodyInput = z.input< diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml index 1160467494090..03ec7e4813227 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml @@ -25,11 +25,14 @@ paths: type: object properties: migration_ids: + description: Array of `migration_id`s to finalize. type: array items: type: string minItems: 1 required: [migration_ids] + example: + migration_ids: ['924f7c50-505f-11eb-ae0a-3fa2e626a51d'] responses: 200: description: Successful response @@ -39,6 +42,17 @@ paths: type: array items: $ref: '#/components/schemas/MigrationFinalizationResult' + examples: + success: + value: + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + completed: true + destinationIndex: '.siem-signals-default-000002-r000016' + status: success + sourceIndex: '.siem-signals-default-000002' + version: 16 + updated: '2021-01-06T22:05:56.859Z' 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml index 0baa8e2281506..27688f9867f4b 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml @@ -4,7 +4,7 @@ info: version: '2023-10-31' paths: /api/detection_engine/signals/migration_status: - post: + get: x-labels: [ess] operationId: ReadAlertsMigrationStatus x-codegen-enabled: true @@ -24,6 +24,7 @@ paths: Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). format: date-math + example: now-30d responses: 200: description: Successful response @@ -37,6 +38,30 @@ paths: items: $ref: '#/components/schemas/IndexMigrationStatus' required: [indices] + examples: + success: + value: + indices: + - index: .siem-signals-default-000002 + version: 15 + signal_versions: + - version: 15 + count: 100 + - version: 16 + count: 87 + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + status: pending + version: 16 + updated: 2021-01-06T20:41:37.173Z + is_outdated: true + - index: .siem-signals-default-000003 + version: 16 + signal_versions: + - version: 16 + count: 54 + migrations: [] + is_outdated: false 400: description: Invalid input data response content: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts index 04a32d7866d0a..bb9cf4354684d 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.gen.ts @@ -15,21 +15,29 @@ */ import { z } from '@kbn/zod'; - -import { NonEmptyString } from './primitives.gen'; +import { isNonEmptyString } from '@kbn/zod-helpers'; /** - * A list of alerts ids. + * A list of alerts `id`s. */ export type AlertIds = z.infer; -export const AlertIds = z.array(NonEmptyString).min(1); +export const AlertIds = z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1); +/** + * Use alert tags to organize related alerts into categories that you can filter and group. + */ export type AlertTag = z.infer; -export const AlertTag = NonEmptyString; +export const AlertTag = z.string().min(1).superRefine(isNonEmptyString); +/** + * List of keywords to organize related alerts into categories that you can filter and group. + */ export type AlertTags = z.infer; export const AlertTags = z.array(AlertTag); +/** + * The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. + */ export type AlertStatus = z.infer; export const AlertStatus = z.enum(['open', 'closed', 'acknowledged', 'in-progress']); export type AlertStatusEnum = typeof AlertStatus.enum; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml index ecf7e02d6ebe3..9304c1acdffc5 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/model/alert.schema.yaml @@ -9,19 +9,26 @@ components: AlertIds: type: array items: - $ref: './primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty minItems: 1 - description: A list of alerts ids. + description: A list of alerts `id`s. AlertTag: - $ref: './primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + format: nonempty + minLength: 1 + description: Use alert tags to organize related alerts into categories that you can filter and group. AlertTags: type: array + description: List of keywords to organize related alerts into categories that you can filter and group. items: $ref: '#/components/schemas/AlertTag' AlertStatus: + description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. type: string enum: - open diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts index a57be4b8f0680..1ed3a770d3410 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -1912,7 +1912,7 @@ finalize it. headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, - method: 'POST', + method: 'GET', query: props.query, }) diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 1aa026db6eac9..aa06e6b17ca00 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -65,6 +65,11 @@ paths: '200': content: application/json: + examples: + success: + value: + index_mapping_outdated: false + name: .alerts-security.alerts-default schema: type: object properties: @@ -163,6 +168,42 @@ paths: '200': content: application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -1001,6 +1042,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -1009,13 +1069,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 76, + total: 1, + updated: 1, + version_conflicts: 0, description: Indicates a successful call. '400': description: Invalid request. @@ -1038,9 +1117,13 @@ paths: content: application/json: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to finalize. items: type: string minItems: 1 @@ -1053,6 +1136,17 @@ paths: '200': content: application/json: + examples: + success: + value: + migrations: + - completed: true + destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: '2021-01-06T22:05:56.859Z' + version: 16 schema: items: $ref: '#/components/schemas/MigrationFinalizationResult' @@ -1107,9 +1201,13 @@ paths: content: application/json: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to cleanup. items: type: string minItems: 1 @@ -1122,6 +1220,16 @@ paths: '200': content: application/json: + examples: + success: + value: + migrations: + - destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: 2021-01-06T22:05:56.859Z + version: 16 schema: items: $ref: '#/components/schemas/MigrationCleanupResult' @@ -1164,13 +1272,21 @@ paths: requestBody: content: application/json: + examples: + singleIndex: + value: + index: + - .siem-signals-default-000001 schema: allOf: - type: object properties: index: + description: Array of index names to migrate. