diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index c7a30d502e1db..62a1582e86285 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -7954,7 +7954,43 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -8613,7 +8649,24 @@ paths: operationId: SetAlertAssignees requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -8622,13 +8675,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 76, + total: 1, + updated: 1, + version_conflicts: 0, description: Indicates a successful call. '400': description: Invalid request. @@ -8642,7 +8714,36 @@ paths: operationId: SearchAlerts requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: '2025-01-17T08:00:00.000Z' + lte: '2025-01-18T07:59:59.999Z' + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -8679,7 +8780,32 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -8715,7 +8841,44 @@ paths: operationId: SetAlertsStatus requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + byId: + value: + signal_ids: + - 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' @@ -8725,7 +8888,42 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -8764,7 +8962,24 @@ paths: operationId: SetAlertTags requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + add: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -8780,7 +8995,25 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + success: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 68, + total: 1, + updated: 1, + version_conflicts: 0, schema: additionalProperties: true description: Elasticsearch update by query response @@ -43011,22 +43244,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove Security_Detections_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Detections_API_AlertsIndex: @@ -43048,6 +43287,7 @@ components: - additionalProperties: true type: object Security_Detections_API_AlertStatus: + description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. enum: - open - closed @@ -43098,8 +43338,12 @@ components: - suppress type: string Security_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Use alert tags to organize related alerts into categories that you can filter and group. + format: nonempty + minLength: 1 + type: string Security_Detections_API_AlertTags: + description: List of keywords to organize related alerts into categories that you can filter and group. items: $ref: '#/components/schemas/Security_Detections_API_AlertTag' type: array @@ -47091,8 +47335,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -47118,6 +47365,7 @@ components: - query - status Security_Detections_API_SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: @@ -48874,9 +49122,11 @@ components: - microsoft_defender_endpoint type: string Security_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Endpoint_Management_API_CaseIds: @@ -49157,11 +49407,6 @@ components: type: string required: - hostStatuses - Security_Endpoint_Management_API_NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Security_Endpoint_Management_API_Page: default: 1 description: Page number @@ -54081,7 +54326,7 @@ components: items: type: string description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format message: type: string description: The email message text. Markdown format is supported. diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index a74ff694ee4fe..baedf0ce21957 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -8503,6 +8503,11 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + index_mapping_outdated: false + name: .alerts-security.alerts-default schema: type: object properties: @@ -8595,6 +8600,42 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -9502,6 +9543,23 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -9510,13 +9568,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/Security_Detections_API_AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + examples: + add: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 76, + total: 1, + updated: 1, + version_conflicts: 0, description: Indicates a successful call. '400': description: Invalid request. @@ -9534,9 +9611,13 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to finalize. items: type: string minItems: 1 @@ -9549,6 +9630,17 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + migrations: + - completed: true + destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: '2021-01-06T22:05:56.859Z' + version: 16 schema: items: $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult' @@ -9592,9 +9684,13 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to cleanup. items: type: string minItems: 1 @@ -9607,6 +9703,16 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + migrations: + - destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: '2021-01-06T22:05:56.859Z' + version: 16 schema: items: $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult' @@ -9643,13 +9749,21 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + singleIndex: + value: + index: + - .siem-signals-default-000001 schema: allOf: - type: object properties: index: + description: Array of index names to migrate. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array required: @@ -9661,6 +9775,13 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + indices: + - index: .siem-signals-default-000001, + migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d + migration_index: .siem-signals-default-000001-r000016 schema: type: object properties: @@ -9698,7 +9819,7 @@ paths: tags: - Security Detections API /api/detection_engine/signals/migration_status: - post: + get: description: Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. operationId: ReadAlertsMigrationStatus parameters: @@ -9710,12 +9831,37 @@ paths: description: | Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). + example: now-30d format: date-math type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + indices: + - index: .siem-signals-default-000002 + is_outdated: true + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + status: pending + updated: '2021-01-06T20:41:37.173Z' + version: 16 + signal_versions: + - count: 100 + version: 15 + - count: 87 + version: 16 + version: 15 + - index: .siem-signals-default-000003 + is_outdated: false + migrations: [] + signal_versions: + - count: 54 + version: 16 + version: 16 schema: type: object properties: @@ -9756,6 +9902,35 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: '2025-01-17T08:00:00.000Z' + lte: '2025-01-18T07:59:59.999Z' + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -9793,6 +9968,31 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -9828,6 +10028,43 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + byId: + value: + signal_ids: + - 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: '2024-10-23T07:00:00.000Z' + lte: '2025-01-21T20:12:11.704Z' + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' @@ -9838,6 +10075,41 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -9876,6 +10148,23 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + add: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -9892,6 +10181,24 @@ paths: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + success: + value: + batches: 1, + deleted: 0, + failures: [] + noops: 0, + requests_per_second: '-1,' + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + throttled_until_millis: 0, + timed_out: false, + took: 68, + total: 1, + updated: 1, + version_conflicts: 0, schema: additionalProperties: true description: Elasticsearch update by query response @@ -34551,22 +34858,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove Security_Detections_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Detections_API_AlertsIndex: @@ -34611,12 +34924,15 @@ components: type: object properties: requests_per_second: + description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API. minimum: 1 type: integer size: + description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API. minimum: 1 type: integer slices: + description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API. minimum: 1 type: integer Security_Detections_API_AlertsSort: @@ -34631,6 +34947,7 @@ components: - additionalProperties: true type: object Security_Detections_API_AlertStatus: + description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. enum: - open - closed @@ -34681,8 +34998,12 @@ components: - suppress type: string Security_Detections_API_AlertTag: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Use alert tags to organize related alerts into categories that you can filter and group. + format: nonempty + minLength: 1 + type: string Security_Detections_API_AlertTags: + description: List of keywords to organize related alerts into categories that you can filter and group. items: $ref: '#/components/schemas/Security_Detections_API_AlertTag' type: array @@ -38811,8 +39132,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -38838,6 +39162,7 @@ components: - query - status Security_Detections_API_SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: @@ -40610,9 +40935,11 @@ components: - crowdstrike type: string Security_Endpoint_Management_API_AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array Security_Endpoint_Management_API_CaseIds: @@ -40859,11 +41186,6 @@ components: type: string required: - hostStatuses - Security_Endpoint_Management_API_NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Security_Endpoint_Management_API_Page: default: 1 description: Page number diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts index 2cefcab9756b7..a4c51a07359ed 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.gen.ts @@ -15,20 +15,14 @@ */ import { z } from '@kbn/zod'; +import { isNonEmptyString } from '@kbn/zod-helpers'; import { AlertIds } from '../../model/alert.gen'; -import { NonEmptyString } from '../../model/primitives.gen'; export type AlertAssignees = z.infer; export const AlertAssignees = z.object({ - /** - * A list of users ids to assign. - */ - add: z.array(NonEmptyString), - /** - * A list of users ids to unassign. - */ - remove: z.array(NonEmptyString), + add: z.array(z.string().min(1).superRefine(isNonEmptyString)), + remove: z.array(z.string().min(1).superRefine(isNonEmptyString)), }); export type SetAlertAssigneesRequestBody = z.infer; @@ -37,9 +31,6 @@ export const SetAlertAssigneesRequestBody = z.object({ * Details about the assignees to assign and unassign. */ assignees: AlertAssignees, - /** - * List of alerts ids to assign and unassign passed assignees. - */ ids: AlertIds, }); export type SetAlertAssigneesRequestBodyInput = z.input; diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml index b4b5e858672dd..6c28c76a0b29a 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/alert_assignees/set_alert_assignees_route.schema.yaml @@ -28,10 +28,42 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '../../model/alert.schema.yaml#/components/schemas/AlertIds' - description: List of alerts ids to assign and unassign passed assignees. + examples: + add: + value: + assignees: + add: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0'] + remove: [] + ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6'] + remove: + value: + assignees: + add: [] + remove: ['u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0'] + ids: ['681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6'] responses: 200: description: Indicates a successful call. + content: + application/ndjson: + examples: + add: + value: + took: 76, + timed_out: false, + total: 1, + updated: 1, + deleted: 0, + batches: 1, + version_conflicts: 0, + noops: 0, + retries: + - bulk: 0, + - search: 0 + throttled_millis: 0, + requests_per_second: -1, + throttled_until_millis: 0, + failures: [] 400: description: Invalid request. @@ -46,10 +78,14 @@ components: add: type: array items: - $ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' - description: A list of users ids to assign. + type: string + format: nonempty + minLength: 1 + description: A list of users ids to assign. remove: type: array items: - $ref: '../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' - description: A list of users ids to unassign. + type: string + format: nonempty + minLength: 1 + description: A list of users ids to unassign. diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts index b08d4ff877058..f4b40c03a634a 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.gen.ts @@ -18,6 +18,9 @@ import { z } from '@kbn/zod'; import { AlertIds, AlertTags } from '../../../model/alert.gen'; +/** + * Object with list of tags to add and remove. + */ export type SetAlertTags = z.infer; export const SetAlertTags = z.object({ tags_to_add: AlertTags, diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml index 2e712ed3fec40..e80be52c99415 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/alert_tags/set_alert_tags/set_alert_tags.schema.yaml @@ -30,6 +30,19 @@ paths: required: - ids - tags + examples: + add: + value: + tags: + tags_to_add: ['Duplicate'] + tags_to_remove: [] + ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e'] + remove: + value: + tags: + tags_to_add: [] + tags_to_remove: ['Duplicate'] + ids: ['549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e'] responses: 200: description: Successful response @@ -39,6 +52,24 @@ paths: type: object additionalProperties: true description: Elasticsearch update by query response + examples: + success: + value: + took: 68, + timed_out: false, + total: 1, + updated: 1, + deleted: 0, + batches: 1, + version_conflicts: 0, + noops: 0, + retries: + bulk: 0, + search: 0 + throttled_millis: 0, + requests_per_second: -1, + throttled_until_millis: 0, + failures: [] 400: description: Invalid input data response content: @@ -63,6 +94,7 @@ paths: components: schemas: SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml index 70283f59ef79d..f9a854689c490 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_index/read_index.schema.yaml @@ -25,6 +25,11 @@ paths: type: boolean nullable: true required: [name, index_mapping_outdated] + examples: + success: + value: + index_mapping_outdated: false + name: '.alerts-security.alerts-default' 401: description: Unsuccessful authentication response content: diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml index 168ad44849014..02239060325dc 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/index_management/read_privileges/read_privileges.schema.yaml @@ -29,6 +29,42 @@ paths: has_encryption_key: type: boolean required: [is_authenticated, has_encryption_key] + examples: + success: + value: + username: elastic + has_all_requested: true + cluster: + all: true + monitor_ml: true + manage_transform: true + manage_index_templates: true + monitor_transform: true + manage_ml: true + monitor: true + manage_pipeline: true + manage_api_key: true + manage_security: true + manage_own_api_key: true + manage: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + application: {} + is_authenticated: true + has_encryption_key: true 401: description: Unsuccessful authentication response content: diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml index 00061cf50c60d..b16899d755599 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals/query_signals/query_signals_route.schema.yaml @@ -48,6 +48,35 @@ paths: sort: $ref: '#/components/schemas/AlertsSort' description: Elasticsearch query and aggregation request + examples: + query: + value: + size: 0 + query: + bool: + filter: + - bool: + must: [] + filter: + - match_phrase: + kibana.alert.workflow_status: open + should: [] + must_not: + - exists: + field: kibana.alert.building_block_type + - range: + '@timestamp': + gte: 2025-01-17T08:00:00.000Z + lte: 2025-01-18T07:59:59.999Z + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + runtime_mappings: {} responses: 200: description: Successful response @@ -57,6 +86,31 @@ paths: type: object additionalProperties: true description: Elasticsearch search response + examples: + success: + value: + took: 0 + timed_out: false + _shards: + total: 1 + successful: 1 + skipped: 0 + failed: 0 + hits: + total: + value: 5 + relation: eq + max_score: null + hits: [] + aggregations: + alertsByGrouping: + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + buckets: + - key: Host-f43kkddfyc + doc_count: 5 + missingFields: + doc_count: 0 400: description: Invalid input data response