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array required: @@ -1182,6 +1298,13 @@ paths: '200': content: application/json: + examples: + success: + value: + indices: + - index: .siem-signals-default-000001, + migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d + migration_index: .siem-signals-default-000001-r000016 schema: type: object properties: @@ -1220,7 +1343,7 @@ paths: - Security Detections API - Alerts migration API /api/detection_engine/signals/migration_status: - post: + get: deprecated: true description: >- Retrieve indices that contain detection alerts of a particular age, @@ -1238,12 +1361,37 @@ paths: before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). + example: now-30d format: date-math type: string responses: '200': content: application/json: + examples: + success: + value: + indices: + - index: .siem-signals-default-000002 + is_outdated: true + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + status: pending + updated: 2021-01-06T20:41:37.173Z + version: 16 + signal_versions: + - count: 100 + version: 15 + - count: 87 + version: 16 + version: 15 + - index: .siem-signals-default-000003 + is_outdated: false + migrations: [] + signal_versions: + - count: 54 + version: 16 + version: 16 schema: type: object properties: @@ -1285,6 +1433,35 @@ paths: requestBody: content: application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: 2025-01-17T08:00:00.000Z + lte: 2025-01-18T07:59:59.999Z + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -1322,6 +1499,31 @@ paths: '200': content: application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -1358,6 +1560,44 @@ paths: requestBody: content: application/json: + examples: + byId: + value: + signal_ids: + - >- + 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/SetAlertsStatusByIds' @@ -1370,6 +1610,41 @@ paths: '200': content: application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -1409,6 +1684,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -1427,6 +1721,24 @@ paths: '200': content: application/json: + examples: + success: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 68, + total: 1, + updated: 1, + version_conflicts: 0, schema: additionalProperties: true description: Elasticsearch update by query response @@ -1477,22 +1789,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array AlertsIndex: @@ -1537,12 +1855,21 @@ components: type: object properties: requests_per_second: + description: >- + The throttle for the migration task in sub-requests per second. + Corresponds to requests_per_second on the Reindex API. minimum: 1 type: integer size: + description: >- + Number of alerts to migrate per batch. Corresponds to the + source.size option on the Reindex API. minimum: 1 type: integer slices: + description: >- + The number of subtasks for the migration task. Corresponds to slices + on the Reindex API. minimum: 1 type: integer AlertsSort: @@ -1557,6 +1884,9 @@ components: - additionalProperties: true type: object AlertStatus: + description: >- + The status of an alert, which can be `open`, `acknowledged`, + `in-progress`, or `closed`. enum: - open - closed @@ -1610,8 +1940,16 @@ components: - suppress type: string AlertTag: - $ref: '#/components/schemas/NonEmptyString' + description: >- + Use alert tags to organize related alerts into categories that you can + filter and group. + format: nonempty + minLength: 1 + type: string AlertTags: + description: >- + List of keywords to organize related alerts into categories that you can + filter and group. items: $ref: '#/components/schemas/AlertTag' type: array @@ -5872,8 +6210,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -5899,6 +6240,7 @@ components: - query - status SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index 8e0b8b0b03cbb..8397eef7a9d96 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -508,9 +508,11 @@ components: - microsoft_defender_endpoint type: string AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array CaseIds: @@ -791,11 +793,6 @@ components: type: string required: - hostStatuses - NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Page: default: 1 description: Page number diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 4a1d204e8c967..48289ff323178 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -32,6 +32,42 @@ paths: '200': content: application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -586,6 +622,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -594,13 +649,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 76, + total: 1, + updated: 1, + version_conflicts: 0, description: Indicates a successful call. '400': description: Invalid request. @@ -614,6 +688,35 @@ paths: requestBody: content: application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: 2025-01-17T08:00:00.000Z + lte: 2025-01-18T07:59:59.999Z + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -651,6 +754,31 @@ paths: '200': content: application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -687,6 +815,44 @@ paths: requestBody: content: application/json: + examples: + byId: + value: + signal_ids: + - >- + 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/SetAlertsStatusByIds' @@ -699,6 +865,41 @@ paths: '200': content: application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -738,6 +939,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -756,6 +976,24 @@ paths: '200': content: application/json: + examples: + success: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 68, + total: 1, + updated: 1, + version_conflicts: 0, schema: additionalProperties: true description: Elasticsearch update by query response @@ -806,22 +1044,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array AlertsIndex: @@ -843,6 +1087,9 @@ components: - additionalProperties: true type: object AlertStatus: + description: >- + The status of an alert, which can be `open`, `acknowledged`, + `in-progress`, or `closed`. enum: - open - closed @@ -896,8 +1143,16 @@ components: - suppress type: string AlertTag: - $ref: '#/components/schemas/NonEmptyString' + description: >- + Use alert tags to organize related alerts into categories that you can + filter and group. + format: nonempty + minLength: 1 + type: string AlertTags: + description: >- + List of keywords to organize related alerts into categories that you can + filter and group. items: $ref: '#/components/schemas/AlertTag' type: array @@ -5021,8 +5276,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -5048,6 +5306,7 @@ components: - query - status SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index afa7cbaa403ba..0e0ecfbc94ddb 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -508,9 +508,11 @@ components: - microsoft_defender_endpoint type: string AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array CaseIds: @@ -791,11 +793,6 @@ components: type: string required: - hostStatuses - NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Page: default: 1 description: Page number diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index a069b2e1134ce..b3b0eb4571674 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -1325,7 +1325,7 @@ finalize it. kibanaSpace: string = 'default' ) { return supertest - .post(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace)) + .get(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')