content: diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts index c8def8a2fb305..b95be98a5c897 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.gen.ts @@ -15,13 +15,16 @@ */ import { z } from '@kbn/zod'; +import { isNonEmptyString } from '@kbn/zod-helpers'; -import { NonEmptyString } from '../../../model/primitives.gen'; import { AlertStatus } from '../../../model/alert.gen'; export type SetAlertsStatusByIds = z.infer; export const SetAlertsStatusByIds = z.object({ - signal_ids: z.array(NonEmptyString).min(1), + /** + * List of alert `id`s. + */ + signal_ids: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1), status: AlertStatus, }); diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml index fe514c4dafe2e..2f3266254ebd3 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals/set_signal_status/set_signals_status_route.schema.yaml @@ -21,6 +21,42 @@ paths: oneOf: - $ref: '#/components/schemas/SetAlertsStatusByIds' - $ref: '#/components/schemas/SetAlertsStatusByQuery' + examples: + byId: + value: + status: closed + signal_ids: ['80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1'] + byQuery: + value: + conflicts: proceed + status: closed + query: + bool: + must: [] + filter: + - range: + '@timestamp': + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + format: strict_date_optional_time + - bool: + filter: + bool: + must: [] + filter: + - match_phrase: + kibana.alert.workflow_status: open + - range: + '@timestamp': + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + format: strict_date_optional_time + should: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must_not: [] responses: 200: description: Successful response @@ -30,6 +66,41 @@ paths: type: object additionalProperties: true description: Elasticsearch update by query response + examples: + byId: + value: + took: 81 + timed_out: false + total: 1 + updated: 1 + deleted: 0 + batches: 1 + version_conflicts: 0 + noops: 0 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + requests_per_second: -1 + throttled_until_millis: 0 + failures: [] + byQuery: + value: + took: 100 + timed_out: false + total: 17 + updated: 17 + deleted: 0 + batches: 1 + version_conflicts: 0 + noops: 0 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + requests_per_second: -1 + throttled_until_millis: 0 + failures: [] 400: description: Invalid input data response content: @@ -58,8 +129,11 @@ components: properties: signal_ids: type: array + description: List of alert `id`s. items: - $ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + format: nonempty + minLength: 1 minItems: 1 status: $ref: '../../../model/alert.schema.yaml#/components/schemas/AlertStatus' diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts index 7f321de7c06da..8dd0f18334724 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.gen.ts @@ -15,13 +15,21 @@ */ import { z } from '@kbn/zod'; - -import { NonEmptyString } from '../../../model/primitives.gen'; +import { isNonEmptyString } from '@kbn/zod-helpers'; export type AlertsReindexOptions = z.infer; export const AlertsReindexOptions = z.object({ + /** + * The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API. + */ requests_per_second: z.number().int().min(1).optional(), + /** + * Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API. + */ size: z.number().int().min(1).optional(), + /** + * The number of subtasks for the migration task. Corresponds to slices on the Reindex API. + */ slices: z.number().int().min(1).optional(), }); @@ -49,7 +57,10 @@ export const SkippedAlertsIndexMigration = z.object({ export type CreateAlertsMigrationRequestBody = z.infer; export const CreateAlertsMigrationRequestBody = z .object({ - index: z.array(NonEmptyString).min(1), + /** + * Array of index names to migrate. + */ + index: z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1), }) .merge(AlertsReindexOptions); export type CreateAlertsMigrationRequestBodyInput = z.input< diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml index 52178537d6363..37275cd7589e7 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/create_signals_migration/create_signals_migration.schema.yaml @@ -24,13 +24,19 @@ paths: - type: object properties: index: + description: Array of index names to migrate. type: array items: - $ref: '../../../model/primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + format: nonempty + minLength: 1 minItems: 1 required: [index] - $ref: '#/components/schemas/AlertsReindexOptions' - + examples: + singleIndex: + value: + index: [.siem-signals-default-000001] responses: 200: description: Successful response @@ -47,6 +53,13 @@ paths: - $ref: '#/components/schemas/AlertsIndexMigrationError' - $ref: '#/components/schemas/SkippedAlertsIndexMigration' required: [indices] + examples: + success: + value: + indices: + - index: .siem-signals-default-000001, + migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d + migration_index: .siem-signals-default-000001-r000016 400: description: Invalid input data response content: @@ -76,12 +89,15 @@ components: requests_per_second: type: integer minimum: 1 + description: The throttle for the migration task in sub-requests per second. Corresponds to requests_per_second on the Reindex API. size: type: integer minimum: 1 + description: Number of alerts to migrate per batch. Corresponds to the source.size option on the Reindex API. slices: type: integer minimum: 1 + description: The number of subtasks for the migration task. Corresponds to slices on the Reindex API. AlertsIndexMigrationSuccess: type: object diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts index b9d9604f5449b..47b043706f40c 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.gen.ts @@ -34,6 +34,9 @@ export const MigrationCleanupResult = z.object({ export type AlertsMigrationCleanupRequestBody = z.infer; export const AlertsMigrationCleanupRequestBody = z.object({ + /** + * Array of `migration_id`s to cleanup. + */ migration_ids: z.array(z.string()).min(1), }); export type AlertsMigrationCleanupRequestBodyInput = z.input< diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml index 8aa36d8496d09..b1adffc82de2a 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/delete_signals_migration/delete_signals_migration.schema.yaml @@ -13,7 +13,7 @@ paths: Migrations favor data integrity over shard size. Consequently, unused or orphaned indices are artifacts of the migration process. A successful migration will result in both the old and new indices being present. As such, the old, orphaned index can (and likely should) be deleted. - + While you can delete these indices manually, the endpoint accomplishes this task by applying a deletion policy to the relevant index, causing it to be deleted after 30 days. It also deletes other artifacts specific to the migration implementation. @@ -28,11 +28,14 @@ paths: type: object properties: migration_ids: + description: Array of `migration_id`s to cleanup. type: array items: type: string minItems: 1 required: [migration_ids] + example: + migration_ids: [924f7c50-505f-11eb-ae0a-3fa2e626a51d] responses: 200: description: Successful response @@ -42,6 +45,16 @@ paths: type: array items: $ref: '#/components/schemas/MigrationCleanupResult' + examples: + success: + value: + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + destinationIndex: .siem-signals-default-000002-r000016 + status: success + sourceIndex: .siem-signals-default-000002 + version: 16 + updated: 2021-01-06T22:05:56.859Z 400: description: Invalid input data response content: diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts index d337beffb9f45..d5da5fcc892d8 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.gen.ts @@ -35,6 +35,9 @@ export const MigrationFinalizationResult = z.object({ export type FinalizeAlertsMigrationRequestBody = z.infer; export const FinalizeAlertsMigrationRequestBody = z.object({ + /** + * Array of `migration_id`s to finalize. + */ migration_ids: z.array(z.string()).min(1), }); export type FinalizeAlertsMigrationRequestBodyInput = z.input< diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml index d36df73832530..3122031c6d18f 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/finalize_signals_migration/finalize_signals_migration.schema.yaml @@ -24,11 +24,14 @@ paths: type: object properties: migration_ids: + description: Array of `migration_id`s to finalize. type: array items: type: string minItems: 1 required: [migration_ids] + example: + migration_ids: ['924f7c50-505f-11eb-ae0a-3fa2e626a51d'] responses: 200: description: Successful response @@ -38,6 +41,17 @@ paths: type: array items: $ref: '#/components/schemas/MigrationFinalizationResult' + examples: + success: + value: + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + completed: true + destinationIndex: '.siem-signals-default-000002-r000016' + status: success + sourceIndex: '.siem-signals-default-000002' + version: 16 + updated: '2021-01-06T22:05:56.859Z' 400: description: Invalid input data response content: diff --git a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml index 6cf11191f5d70..7792440849ebd 100644 --- a/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/detection_engine/signals_migration/read_signals_migration_status/read_signals_migration_status.schema.yaml @@ -4,7 +4,7 @@ info: version: '2023-10-31' paths: /api/detection_engine/signals/migration_status: - post: + get: x-labels: [ess] operationId: ReadAlertsMigrationStatus x-codegen-enabled: true @@ -23,6 +23,7 @@ paths: Time from which data is analyzed. For example, now-4200s means the rule analyzes data from 70 minutes before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). format: date-math + example: now-30d responses: 200: description: Successful response @@ -36,6 +37,30 @@ paths: items: $ref: '#/components/schemas/IndexMigrationStatus' required: [indices] + examples: + success: + value: + indices: + - index: .siem-signals-default-000002 + version: 15 + signal_versions: + - version: 15 + count: 100 + - version: 16 + count: 87 + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + status: pending + version: 16 + updated: 2021-01-06T20:41:37.173Z + is_outdated: true + - index: .siem-signals-default-000003 + version: 16 + signal_versions: + - version: 16 + count: 54 + migrations: [] + is_outdated: false 400: description: Invalid input data response content: diff --git a/x-pack/plugins/security_solution/common/api/model/alert.gen.ts b/x-pack/plugins/security_solution/common/api/model/alert.gen.ts index 04a32d7866d0a..bb9cf4354684d 100644 --- a/x-pack/plugins/security_solution/common/api/model/alert.gen.ts +++ b/x-pack/plugins/security_solution/common/api/model/alert.gen.ts @@ -15,21 +15,29 @@ */ import { z } from '@kbn/zod'; - -import { NonEmptyString } from './primitives.gen'; +import { isNonEmptyString } from '@kbn/zod-helpers'; /** - * A list of alerts ids. + * A list of alerts `id`s. */ export type AlertIds = z.infer; -export const AlertIds = z.array(NonEmptyString).min(1); +export const AlertIds = z.array(z.string().min(1).superRefine(isNonEmptyString)).min(1); +/** + * Use alert tags to organize related alerts into categories that you can filter and group. + */ export type AlertTag = z.infer; -export const AlertTag = NonEmptyString; +export const AlertTag = z.string().min(1).superRefine(isNonEmptyString); +/** + * List of keywords to organize related alerts into categories that you can filter and group. + */ export type AlertTags = z.infer; export const AlertTags = z.array(AlertTag); +/** + * The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. + */ export type AlertStatus = z.infer; export const AlertStatus = z.enum(['open', 'closed', 'acknowledged', 'in-progress']); export type AlertStatusEnum = typeof AlertStatus.enum; diff --git a/x-pack/plugins/security_solution/common/api/model/alert.schema.yaml b/x-pack/plugins/security_solution/common/api/model/alert.schema.yaml index ecf7e02d6ebe3..9304c1acdffc5 100644 --- a/x-pack/plugins/security_solution/common/api/model/alert.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/model/alert.schema.yaml @@ -9,19 +9,26 @@ components: AlertIds: type: array items: - $ref: './primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + minLength: 1 + format: nonempty minItems: 1 - description: A list of alerts ids. + description: A list of alerts `id`s. AlertTag: - $ref: './primitives.schema.yaml#/components/schemas/NonEmptyString' + type: string + format: nonempty + minLength: 1 + description: Use alert tags to organize related alerts into categories that you can filter and group. AlertTags: type: array + description: List of keywords to organize related alerts into categories that you can filter and group. items: $ref: '#/components/schemas/AlertTag' AlertStatus: + description: The status of an alert, which can be `open`, `acknowledged`, `in-progress`, or `closed`. type: string enum: - open diff --git a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts index e9529dbfd782d..34a3cbfb6c0be 100644 --- a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -1819,7 +1819,7 @@ finalize it. headers: { [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, - method: 'POST', + method: 'GET', query: props.query, }) diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 27ee8e93b6f77..0e44be488a084 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -65,6 +65,11 @@ paths: '200': content: application/json: + examples: + success: + value: + index_mapping_outdated: false + name: .alerts-security.alerts-default schema: type: object properties: @@ -163,6 +168,42 @@ paths: '200': content: application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -989,6 +1030,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -997,13 +1057,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: '1,' + deleted: '0,' + failures: [] + noops: '0,' + requests_per_second: '-1,' + retries: + - bulk: '0,' + - search: 0 + throttled_millis: '0,' + throttled_until_millis: '0,' + timed_out: 'false,' + took: '76,' + total: '1,' + updated: '1,' + version_conflicts: '0,' description: Indicates a successful call. '400': description: Invalid request. @@ -1025,9 +1104,13 @@ paths: content: application/json: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to finalize. items: type: string minItems: 1 @@ -1040,6 +1123,17 @@ paths: '200': content: application/json: + examples: + success: + value: + migrations: + - completed: true + destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: '2021-01-06T22:05:56.859Z' + version: 16 schema: items: $ref: '#/components/schemas/MigrationFinalizationResult' @@ -1093,9 +1187,13 @@ paths: content: application/json: schema: + example: + migration_ids: + - 924f7c50-505f-11eb-ae0a-3fa2e626a51d type: object properties: migration_ids: + description: Array of `migration_id`s to cleanup. items: type: string minItems: 1 @@ -1108,6 +1206,16 @@ paths: '200': content: application/json: + examples: + success: + value: + migrations: + - destinationIndex: .siem-signals-default-000002-r000016 + id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + sourceIndex: .siem-signals-default-000002 + status: success + updated: 2021-01-06T22:05:56.859Z + version: 16 schema: items: $ref: '#/components/schemas/MigrationCleanupResult' @@ -1149,13 +1257,21 @@ paths: requestBody: content: application/json: + examples: + singleIndex: + value: + index: + - .siem-signals-default-000001 schema: allOf: - type: object properties: index: + description: Array of index names to migrate. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array required: @@ -1167,6 +1283,13 @@ paths: '200': content: application/json: + examples: + success: + value: + indices: + - index: '.siem-signals-default-000001,' + migration_id: 923f7c50-505f-11eb-ae0a-3fa2e626a51d + migration_index: .siem-signals-default-000001-r000016 schema: type: object properties: @@ -1205,7 +1328,7 @@ paths: - Security Detections API - Alerts migration API /api/detection_engine/signals/migration_status: - post: + get: description: >- Retrieve indices that contain detection alerts of a particular age, along with migration information for each of those indices. @@ -1222,12 +1345,37 @@ paths: before its start time. Defaults to now-6m (analyzes data from 6 minutes before the start time). + example: now-30d format: date-math type: string responses: '200': content: application/json: + examples: + success: + value: + indices: + - index: .siem-signals-default-000002 + is_outdated: true + migrations: + - id: 924f7c50-505f-11eb-ae0a-3fa2e626a51d + status: pending + updated: 2021-01-06T20:41:37.173Z + version: 16 + signal_versions: + - count: 100 + version: 15 + - count: 87 + version: 16 + version: 15 + - index: .siem-signals-default-000003 + is_outdated: false + migrations: [] + signal_versions: + - count: 54 + version: 16 + version: 16 schema: type: object properties: @@ -1269,6 +1417,35 @@ paths: requestBody: content: application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: 2025-01-17T08:00:00.000Z + lte: 2025-01-18T07:59:59.999Z + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -1306,6 +1483,31 @@ paths: '200': content: application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -1342,6 +1544,44 @@ paths: requestBody: content: application/json: + examples: + byId: + value: + signal_ids: + - >- + 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/SetAlertsStatusByIds' @@ -1354,6 +1594,41 @@ paths: '200': content: application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -1393,6 +1668,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -1411,6 +1705,24 @@ paths: '200': content: application/json: + examples: + success: + value: + batches: '1,' + deleted: '0,' + failures: [] + noops: '0,' + requests_per_second: '-1,' + retries: + bulk: '0,' + search: 0 + throttled_millis: '0,' + throttled_until_millis: '0,' + timed_out: 'false,' + took: '68,' + total: '1,' + updated: '1,' + version_conflicts: '0,' schema: additionalProperties: true description: Elasticsearch update by query response @@ -1461,22 +1773,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array AlertsIndex: @@ -1521,12 +1839,21 @@ components: type: object properties: requests_per_second: + description: >- + The throttle for the migration task in sub-requests per second. + Corresponds to requests_per_second on the Reindex API. minimum: 1 type: integer size: + description: >- + Number of alerts to migrate per batch. Corresponds to the + source.size option on the Reindex API. minimum: 1 type: integer slices: + description: >- + The number of subtasks for the migration task. Corresponds to slices + on the Reindex API. minimum: 1 type: integer AlertsSort: @@ -1541,6 +1868,9 @@ components: - additionalProperties: true type: object AlertStatus: + description: >- + The status of an alert, which can be `open`, `acknowledged`, + `in-progress`, or `closed`. enum: - open - closed @@ -1594,8 +1924,16 @@ components: - suppress type: string AlertTag: - $ref: '#/components/schemas/NonEmptyString' + description: >- + Use alert tags to organize related alerts into categories that you can + filter and group. + format: nonempty + minLength: 1 + type: string AlertTags: + description: >- + List of keywords to organize related alerts into categories that you can + filter and group. items: $ref: '#/components/schemas/AlertTag' type: array @@ -5842,8 +6180,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -5869,6 +6210,7 @@ components: - query - status SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index e8bc3e9b73b2f..bb453f112814d 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -700,9 +700,11 @@ components: - crowdstrike type: string AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array CaseIds: @@ -949,11 +951,6 @@ components: type: string required: - hostStatuses - NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Page: default: 1 description: Page number diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml index f630e2c3ec770..462c18f7c3985 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -32,6 +32,42 @@ paths: '200': content: application/json: + examples: + success: + value: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + has_encryption_key: true + index: + .alerts-security.alerts-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + is_authenticated: true + username: elastic schema: type: object properties: @@ -574,6 +610,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + assignees: + add: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + remove: [] + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 + remove: + value: + assignees: + add: [] + remove: + - u_MxY0jbrft7EcfC6iNZSUGeI_n6iYrSwZj5mWF5EqmSU_0 + ids: + - >- + 681c2a707335aa7df5f349b70013d87254746191712ecf0ced9b3e2d538503a6 schema: type: object properties: @@ -582,13 +637,32 @@ paths: description: Details about the assignees to assign and unassign. ids: $ref: '#/components/schemas/AlertIds' - description: List of alerts ids to assign and unassign passed assignees. required: - assignees - ids required: true responses: '200': + content: + application/ndjson: + examples: + add: + value: + batches: '1,' + deleted: '0,' + failures: [] + noops: '0,' + requests_per_second: '-1,' + retries: + - bulk: '0,' + - search: 0 + throttled_millis: '0,' + throttled_until_millis: '0,' + timed_out: 'false,' + took: '76,' + total: '1,' + updated: '1,' + version_conflicts: '0,' description: Indicates a successful call. '400': description: Invalid request. @@ -602,6 +676,35 @@ paths: requestBody: content: application/json: + examples: + query: + value: + aggs: + alertsByGrouping: + terms: + field: host.name + size: 10 + missingFields: + missing: + field: host.name + query: + bool: + filter: + - bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + - range: + '@timestamp': + gte: 2025-01-17T08:00:00.000Z + lte: 2025-01-18T07:59:59.999Z + runtime_mappings: {} + size: 0 schema: description: Elasticsearch query and aggregation request type: object @@ -639,6 +742,31 @@ paths: '200': content: application/json: + examples: + success: + value: + _shards: + failed: 0 + skipped: 0 + successful: 1 + total: 1 + aggregations: + alertsByGrouping: + buckets: + - doc_count: 5 + key: Host-f43kkddfyc + doc_count_error_upper_bound: 0 + sum_other_doc_count: 0 + missingFields: + doc_count: 0 + hits: + hits: [] + max_score: null + total: + relation: eq + value: 5 + timed_out: false + took: 0 schema: additionalProperties: true description: Elasticsearch search response @@ -675,6 +803,44 @@ paths: requestBody: content: application/json: + examples: + byId: + value: + signal_ids: + - >- + 80e1383f856e67c1b7f7a1634744fa6d66b6e2ef7aa26d226e57afb5a7b2b4a1 + status: closed + byQuery: + value: + conflicts: proceed + query: + bool: + filter: + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + - bool: + filter: + bool: + filter: + - match_phrase: + kibana.alert.workflow_status: open + - '@timestamp': + format: strict_date_optional_time + gte: 2024-10-23T07:00:00.000Z + lte: 2025-01-21T20:12:11.704Z + range: null + must: [] + must_not: + - exists: + field: kibana.alert.building_block_type + should: [] + must: [] + must_not: [] + should: [] + status: closed schema: oneOf: - $ref: '#/components/schemas/SetAlertsStatusByIds' @@ -687,6 +853,41 @@ paths: '200': content: application/json: + examples: + byId: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 81 + total: 1 + updated: 1 + version_conflicts: 0 + byQuery: + value: + batches: 1 + deleted: 0 + failures: [] + noops: 0 + requests_per_second: -1 + retries: + bulk: 0 + search: 0 + throttled_millis: 0 + throttled_until_millis: 0 + timed_out: false + took: 100 + total: 17 + updated: 17 + version_conflicts: 0 schema: additionalProperties: true description: Elasticsearch update by query response @@ -726,6 +927,25 @@ paths: requestBody: content: application/json: + examples: + add: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: + - Duplicate + tags_to_remove: [] + remove: + value: + ids: + - >- + 549c7129c76cbd554aba1bd638f8a49dde95088f5832e50218358e7eca1cf16e + tags: + tags_to_add: [] + tags_to_remove: + - Duplicate schema: type: object properties: @@ -744,6 +964,24 @@ paths: '200': content: application/json: + examples: + success: + value: + batches: '1,' + deleted: '0,' + failures: [] + noops: '0,' + requests_per_second: '-1,' + retries: + bulk: '0,' + search: 0 + throttled_millis: '0,' + throttled_until_millis: '0,' + timed_out: 'false,' + took: '68,' + total: '1,' + updated: '1,' + version_conflicts: '0,' schema: additionalProperties: true description: Elasticsearch update by query response @@ -794,22 +1032,28 @@ components: type: object properties: add: - description: A list of users ids to assign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to assign. + format: nonempty + minLength: 1 + type: string type: array remove: - description: A list of users ids to unassign. items: - $ref: '#/components/schemas/NonEmptyString' + description: A list of users ids to unassign. + format: nonempty + minLength: 1 + type: string type: array required: - add - remove AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array AlertsIndex: @@ -831,6 +1075,9 @@ components: - additionalProperties: true type: object AlertStatus: + description: >- + The status of an alert, which can be `open`, `acknowledged`, + `in-progress`, or `closed`. enum: - open - closed @@ -884,8 +1131,16 @@ components: - suppress type: string AlertTag: - $ref: '#/components/schemas/NonEmptyString' + description: >- + Use alert tags to organize related alerts into categories that you can + filter and group. + format: nonempty + minLength: 1 + type: string AlertTags: + description: >- + List of keywords to organize related alerts into categories that you can + filter and group. items: $ref: '#/components/schemas/AlertTag' type: array @@ -4995,8 +5250,11 @@ components: type: object properties: signal_ids: + description: List of alert `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array status: @@ -5022,6 +5280,7 @@ components: - query - status SetAlertTags: + description: Object with list of tags to add and remove. type: object properties: tags_to_add: diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index a21225736ae50..5891e81a28fa1 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -600,9 +600,11 @@ components: - crowdstrike type: string AlertIds: - description: A list of alerts ids. + description: A list of alerts `id`s. items: - $ref: '#/components/schemas/NonEmptyString' + format: nonempty + minLength: 1 + type: string minItems: 1 type: array CaseIds: @@ -849,11 +851,6 @@ components: type: string required: - hostStatuses - NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 - type: string Page: default: 1 description: Page number diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index 0655515ce70a5..00b91dc8fabe6 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -1225,7 +1225,7 @@ finalize it. kibanaSpace: string = 'default' ) { return supertest - .post(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace)) + .get(routeWithNamespace('/api/detection_engine/signals/migration_status', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana')