From f3e2be14f16e7af025b474d1539ef2e05453621d Mon Sep 17 00:00:00 2001 From: Jean-Louis Leysens Date: Thu, 30 Jan 2025 16:59:45 +0100 Subject: [PATCH 1/3] [OAS] Remove `Elastic-Api-Version` (#207071) ## Summary We anticipate generating a single document per API version for the foreseeable future. This PR updates our OAS document merging logic to avoid adding the `Elastic-Api-Version` header to our spec. This will also remove this header from current documentation. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit 53cba303e55c6c7d0060908938c343931513d114) # Conflicts: # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml --- oas_docs/output/kibana.serverless.yaml | 8921 +++-- oas_docs/output/kibana.yaml | 28652 ++++++++++++++-- oas_docs/overlays/alerting.overlays.yaml | 31 +- oas_docs/overlays/connectors.overlays.yaml | 60 +- oas_docs/overlays/kibana.overlays.shared.yaml | 32 +- oas_docs/overlays/kibana.overlays.yaml | 62 +- .../merge_documents/merge_documents.ts | 5 - .../tests/merger/merge_multiple_specs.test.ts | 4 +- ..._specs_with_conflicting_components.test.ts | 8 +- 9 files changed, 31801 insertions(+), 5974 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index eb95a2358e302..d0759a6daad16 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -71,6 +71,7 @@ tags: description: Connector documentation url: https://www.elastic.co/docs/current/serverless/action-connectors x-displayName: Connectors + - name: Dashboards - name: Data streams - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns. name: data views @@ -113,7 +114,12 @@ tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API x-displayName: Security AI assistant - - description: You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. + - description: | + Use the detections APIs to create and manage detection rules. Detection rules search events and external alerts sent to Elastic Security and generate detection alerts from any hits. Alerts are displayed on the **Alerts** page and can be assigned and triaged, using the alert status to mark them as open, closed, or acknowledged. + > warn + > If the API key used for authorization has different privileges than the key that created or most recently updated a rule, the rule behavior might change. + + > If the API key that created a rule is deleted, or the user that created the rule becomes inactive, the rule will stop running. name: Security Detections API x-displayName: Security detections - description: Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. @@ -125,10 +131,67 @@ tags: - description: '' name: Security Entity Analytics API x-displayName: Security entity analytics - - description: Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. + - description: | + Exceptions are associated with detection and endpoint rules, and are used to prevent a rule from generating an alert from incoming events, even when the rule's other criteria are met. They can help reduce the number of false positives and prevent trusted processes and network activity from generating unnecessary alerts. + + Exceptions are made up of: + + * **Exception containers**: A container for related exceptions. Generally, a single exception container contains all the exception items relevant for a subset of rules. For example, a container can be used to group together network-related exceptions that are relevant for a large number of network rules. The container can then be associated with all the relevant rules. + * **Exception items**: The query (fields, values, and logic) used to prevent rules from generating alerts. When an exception item's query evaluates to `true`, the rule does not generate an alert. + + For detection rules, you can also use lists to define rule exceptions. A list holds multiple values of the same Elasticsearch data type, such as IP addresses. These values are used to determine when an exception prevents an alert from being generated. + > info + > You cannot use lists with endpoint rule exceptions. + + > info + > Only exception containers can be associated with rules. You cannot directly associate an exception item or a list container with a rule. To use list exceptions, create an exception item that references the relevant list container. + + ## Exceptions requirements + + Before you can start working with exceptions that use value lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. For a complete list of requirements, refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui). name: Security Exceptions API x-displayName: Security exceptions - - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + - description: | + Lists can be used with detection rule exceptions to define values that prevent a rule from generating alerts. + + Lists are made up of: + + * **List containers**: A container for values of the same Elasticsearch data type. The following data types can be used: + * `boolean` + * `byte` + * `date` + * `date_nanos` + * `date_range` + * `double` + * `double_range` + * `float` + * `float_range` + * `half_float` + * `integer` + * `integer_range` + * `ip` + * `ip_range` + * `keyword` + * `long` + * `long_range` + * `short` + * `text` + * **List items**: The values used to determine whether the exception prevents an alert from being generated. + + All list items in the same list container must be of the same data type, and each item defines a single value. For example, an IP list container named `internal-ip-addresses-southport` contains five items, where each item defines one internal IP address: + 1. `192.168.1.1` + 2. `192.168.1.3` + 3. `192.168.1.18` + 4. `192.168.1.12` + 5. `192.168.1.7` + + To use these IP addresses as values for defining rule exceptions, use the Security exceptions API to [create an exception list item](../operation/operation-createexceptionlistitem) that references the `internal-ip-addresses-southport` list. + > info + > Lists cannot be added directly to rules, nor do they define the operators used to determine when exceptions are applied (`is in list`, `is not in list`). Use an exception item to define the operator and associate it with an [exception container](../operation/operation-createexceptionlist). You can then add the exception container to a rule's `exceptions_list` object. + + ## Lists requirements + + Before you can start using lists, you must create the `.lists` and `.items` data streams for the relevant Kibana space. To do this, use the [Create list data streams](../operation/operation-createlistindex) endpoint. Once these data streams are created, your role needs privileges to manage rules. Refer to [Enable and access detections](https://www.elastic.co/guide/en/serverless/current/security-detections-requirements.html#enable-detections-ui) for a complete list of requirements. name: Security Lists API x-displayName: Security lists - description: Run live queries, manage packs and saved queries. @@ -153,14 +216,6 @@ paths: description: You do not need any Kibana feature privileges to run this API. operationId: get-actions-connector-types parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A filter to limit the retrieved connector types to those that support a specific feature (such as alerting or cases). in: query name: feature_id @@ -171,7 +226,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorTypesServerlessResponse: $ref: '#/components/examples/get_connector_types_generativeai_response' @@ -184,14 +239,6 @@ paths: description: 'WARNING: When you delete a connector, it cannot be recovered.' operationId: delete-actions-connector-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -215,14 +262,6 @@ paths: get: operationId: get-actions-connector-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: An identifier for the connector. in: path name: id @@ -232,7 +271,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -279,14 +318,6 @@ paths: post: operationId: post-actions-connector-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -302,7 +333,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -381,7 +412,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -434,14 +465,6 @@ paths: put: operationId: put-actions-connector-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -457,7 +480,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -526,7 +549,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -572,14 +595,6 @@ paths: description: You can use this API to test an action that involves interaction with Kibana services or integrations with third-party systems. operationId: post-actions-connector-id-execute parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -595,7 +610,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -639,7 +654,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -696,20 +711,12 @@ paths: /api/actions/connectors: get: operationId: get-actions-connectors - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorsResponse: $ref: '#/components/examples/get_connectors_response' @@ -721,14 +728,6 @@ paths: delete: operationId: delete-alerting-rule-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -758,14 +757,6 @@ paths: get: operationId: get-alerting-rule-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: The identifier for the rule. in: path name: id @@ -775,7 +766,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -1433,14 +1424,6 @@ paths: post: operationId: post-alerting-rule-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -1456,7 +1439,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -1702,7 +1685,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -2371,14 +2354,6 @@ paths: put: operationId: put-alerting-rule-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -2394,7 +2369,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -2604,7 +2579,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -3268,14 +3243,6 @@ paths: post: operationId: post-alerting-rule-id-disable parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3291,7 +3258,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false nullable: true @@ -3318,14 +3285,6 @@ paths: post: operationId: post-alerting-rule-id-enable parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3356,14 +3315,6 @@ paths: post: operationId: post-alerting-rule-id-mute-all parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3394,14 +3345,6 @@ paths: post: operationId: post-alerting-rule-id-unmute-all parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3432,14 +3375,6 @@ paths: post: operationId: post-alerting-rule-id-update-api-key parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3472,14 +3407,6 @@ paths: post: operationId: post-alerting-rule-rule-id-alert-alert-id-mute parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3516,14 +3443,6 @@ paths: post: operationId: post-alerting-rule-rule-id-alert-alert-id-unmute parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -3560,14 +3479,6 @@ paths: get: operationId: get-alerting-rules-find parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: The number of rules to return per page. in: query name: per_page @@ -3666,7 +3577,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -4333,38 +4244,38 @@ paths: - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_agent_keys_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_agent_keys_response' description: Agent key created successfully '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response @@ -4380,7 +4291,7 @@ paths: - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -4394,32 +4305,32 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4442,38 +4353,38 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_create_annotation_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_create_annotation_response' description: Annotation created successfully '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4514,25 +4425,25 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_annotation_search_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response @@ -4548,38 +4459,38 @@ paths: - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_service_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4594,25 +4505,25 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_agent_configurations_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4632,39 +4543,39 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_agent_configuration_intake_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4688,25 +4599,25 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_service_agent_name_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4727,25 +4638,25 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_service_environments_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4763,32 +4674,32 @@ paths: - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_search_agent_configuration_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4816,25 +4727,25 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response @@ -4861,31 +4772,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_source_maps_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response '501': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_501_response' description: Not Implemented response @@ -4901,44 +4812,44 @@ paths: - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: $ref: '#/components/schemas/APM_UI_upload_source_map_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_upload_source_maps_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response '501': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_501_response' description: Not Implemented response @@ -4962,38 +4873,38 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response '501': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_501_response' description: Not Implemented response @@ -5031,7 +4942,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -5071,7 +4982,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response @@ -5091,7 +5002,7 @@ paths: operationId: CreateAssetCriticalityRecord requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' @@ -5110,7 +5021,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response @@ -5129,7 +5040,7 @@ paths: operationId: BulkUpsertAssetCriticalityRecords requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: records: @@ -5152,7 +5063,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: errors: @@ -5229,7 +5140,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: page: 1 @@ -5282,390 +5193,2665 @@ paths: tags: - Security Entity Analytics API x-beta: true - /api/data_views: + /api/dashboards/dashboard: get: - operationId: getAllDataViewsDefault + description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + operationId: get-dashboards-dashboard + parameters: + - description: The page number to return. Default is "1". + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: number + - description: The number of dashboards to display on each page (max 1000). Default is "20". + in: query + name: perPage + required: false + schema: + maximum: 1000 + minimum: 1 + type: number responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getAllDataViewsResponse: - $ref: '#/components/examples/Data_views_get_data_views_response' + application/json: schema: + additionalProperties: false type: object properties: - data_view: + items: items: + additionalProperties: true type: object properties: - id: + attributes: + additionalProperties: false + type: object + properties: + description: + default: '' + description: A short description. + type: string + timeRestore: + default: false + description: Whether to restore time upon viewing this dashboard + type: boolean + title: + description: A human-readable title for the dashboard + type: string + required: + - title + createdAt: type: string - name: + createdBy: + type: string + error: + additionalProperties: false + type: object + properties: + error: + type: string + message: + type: string + metadata: + additionalProperties: true + type: object + properties: {} + statusCode: + type: number + required: + - error + - message + - statusCode + id: type: string + managed: + type: boolean namespaces: items: type: string type: array - title: + originId: type: string - typeMeta: - type: object + references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + type: + type: string + required: + - name + - type + - id + type: array + type: + type: string + updatedAt: + type: string + updatedBy: + type: string + version: + type: string + required: + - id + - type + - attributes + - references type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Get all data views - tags: - - data views - x-beta: true - /api/data_views/data_view: - post: - operationId: createDataViewDefaultw - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createDataViewRequest: - $ref: '#/components/examples/Data_views_create_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_create_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create a data view + total: + type: number + required: + - items + - total + summary: Get a list of dashboards tags: - - data views + - Dashboards + x-state: Technical Preview x-beta: true - /api/data_views/data_view/{viewId}: + /api/dashboards/dashboard/{id}: delete: - description: | - WARNING: When you delete a data view, it cannot be recovered. - operationId: deleteDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '204': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a data view - tags: - - data views - x-beta: true - get: - operationId: getDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDataViewResponse: - $ref: '#/components/examples/Data_views_get_data_view_response' - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a data view - tags: - - data views - x-beta: true - post: - operationId: updateDataViewDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateDataViewRequest: - $ref: '#/components/examples/Data_views_update_data_view_request' - schema: - $ref: '#/components/schemas/Data_views_update_data_view_request_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_data_view_response_object' - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a data view - tags: - - data views - x-beta: true - /api/data_views/data_view/{viewId}/fields: - post: - description: | - Update fields presentation metadata such as count, customLabel, customDescription, and format. - operationId: updateFieldsMetadataDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateFieldsMetadataRequest: - $ref: '#/components/examples/Data_views_update_field_metadata_request' - schema: - type: object - properties: - fields: - description: The field object. - type: object - required: - - fields - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - acknowledged: - type: boolean - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update data view fields metadata - tags: - - data views - x-beta: true - /api/data_views/data_view/{viewId}/runtime_field: - post: - operationId: createRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - createRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a successful call. - summary: Create a runtime field - tags: - - data views - x-beta: true - put: - operationId: createUpdateRuntimeFieldDefault + description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + operationId: delete-dashboards-dashboard-id parameters: - - $ref: '#/components/parameters/Data_views_kbn_xsrf' - - description: | - The ID of the data view fields you want to update. + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: A unique identifier for the dashboard. in: path - name: viewId + name: id required: true schema: type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_create_runtime_field_request' - schema: - type: object - properties: - name: - description: | - The name for a runtime field. - type: string - runtimeField: - description: | - The runtime field definition object. - type: object - required: - - name - - runtimeField - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data_view: - type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Create or update a runtime field - tags: - - data views - x-beta: true - /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: - delete: - operationId: deleteRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - responses: - '200': - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Delete a runtime field from a data view + responses: {} + summary: Delete a dashboard tags: - - data views + - Dashboards + x-state: Technical Preview x-beta: true get: - operationId: getRuntimeFieldDefault + description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + operationId: get-dashboards-dashboard-id parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' + - description: A unique identifier for the dashboard. + in: path + name: id + required: true + schema: + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getRuntimeFieldResponse: - $ref: '#/components/examples/Data_views_get_runtime_field_response' + application/json: schema: + additionalProperties: false type: object properties: - data_view: + item: + additionalProperties: true type: object - fields: - items: - type: object - type: array - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_404_response' - description: Object is not found. - summary: Get a runtime field - tags: - - data views - x-beta: true - post: - operationId: updateRuntimeFieldDefault - parameters: - - $ref: '#/components/parameters/Data_views_field_name' - - $ref: '#/components/parameters/Data_views_view_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - updateRuntimeFieldRequest: - $ref: '#/components/examples/Data_views_update_runtime_field_request' - schema: - type: object - properties: - runtimeField: - description: | - The runtime field definition object. - - You can update following fields: - - - `type` - - `script` - type: object - required: - - runtimeField - required: true - responses: - '200': - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Data_views_400_response' - description: Bad request - summary: Update a runtime field - tags: - - data views - x-beta: true - /api/data_views/default: - get: - operationId: getDefaultDataViewDefault - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - getDefaultDataViewResponse: + properties: + attributes: + additionalProperties: false + type: object + properties: + controlGroupInput: + additionalProperties: false + type: object + properties: + autoApplySelections: + default: true + description: Show apply selections button in controls. + type: boolean + chainingSystem: + default: HIERARCHICAL + description: The chaining strategy for multiple controls. For example, "HIERARCHICAL" or "NONE". + enum: + - NONE + - HIERARCHICAL + type: string + controls: + default: [] + description: An array of control panels and their state in the control group. + items: + additionalProperties: true + type: object + properties: + controlConfig: + additionalProperties: {} + type: object + grow: + default: false + description: Expand width of the control panel to fit available space. + type: boolean + id: + description: The unique ID of the control. + type: string + order: + description: The order of the control panel in the control group. + type: number + type: + description: The type of the control panel. + type: string + width: + default: medium + description: Minimum width of the control panel in the control group. + enum: + - small + - medium + - large + type: string + required: + - type + - order + type: array + enhancements: + additionalProperties: {} + type: object + ignoreParentSettings: + additionalProperties: false + type: object + properties: + ignoreFilters: + default: false + description: Ignore global filters in controls. + type: boolean + ignoreQuery: + default: false + description: Ignore the global query bar in controls. + type: boolean + ignoreTimerange: + default: false + description: Ignore the global time range in controls. + type: boolean + ignoreValidations: + default: false + description: Ignore validations in controls. + type: boolean + labelPosition: + default: oneLine + description: Position of the labels for controls. For example, "oneLine", "twoLine". + enum: + - oneLine + - twoLine + type: string + required: + - ignoreParentSettings + description: + default: '' + description: A short description. + type: string + kibanaSavedObjectMeta: + additionalProperties: false + default: {} + description: A container for various metadata + type: object + properties: + searchSource: + additionalProperties: true + type: object + properties: + filter: + items: + additionalProperties: false + description: A filter for the search source. + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState'). + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: {} + type: + type: string + value: + type: string + required: + - params + query: + additionalProperties: {} + type: object + required: + - meta + type: array + query: + additionalProperties: false + type: object + properties: + language: + description: The query language such as KQL or Lucene. + type: string + query: + anyOf: + - description: A text-based query such as Kibana Query Language (KQL) or Lucene query language. + type: string + - additionalProperties: {} + type: object + required: + - query + - language + sort: + items: + additionalProperties: + anyOf: + - enum: + - asc + - desc + type: string + - additionalProperties: false + type: object + properties: + format: + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + - additionalProperties: false + type: object + properties: + numeric_type: + enum: + - double + - long + - date + - date_nanos + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + type: object + type: array + type: + type: string + options: + additionalProperties: false + type: object + properties: + hidePanelTitles: + default: false + description: Hide the panel titles in the dashboard. + type: boolean + syncColors: + default: true + description: Synchronize colors between related panels in the dashboard. + type: boolean + syncCursor: + default: true + description: Synchronize cursor position between related panels in the dashboard. + type: boolean + syncTooltips: + default: true + description: Synchronize tooltips between related panels in the dashboard. + type: boolean + useMargins: + default: true + description: Show margins between panels in the dashboard layout. + type: boolean + panels: + default: [] + items: + additionalProperties: false + type: object + properties: + gridData: + additionalProperties: false + type: object + properties: + h: + default: 15 + description: The height of the panel in grid units + minimum: 1 + type: number + i: + type: string + w: + default: 24 + description: The width of the panel in grid units + maximum: 48 + minimum: 1 + type: number + x: + description: The x coordinate of the panel in grid units + type: number + 'y': + description: The y coordinate of the panel in grid units + type: number + required: + - x + - 'y' + - i + id: + description: The saved object id for by reference panels + type: string + panelConfig: + additionalProperties: true + type: object + properties: + description: + description: The description of the panel + type: string + enhancements: + additionalProperties: {} + type: object + hidePanelTitles: + description: Set to true to hide the panel title in its container. + type: boolean + savedObjectId: + description: The unique id of the library item to construct the embeddable. + type: string + title: + description: The title of the panel + type: string + version: + description: The version of the embeddable in the panel. + type: string + panelIndex: + type: string + panelRefName: + type: string + title: + description: The title of the panel + type: string + type: + description: The embeddable type + type: string + version: + deprecated: true + description: The version was used to store Kibana version information from versions 7.3.0 -> 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type). + type: string + required: + - panelConfig + - type + - gridData + - panelIndex + type: array + refreshInterval: + additionalProperties: false + description: A container for various refresh interval settings + type: object + properties: + display: + deprecated: true + description: A human-readable string indicating the refresh frequency. No longer used. + type: string + pause: + description: Whether the refresh interval is set to be paused while viewing the dashboard. + type: boolean + section: + deprecated: true + description: No longer used. + type: number + value: + description: A numeric value indicating refresh frequency in milliseconds. + type: number + required: + - pause + - value + timeFrom: + description: An ISO string indicating when to restore time from + type: string + timeRestore: + default: false + description: Whether to restore time upon viewing this dashboard + type: boolean + timeTo: + description: An ISO string indicating when to restore time from + type: string + title: + description: A human-readable title for the dashboard + type: string + version: + deprecated: true + type: number + required: + - title + - options + createdAt: + type: string + createdBy: + type: string + error: + additionalProperties: false + type: object + properties: + error: + type: string + message: + type: string + metadata: + additionalProperties: true + type: object + properties: {} + statusCode: + type: number + required: + - error + - message + - statusCode + id: + type: string + managed: + type: boolean + namespaces: + items: + type: string + type: array + originId: + type: string + references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + type: + type: string + required: + - name + - type + - id + type: array + type: + type: string + updatedAt: + type: string + updatedBy: + type: string + version: + type: string + required: + - id + - type + - attributes + - references + meta: + additionalProperties: false + type: object + properties: + aliasPurpose: + enum: + - savedObjectConversion + - savedObjectImport + type: string + aliasTargetId: + type: string + outcome: + enum: + - exactMatch + - aliasMatch + - conflict + type: string + required: + - outcome + required: + - item + - meta + summary: Get a dashboard + tags: + - Dashboards + x-state: Technical Preview + x-beta: true + post: + description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + operationId: post-dashboards-dashboard-id + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: A unique identifier for the dashboard. + in: path + name: id + required: false + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + attributes: + additionalProperties: false + type: object + properties: + controlGroupInput: + additionalProperties: false + type: object + properties: + autoApplySelections: + default: true + description: Show apply selections button in controls. + type: boolean + chainingSystem: + default: HIERARCHICAL + description: The chaining strategy for multiple controls. For example, "HIERARCHICAL" or "NONE". + enum: + - NONE + - HIERARCHICAL + type: string + controls: + default: [] + description: An array of control panels and their state in the control group. + items: + additionalProperties: true + type: object + properties: + controlConfig: + additionalProperties: {} + type: object + grow: + default: false + description: Expand width of the control panel to fit available space. + type: boolean + id: + description: The unique ID of the control. + type: string + order: + description: The order of the control panel in the control group. + type: number + type: + description: The type of the control panel. + type: string + width: + default: medium + description: Minimum width of the control panel in the control group. + enum: + - small + - medium + - large + type: string + required: + - type + - order + type: array + enhancements: + additionalProperties: {} + type: object + ignoreParentSettings: + additionalProperties: false + type: object + properties: + ignoreFilters: + default: false + description: Ignore global filters in controls. + type: boolean + ignoreQuery: + default: false + description: Ignore the global query bar in controls. + type: boolean + ignoreTimerange: + default: false + description: Ignore the global time range in controls. + type: boolean + ignoreValidations: + default: false + description: Ignore validations in controls. + type: boolean + labelPosition: + default: oneLine + description: Position of the labels for controls. For example, "oneLine", "twoLine". + enum: + - oneLine + - twoLine + type: string + required: + - ignoreParentSettings + description: + default: '' + description: A short description. + type: string + kibanaSavedObjectMeta: + additionalProperties: false + default: {} + description: A container for various metadata + type: object + properties: + searchSource: + additionalProperties: true + type: object + properties: + filter: + items: + additionalProperties: false + description: A filter for the search source. + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState'). + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: {} + type: + type: string + value: + type: string + required: + - params + query: + additionalProperties: {} + type: object + required: + - meta + type: array + query: + additionalProperties: false + type: object + properties: + language: + description: The query language such as KQL or Lucene. + type: string + query: + anyOf: + - description: A text-based query such as Kibana Query Language (KQL) or Lucene query language. + type: string + - additionalProperties: {} + type: object + required: + - query + - language + sort: + items: + additionalProperties: + anyOf: + - enum: + - asc + - desc + type: string + - additionalProperties: false + type: object + properties: + format: + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + - additionalProperties: false + type: object + properties: + numeric_type: + enum: + - double + - long + - date + - date_nanos + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + type: object + type: array + type: + type: string + options: + additionalProperties: false + type: object + properties: + hidePanelTitles: + default: false + description: Hide the panel titles in the dashboard. + type: boolean + syncColors: + default: true + description: Synchronize colors between related panels in the dashboard. + type: boolean + syncCursor: + default: true + description: Synchronize cursor position between related panels in the dashboard. + type: boolean + syncTooltips: + default: true + description: Synchronize tooltips between related panels in the dashboard. + type: boolean + useMargins: + default: true + description: Show margins between panels in the dashboard layout. + type: boolean + panels: + default: [] + items: + additionalProperties: false + type: object + properties: + gridData: + additionalProperties: false + type: object + properties: + h: + default: 15 + description: The height of the panel in grid units + minimum: 1 + type: number + i: + description: The unique identifier of the panel + type: string + w: + default: 24 + description: The width of the panel in grid units + maximum: 48 + minimum: 1 + type: number + x: + description: The x coordinate of the panel in grid units + type: number + 'y': + description: The y coordinate of the panel in grid units + type: number + required: + - x + - 'y' + id: + description: The saved object id for by reference panels + type: string + panelConfig: + additionalProperties: true + type: object + properties: + description: + description: The description of the panel + type: string + enhancements: + additionalProperties: {} + type: object + hidePanelTitles: + description: Set to true to hide the panel title in its container. + type: boolean + savedObjectId: + description: The unique id of the library item to construct the embeddable. + type: string + title: + description: The title of the panel + type: string + version: + description: The version of the embeddable in the panel. + type: string + panelIndex: + description: The unique ID of the panel. + type: string + panelRefName: + type: string + title: + description: The title of the panel + type: string + type: + description: The embeddable type + type: string + version: + deprecated: true + description: The version was used to store Kibana version information from versions 7.3.0 -> 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type). + type: string + required: + - panelConfig + - type + - gridData + type: array + refreshInterval: + additionalProperties: false + description: A container for various refresh interval settings + type: object + properties: + display: + deprecated: true + description: A human-readable string indicating the refresh frequency. No longer used. + type: string + pause: + description: Whether the refresh interval is set to be paused while viewing the dashboard. + type: boolean + section: + deprecated: true + description: No longer used. + type: number + value: + description: A numeric value indicating refresh frequency in milliseconds. + type: number + required: + - pause + - value + timeFrom: + description: An ISO string indicating when to restore time from + type: string + timeRestore: + default: false + description: Whether to restore time upon viewing this dashboard + type: boolean + timeTo: + description: An ISO string indicating when to restore time from + type: string + title: + description: A human-readable title for the dashboard + type: string + version: + deprecated: true + type: number + required: + - title + - options + references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + type: + type: string + required: + - name + - type + - id + type: array + spaces: + items: + type: string + type: array + required: + - attributes + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: true + type: object + properties: + attributes: + additionalProperties: false + type: object + properties: + controlGroupInput: + additionalProperties: false + type: object + properties: + autoApplySelections: + default: true + description: Show apply selections button in controls. + type: boolean + chainingSystem: + default: HIERARCHICAL + description: The chaining strategy for multiple controls. For example, "HIERARCHICAL" or "NONE". + enum: + - NONE + - HIERARCHICAL + type: string + controls: + default: [] + description: An array of control panels and their state in the control group. + items: + additionalProperties: true + type: object + properties: + controlConfig: + additionalProperties: {} + type: object + grow: + default: false + description: Expand width of the control panel to fit available space. + type: boolean + id: + description: The unique ID of the control. + type: string + order: + description: The order of the control panel in the control group. + type: number + type: + description: The type of the control panel. + type: string + width: + default: medium + description: Minimum width of the control panel in the control group. + enum: + - small + - medium + - large + type: string + required: + - type + - order + type: array + enhancements: + additionalProperties: {} + type: object + ignoreParentSettings: + additionalProperties: false + type: object + properties: + ignoreFilters: + default: false + description: Ignore global filters in controls. + type: boolean + ignoreQuery: + default: false + description: Ignore the global query bar in controls. + type: boolean + ignoreTimerange: + default: false + description: Ignore the global time range in controls. + type: boolean + ignoreValidations: + default: false + description: Ignore validations in controls. + type: boolean + labelPosition: + default: oneLine + description: Position of the labels for controls. For example, "oneLine", "twoLine". + enum: + - oneLine + - twoLine + type: string + required: + - ignoreParentSettings + description: + default: '' + description: A short description. + type: string + kibanaSavedObjectMeta: + additionalProperties: false + default: {} + description: A container for various metadata + type: object + properties: + searchSource: + additionalProperties: true + type: object + properties: + filter: + items: + additionalProperties: false + description: A filter for the search source. + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState'). + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: {} + type: + type: string + value: + type: string + required: + - params + query: + additionalProperties: {} + type: object + required: + - meta + type: array + query: + additionalProperties: false + type: object + properties: + language: + description: The query language such as KQL or Lucene. + type: string + query: + anyOf: + - description: A text-based query such as Kibana Query Language (KQL) or Lucene query language. + type: string + - additionalProperties: {} + type: object + required: + - query + - language + sort: + items: + additionalProperties: + anyOf: + - enum: + - asc + - desc + type: string + - additionalProperties: false + type: object + properties: + format: + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + - additionalProperties: false + type: object + properties: + numeric_type: + enum: + - double + - long + - date + - date_nanos + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + type: object + type: array + type: + type: string + options: + additionalProperties: false + type: object + properties: + hidePanelTitles: + default: false + description: Hide the panel titles in the dashboard. + type: boolean + syncColors: + default: true + description: Synchronize colors between related panels in the dashboard. + type: boolean + syncCursor: + default: true + description: Synchronize cursor position between related panels in the dashboard. + type: boolean + syncTooltips: + default: true + description: Synchronize tooltips between related panels in the dashboard. + type: boolean + useMargins: + default: true + description: Show margins between panels in the dashboard layout. + type: boolean + panels: + default: [] + items: + additionalProperties: false + type: object + properties: + gridData: + additionalProperties: false + type: object + properties: + h: + default: 15 + description: The height of the panel in grid units + minimum: 1 + type: number + i: + type: string + w: + default: 24 + description: The width of the panel in grid units + maximum: 48 + minimum: 1 + type: number + x: + description: The x coordinate of the panel in grid units + type: number + 'y': + description: The y coordinate of the panel in grid units + type: number + required: + - x + - 'y' + - i + id: + description: The saved object id for by reference panels + type: string + panelConfig: + additionalProperties: true + type: object + properties: + description: + description: The description of the panel + type: string + enhancements: + additionalProperties: {} + type: object + hidePanelTitles: + description: Set to true to hide the panel title in its container. + type: boolean + savedObjectId: + description: The unique id of the library item to construct the embeddable. + type: string + title: + description: The title of the panel + type: string + version: + description: The version of the embeddable in the panel. + type: string + panelIndex: + type: string + panelRefName: + type: string + title: + description: The title of the panel + type: string + type: + description: The embeddable type + type: string + version: + deprecated: true + description: The version was used to store Kibana version information from versions 7.3.0 -> 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type). + type: string + required: + - panelConfig + - type + - gridData + - panelIndex + type: array + refreshInterval: + additionalProperties: false + description: A container for various refresh interval settings + type: object + properties: + display: + deprecated: true + description: A human-readable string indicating the refresh frequency. No longer used. + type: string + pause: + description: Whether the refresh interval is set to be paused while viewing the dashboard. + type: boolean + section: + deprecated: true + description: No longer used. + type: number + value: + description: A numeric value indicating refresh frequency in milliseconds. + type: number + required: + - pause + - value + timeFrom: + description: An ISO string indicating when to restore time from + type: string + timeRestore: + default: false + description: Whether to restore time upon viewing this dashboard + type: boolean + timeTo: + description: An ISO string indicating when to restore time from + type: string + title: + description: A human-readable title for the dashboard + type: string + version: + deprecated: true + type: number + required: + - title + - options + createdAt: + type: string + createdBy: + type: string + error: + additionalProperties: false + type: object + properties: + error: + type: string + message: + type: string + metadata: + additionalProperties: true + type: object + properties: {} + statusCode: + type: number + required: + - error + - message + - statusCode + id: + type: string + managed: + type: boolean + namespaces: + items: + type: string + type: array + originId: + type: string + references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + type: + type: string + required: + - name + - type + - id + type: array + type: + type: string + updatedAt: + type: string + updatedBy: + type: string + version: + type: string + required: + - id + - type + - attributes + - references + required: + - item + summary: Create a dashboard + tags: + - Dashboards + x-state: Technical Preview + x-beta: true + put: + description: This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. + operationId: put-dashboards-dashboard-id + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: A unique identifier for the dashboard. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + attributes: + additionalProperties: false + type: object + properties: + controlGroupInput: + additionalProperties: false + type: object + properties: + autoApplySelections: + default: true + description: Show apply selections button in controls. + type: boolean + chainingSystem: + default: HIERARCHICAL + description: The chaining strategy for multiple controls. For example, "HIERARCHICAL" or "NONE". + enum: + - NONE + - HIERARCHICAL + type: string + controls: + default: [] + description: An array of control panels and their state in the control group. + items: + additionalProperties: true + type: object + properties: + controlConfig: + additionalProperties: {} + type: object + grow: + default: false + description: Expand width of the control panel to fit available space. + type: boolean + id: + description: The unique ID of the control. + type: string + order: + description: The order of the control panel in the control group. + type: number + type: + description: The type of the control panel. + type: string + width: + default: medium + description: Minimum width of the control panel in the control group. + enum: + - small + - medium + - large + type: string + required: + - type + - order + type: array + enhancements: + additionalProperties: {} + type: object + ignoreParentSettings: + additionalProperties: false + type: object + properties: + ignoreFilters: + default: false + description: Ignore global filters in controls. + type: boolean + ignoreQuery: + default: false + description: Ignore the global query bar in controls. + type: boolean + ignoreTimerange: + default: false + description: Ignore the global time range in controls. + type: boolean + ignoreValidations: + default: false + description: Ignore validations in controls. + type: boolean + labelPosition: + default: oneLine + description: Position of the labels for controls. For example, "oneLine", "twoLine". + enum: + - oneLine + - twoLine + type: string + required: + - ignoreParentSettings + description: + default: '' + description: A short description. + type: string + kibanaSavedObjectMeta: + additionalProperties: false + default: {} + description: A container for various metadata + type: object + properties: + searchSource: + additionalProperties: true + type: object + properties: + filter: + items: + additionalProperties: false + description: A filter for the search source. + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState'). + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: {} + type: + type: string + value: + type: string + required: + - params + query: + additionalProperties: {} + type: object + required: + - meta + type: array + query: + additionalProperties: false + type: object + properties: + language: + description: The query language such as KQL or Lucene. + type: string + query: + anyOf: + - description: A text-based query such as Kibana Query Language (KQL) or Lucene query language. + type: string + - additionalProperties: {} + type: object + required: + - query + - language + sort: + items: + additionalProperties: + anyOf: + - enum: + - asc + - desc + type: string + - additionalProperties: false + type: object + properties: + format: + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + - additionalProperties: false + type: object + properties: + numeric_type: + enum: + - double + - long + - date + - date_nanos + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + type: object + type: array + type: + type: string + options: + additionalProperties: false + type: object + properties: + hidePanelTitles: + default: false + description: Hide the panel titles in the dashboard. + type: boolean + syncColors: + default: true + description: Synchronize colors between related panels in the dashboard. + type: boolean + syncCursor: + default: true + description: Synchronize cursor position between related panels in the dashboard. + type: boolean + syncTooltips: + default: true + description: Synchronize tooltips between related panels in the dashboard. + type: boolean + useMargins: + default: true + description: Show margins between panels in the dashboard layout. + type: boolean + panels: + default: [] + items: + additionalProperties: false + type: object + properties: + gridData: + additionalProperties: false + type: object + properties: + h: + default: 15 + description: The height of the panel in grid units + minimum: 1 + type: number + i: + description: The unique identifier of the panel + type: string + w: + default: 24 + description: The width of the panel in grid units + maximum: 48 + minimum: 1 + type: number + x: + description: The x coordinate of the panel in grid units + type: number + 'y': + description: The y coordinate of the panel in grid units + type: number + required: + - x + - 'y' + id: + description: The saved object id for by reference panels + type: string + panelConfig: + additionalProperties: true + type: object + properties: + description: + description: The description of the panel + type: string + enhancements: + additionalProperties: {} + type: object + hidePanelTitles: + description: Set to true to hide the panel title in its container. + type: boolean + savedObjectId: + description: The unique id of the library item to construct the embeddable. + type: string + title: + description: The title of the panel + type: string + version: + description: The version of the embeddable in the panel. + type: string + panelIndex: + description: The unique ID of the panel. + type: string + panelRefName: + type: string + title: + description: The title of the panel + type: string + type: + description: The embeddable type + type: string + version: + deprecated: true + description: The version was used to store Kibana version information from versions 7.3.0 -> 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type). + type: string + required: + - panelConfig + - type + - gridData + type: array + refreshInterval: + additionalProperties: false + description: A container for various refresh interval settings + type: object + properties: + display: + deprecated: true + description: A human-readable string indicating the refresh frequency. No longer used. + type: string + pause: + description: Whether the refresh interval is set to be paused while viewing the dashboard. + type: boolean + section: + deprecated: true + description: No longer used. + type: number + value: + description: A numeric value indicating refresh frequency in milliseconds. + type: number + required: + - pause + - value + timeFrom: + description: An ISO string indicating when to restore time from + type: string + timeRestore: + default: false + description: Whether to restore time upon viewing this dashboard + type: boolean + timeTo: + description: An ISO string indicating when to restore time from + type: string + title: + description: A human-readable title for the dashboard + type: string + version: + deprecated: true + type: number + required: + - title + - options + references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + type: + type: string + required: + - name + - type + - id + type: array + required: + - attributes + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: true + type: object + properties: + attributes: + additionalProperties: false + type: object + properties: + controlGroupInput: + additionalProperties: false + type: object + properties: + autoApplySelections: + default: true + description: Show apply selections button in controls. + type: boolean + chainingSystem: + default: HIERARCHICAL + description: The chaining strategy for multiple controls. For example, "HIERARCHICAL" or "NONE". + enum: + - NONE + - HIERARCHICAL + type: string + controls: + default: [] + description: An array of control panels and their state in the control group. + items: + additionalProperties: true + type: object + properties: + controlConfig: + additionalProperties: {} + type: object + grow: + default: false + description: Expand width of the control panel to fit available space. + type: boolean + id: + description: The unique ID of the control. + type: string + order: + description: The order of the control panel in the control group. + type: number + type: + description: The type of the control panel. + type: string + width: + default: medium + description: Minimum width of the control panel in the control group. + enum: + - small + - medium + - large + type: string + required: + - type + - order + type: array + enhancements: + additionalProperties: {} + type: object + ignoreParentSettings: + additionalProperties: false + type: object + properties: + ignoreFilters: + default: false + description: Ignore global filters in controls. + type: boolean + ignoreQuery: + default: false + description: Ignore the global query bar in controls. + type: boolean + ignoreTimerange: + default: false + description: Ignore the global time range in controls. + type: boolean + ignoreValidations: + default: false + description: Ignore validations in controls. + type: boolean + labelPosition: + default: oneLine + description: Position of the labels for controls. For example, "oneLine", "twoLine". + enum: + - oneLine + - twoLine + type: string + required: + - ignoreParentSettings + description: + default: '' + description: A short description. + type: string + kibanaSavedObjectMeta: + additionalProperties: false + default: {} + description: A container for various metadata + type: object + properties: + searchSource: + additionalProperties: true + type: object + properties: + filter: + items: + additionalProperties: false + description: A filter for the search source. + type: object + properties: + $state: + additionalProperties: false + type: object + properties: + store: + description: Denote whether a filter is specific to an application's context (e.g. 'appState') or whether it should be applied globally (e.g. 'globalState'). + enum: + - appState + - globalState + type: string + required: + - store + meta: + additionalProperties: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + type: string + disabled: + type: boolean + field: + type: string + group: + type: string + index: + type: string + isMultiIndex: + type: boolean + key: + type: string + negate: + type: boolean + params: {} + type: + type: string + value: + type: string + required: + - params + query: + additionalProperties: {} + type: object + required: + - meta + type: array + query: + additionalProperties: false + type: object + properties: + language: + description: The query language such as KQL or Lucene. + type: string + query: + anyOf: + - description: A text-based query such as Kibana Query Language (KQL) or Lucene query language. + type: string + - additionalProperties: {} + type: object + required: + - query + - language + sort: + items: + additionalProperties: + anyOf: + - enum: + - asc + - desc + type: string + - additionalProperties: false + type: object + properties: + format: + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + - additionalProperties: false + type: object + properties: + numeric_type: + enum: + - double + - long + - date + - date_nanos + type: string + order: + enum: + - asc + - desc + type: string + required: + - order + type: object + type: array + type: + type: string + options: + additionalProperties: false + type: object + properties: + hidePanelTitles: + default: false + description: Hide the panel titles in the dashboard. + type: boolean + syncColors: + default: true + description: Synchronize colors between related panels in the dashboard. + type: boolean + syncCursor: + default: true + description: Synchronize cursor position between related panels in the dashboard. + type: boolean + syncTooltips: + default: true + description: Synchronize tooltips between related panels in the dashboard. + type: boolean + useMargins: + default: true + description: Show margins between panels in the dashboard layout. + type: boolean + panels: + default: [] + items: + additionalProperties: false + type: object + properties: + gridData: + additionalProperties: false + type: object + properties: + h: + default: 15 + description: The height of the panel in grid units + minimum: 1 + type: number + i: + type: string + w: + default: 24 + description: The width of the panel in grid units + maximum: 48 + minimum: 1 + type: number + x: + description: The x coordinate of the panel in grid units + type: number + 'y': + description: The y coordinate of the panel in grid units + type: number + required: + - x + - 'y' + - i + id: + description: The saved object id for by reference panels + type: string + panelConfig: + additionalProperties: true + type: object + properties: + description: + description: The description of the panel + type: string + enhancements: + additionalProperties: {} + type: object + hidePanelTitles: + description: Set to true to hide the panel title in its container. + type: boolean + savedObjectId: + description: The unique id of the library item to construct the embeddable. + type: string + title: + description: The title of the panel + type: string + version: + description: The version of the embeddable in the panel. + type: string + panelIndex: + type: string + panelRefName: + type: string + title: + description: The title of the panel + type: string + type: + description: The embeddable type + type: string + version: + deprecated: true + description: The version was used to store Kibana version information from versions 7.3.0 -> 8.11.0. As of version 8.11.0, the versioning information is now per-embeddable-type and is stored on the embeddable's input. (panelConfig in this type). + type: string + required: + - panelConfig + - type + - gridData + - panelIndex + type: array + refreshInterval: + additionalProperties: false + description: A container for various refresh interval settings + type: object + properties: + display: + deprecated: true + description: A human-readable string indicating the refresh frequency. No longer used. + type: string + pause: + description: Whether the refresh interval is set to be paused while viewing the dashboard. + type: boolean + section: + deprecated: true + description: No longer used. + type: number + value: + description: A numeric value indicating refresh frequency in milliseconds. + type: number + required: + - pause + - value + timeFrom: + description: An ISO string indicating when to restore time from + type: string + timeRestore: + default: false + description: Whether to restore time upon viewing this dashboard + type: boolean + timeTo: + description: An ISO string indicating when to restore time from + type: string + title: + description: A human-readable title for the dashboard + type: string + version: + deprecated: true + type: number + required: + - title + - options + createdAt: + type: string + createdBy: + type: string + error: + additionalProperties: false + type: object + properties: + error: + type: string + message: + type: string + metadata: + additionalProperties: true + type: object + properties: {} + statusCode: + type: number + required: + - error + - message + - statusCode + id: + type: string + managed: + type: boolean + namespaces: + items: + type: string + type: array + originId: + type: string + references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + type: + type: string + required: + - name + - type + - id + type: array + type: + type: string + updatedAt: + type: string + updatedBy: + type: string + version: + type: string + required: + - id + - type + - attributes + - references + required: + - item + summary: Update an existing dashboard + tags: + - Dashboards + x-state: Technical Preview + x-beta: true + /api/data_views: + get: + operationId: getAllDataViewsDefault + responses: + '200': + content: + application/json: + examples: + getAllDataViewsResponse: + $ref: '#/components/examples/Data_views_get_data_views_response' + schema: + type: object + properties: + data_view: + items: + type: object + properties: + id: + type: string + name: + type: string + namespaces: + items: + type: string + type: array + title: + type: string + typeMeta: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Get all data views + tags: + - data views + x-beta: true + /api/data_views/data_view: + post: + operationId: createDataViewDefaultw + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + requestBody: + content: + application/json: + examples: + createDataViewRequest: + $ref: '#/components/examples/Data_views_create_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_create_data_view_request_object' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create a data view + tags: + - data views + x-beta: true + /api/data_views/data_view/{viewId}: + delete: + description: | + WARNING: When you delete a data view, it cannot be recovered. + operationId: deleteDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '204': + description: Indicates a successful call. + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a data view + tags: + - data views + x-beta: true + get: + operationId: getDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json: + examples: + getDataViewResponse: + $ref: '#/components/examples/Data_views_get_data_view_response' + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a data view + tags: + - data views + x-beta: true + post: + operationId: updateDataViewDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json: + examples: + updateDataViewRequest: + $ref: '#/components/examples/Data_views_update_data_view_request' + schema: + $ref: '#/components/schemas/Data_views_update_data_view_request_object' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_data_view_response_object' + description: Indicates a successful call. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a data view + tags: + - data views + x-beta: true + /api/data_views/data_view/{viewId}/fields: + post: + description: | + Update fields presentation metadata such as count, customLabel, customDescription, and format. + operationId: updateFieldsMetadataDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json: + examples: + updateFieldsMetadataRequest: + $ref: '#/components/examples/Data_views_update_field_metadata_request' + schema: + type: object + properties: + fields: + description: The field object. + type: object + required: + - fields + required: true + responses: + '200': + content: + application/json: + schema: + type: object + properties: + acknowledged: + type: boolean + description: Indicates a successful call. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update data view fields metadata + tags: + - data views + x-beta: true + /api/data_views/data_view/{viewId}/runtime_field: + post: + operationId: createRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json: + examples: + createRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': + content: + application/json: + schema: + type: object + description: Indicates a successful call. + summary: Create a runtime field + tags: + - data views + x-beta: true + put: + operationId: createUpdateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_kbn_xsrf' + - description: | + The ID of the data view fields you want to update. + in: path + name: viewId + required: true + schema: + type: string + requestBody: + content: + application/json: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_create_runtime_field_request' + schema: + type: object + properties: + name: + description: | + The name for a runtime field. + type: string + runtimeField: + description: | + The runtime field definition object. + type: object + required: + - name + - runtimeField + required: true + responses: + '200': + content: + application/json: + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Create or update a runtime field + tags: + - data views + x-beta: true + /api/data_views/data_view/{viewId}/runtime_field/{fieldName}: + delete: + operationId: deleteRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + description: Indicates a successful call. + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Delete a runtime field from a data view + tags: + - data views + x-beta: true + get: + operationId: getRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + responses: + '200': + content: + application/json: + examples: + getRuntimeFieldResponse: + $ref: '#/components/examples/Data_views_get_runtime_field_response' + schema: + type: object + properties: + data_view: + type: object + fields: + items: + type: object + type: array + description: Indicates a successful call. + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_404_response' + description: Object is not found. + summary: Get a runtime field + tags: + - data views + x-beta: true + post: + operationId: updateRuntimeFieldDefault + parameters: + - $ref: '#/components/parameters/Data_views_field_name' + - $ref: '#/components/parameters/Data_views_view_id' + requestBody: + content: + application/json: + examples: + updateRuntimeFieldRequest: + $ref: '#/components/examples/Data_views_update_runtime_field_request' + schema: + type: object + properties: + runtimeField: + description: | + The runtime field definition object. + + You can update following fields: + + - `type` + - `script` + type: object + required: + - runtimeField + required: true + responses: + '200': + description: Indicates a successful call. + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Data_views_400_response' + description: Bad request + summary: Update a runtime field + tags: + - data views + x-beta: true + /api/data_views/default: + get: + operationId: getDefaultDataViewDefault + responses: + '200': + content: + application/json: + examples: + getDefaultDataViewResponse: $ref: '#/components/examples/Data_views_get_default_data_view_response' schema: type: object @@ -5675,7 +7861,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -5689,7 +7875,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: setDefaultDataViewRequest: $ref: '#/components/examples/Data_views_set_default_data_view_request' @@ -5711,7 +7897,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -5720,7 +7906,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -5737,7 +7923,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: swapDataViewRequest: $ref: '#/components/examples/Data_views_swap_data_view_request' @@ -5747,7 +7933,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -5783,7 +7969,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: previewSwapDataViewRequest: $ref: '#/components/examples/Data_views_preview_swap_data_view_request' @@ -5793,7 +7979,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -5824,7 +8010,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -5838,13 +8024,13 @@ paths: description: Successful response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -5872,7 +8058,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -5899,7 +8085,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -5912,14 +8098,14 @@ paths: operationId: PatchRule requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -5932,14 +8118,14 @@ paths: operationId: CreateRule requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -5955,14 +8141,14 @@ paths: operationId: UpdateRule requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -5983,7 +8169,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' @@ -5996,7 +8182,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' @@ -6032,7 +8218,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: nullable: true type: object @@ -6053,7 +8239,7 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: description: An `.ndjson` file containing the returned rules. format: binary @@ -6124,7 +8310,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -6186,7 +8372,7 @@ paths: type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: type: object properties: @@ -6198,7 +8384,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -6260,6 +8446,9 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -6267,8 +8456,30 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: items: @@ -6277,12 +8488,43 @@ paths: type: array required: - items - description: Rule exception list items + description: Rule exception items. required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ruleExceptionItems: + value: + - _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -6290,7 +8532,18 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badPayload: + value: + error: Bad Request + message: Invalid request payload JSON format + statusCode: 400 + badRequest: + value: + error: Bad Request + message: '[request params]: id: Invalid uuid' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -6298,23 +8551,39 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Create rule exception items tags: - Security Exceptions API x-beta: true @@ -6330,7 +8599,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - allOf: @@ -6364,7 +8633,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -6381,7 +8650,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -6389,13 +8658,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -6412,7 +8681,7 @@ paths: operationId: SetAlertAssignees requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -6441,7 +8710,7 @@ paths: operationId: SearchAlerts requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: description: Elasticsearch query and aggregation request type: object @@ -6478,7 +8747,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: true description: Elasticsearch search response @@ -6486,7 +8755,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -6494,13 +8763,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -6514,7 +8783,7 @@ paths: operationId: SetAlertsStatus requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' @@ -6524,7 +8793,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: true description: Elasticsearch update by query response @@ -6532,7 +8801,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -6540,13 +8809,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -6563,7 +8832,7 @@ paths: operationId: SetAlertTags requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -6579,7 +8848,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: true description: Elasticsearch update by query response @@ -6587,7 +8856,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -6595,13 +8864,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -6616,7 +8885,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' description: Indicates a successful call @@ -6631,13 +8900,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -6645,19 +8914,19 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -6685,13 +8954,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -6699,25 +8968,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -6744,7 +9013,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' @@ -6752,7 +9021,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -6760,25 +9029,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -6791,7 +9060,7 @@ paths: operationId: CreateEndpointListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -6826,13 +9095,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -6840,25 +9109,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item already exists '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -6871,7 +9140,7 @@ paths: operationId: UpdateEndpointListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -6911,13 +9180,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -6925,25 +9194,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -6996,7 +9265,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7023,7 +9292,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -7031,25 +9300,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -7070,7 +9339,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7094,7 +9363,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse' description: OK @@ -7115,7 +9384,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7141,7 +9410,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7167,7 +9436,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7181,14 +9450,14 @@ paths: operationId: EndpointExecuteAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7202,14 +9471,14 @@ paths: operationId: EndpointGetFileAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7223,14 +9492,14 @@ paths: operationId: EndpointIsolateAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7244,14 +9513,14 @@ paths: operationId: EndpointKillProcessAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7265,14 +9534,14 @@ paths: operationId: EndpointGetProcessesAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7286,14 +9555,14 @@ paths: operationId: RunScriptAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7307,14 +9576,14 @@ paths: operationId: EndpointScanAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7329,7 +9598,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse' description: OK @@ -7343,14 +9612,14 @@ paths: operationId: EndpointSuspendProcessAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7364,14 +9633,14 @@ paths: operationId: EndpointUnisolateAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7385,14 +9654,14 @@ paths: operationId: EndpointUploadAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7412,7 +9681,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7432,7 +9701,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7455,7 +9724,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -7475,7 +9744,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK @@ -7493,7 +9762,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7503,7 +9772,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK @@ -7516,7 +9785,7 @@ paths: operationId: InitEntityStore requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7566,7 +9835,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7587,7 +9856,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7621,7 +9890,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7644,7 +9913,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response @@ -7664,7 +9933,7 @@ paths: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7710,7 +9979,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response @@ -7731,7 +10000,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7755,7 +10024,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7772,7 +10041,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7785,7 +10054,7 @@ paths: description: Successful response '207': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7802,7 +10071,7 @@ paths: description: Partial successful response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7862,7 +10131,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7904,7 +10173,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -7934,19 +10203,29 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Either `id` or `list_id` must be specified + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. + examples: + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + list_id: + value: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -7955,13 +10234,40 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + detectionExceptionList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -7969,25 +10275,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list list_id: "foo" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -7999,19 +10327,24 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Either `id` or `list_id` must be specified + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -8020,13 +10353,40 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + detectionType: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8034,25 +10394,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8062,14 +10444,24 @@ paths: x-beta: true post: description: | - An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection type: object properties: description: @@ -8102,13 +10494,99 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + autogeneratedListId: + value: + _version: WzMsMV0= + created_at: '2025-01-09T01:05:23.019Z' + created_by: elastic + description: This is a sample detection type exception with an autogenerated list_id. + id: 28243c2f-624a-4443-823d-c0b894880931 + immutable: false + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + type: detection + updated_at: '2025-01-09T01:05:23.020Z' + updated_by: elastic + version: 1 + namespaceAgnostic: + value: + _version: WzUsMV0= + created_at: '2025-01-09T01:10:36.369Z' + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: '2025-01-09T01:10:36.369Z' + updated_by: elastic + version: 1 + typeDetection: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 + typeEndpoint: + value: + _version: WzQsMV0= + created_at: '2025-01-09T01:07:49.658Z' + created_by: elastic + description: This is a sample endpoint type exception list. + id: a79f4730-6e32-4278-abfc-349c0add7d54 + immutable: false + list_id: endpoint_list + name: Sample Endpoint Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + type: endpoint + updated_at: '2025-01-09T01:07:49.658Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8116,25 +10594,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8147,11 +10647,21 @@ paths: operationId: UpdateExceptionList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -8184,13 +10694,39 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleList: + value: + _version: WzExLDFd + created_at: '2025-01-07T20:43:55.264Z' + created_by: elastic + description: Different description + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + immutable: false + list_id: simple_list + name: Updated exception list name + namespace_type: single + os_types: [] + tags: + - draft malware + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + type: detection + updated_at: '2025-01-07T21:32:03.726Z' + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8198,25 +10734,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8229,18 +10787,22 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - description: Exception list's human identifier - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list + - description: Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. in: query name: include_expired_exceptions required: true @@ -8249,17 +10811,44 @@ paths: enum: - 'true' - 'false' + example: true type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + detectionExceptionList: + value: + _version: WzExNDY1LDFd + created_at: '2025-01-09T16:19:50.280Z' + created_by: elastic + description: This is a sample detection type exception + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + immutable: false + list_id: d6390d60-bce3-4a48-9002-52db600f329c + name: Sample Detection Exception List [Duplicate] + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + type: detection + updated_at: '2025-01-09T16:19:50.280Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8267,25 +10856,53 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Exception list not found '405': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list to duplicate not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8298,24 +10915,28 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - description: Exception list's identifier - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list + - description: Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. + example: true in: query name: include_expired_exceptions required: true @@ -8328,7 +10949,13 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: + examples: + exportSavedObjectsResponse: + value: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: A `.ndjson` file containing specified exception list and its items format: binary @@ -8336,7 +10963,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: list_id: Required, namespace_type: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8344,25 +10977,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8372,7 +11027,7 @@ paths: x-beta: true /api/exception_lists/_find: get: - description: Get a list of all exception lists. + description: Get a list of all exception list containers. operationId: FindExceptionLists parameters: - description: | @@ -8390,6 +11045,11 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -8404,6 +11064,7 @@ paths: name: page required: false schema: + example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page @@ -8411,15 +11072,17 @@ paths: name: per_page required: false schema: + example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: + example: name type: string - - description: Determines the sort order, which can be `desc` or `asc` + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -8427,11 +11090,36 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleLists: + value: + data: + - _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -8456,7 +11144,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8464,19 +11158,36 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8497,18 +11208,7 @@ paths: required: false schema: default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false + example: false type: boolean - description: | Determines whether the list being imported will have a new `list_id` generated. @@ -8519,22 +11219,54 @@ paths: required: false schema: default: false + example: false type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: type: object properties: file: description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + withErrors: + value: + errors: + - error: + message: 'Error found importing exception list: Invalid value \"4\" supplied to \"list_id\"' + status_code: 400 + list_id: (unknown list_id) + - error: + message: 'Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped.' + status_code: 409 + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + success: false, + success_count: 0, + success_count_exception_list_items: 0 + success_count_exception_lists: 0, + success_exception_list_items: false, + success_exception_lists: false, + withoutErrors: + value: + errors: [] + success: true + success_count: 2 + success_count_exception_list_items: 1 + success_count_exception_lists: 1 + success_exception_list_items: true + success_exception_lists: true, schema: type: object properties: @@ -8566,7 +11298,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8574,19 +11306,36 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8599,19 +11348,24 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified + - description: Exception item's identifier. Either `id` or `item_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -8620,39 +11374,96 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleExceptionItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists/items?item_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list item item_id: \"foo\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8664,19 +11475,24 @@ paths: description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified + - description: Exception list item's identifier. Either `id` or `item_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -8685,13 +11501,50 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8699,25 +11552,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items?item_id=&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list item item_id: \"foo\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8733,8 +11608,29 @@ paths: operationId: CreateExceptionListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: comments: @@ -8745,8 +11641,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' item_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: @@ -8777,13 +11672,201 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + autogeneratedItemId: + value: + _version: WzYsMV0= + comments: [] + created_at: '2025-01-09T01:16:23.322Z' + created_by: elastic + description: This is a sample exception that has no item_id so it is autogenerated. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Autogenerated Exception List Item ID + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + type: simple + updated_at: '2025-01-09T01:16:23.322Z' + updated_by: elastic + detectionExceptionListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withExistEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withMatchAnyEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withMatchEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: included + type: match + value: Elastic N.V. + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withNestedEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - entries: + - field: signer + operator: included + type: match + value: Evil + - field: trusted + operator: included + type: match + value: true + field: file.signature + type: nested + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withValueListEntry: + value: + _version: WzcsMV0= + comments: [] + created_at: '2025-01-09T01:31:12.614Z' + created_by: elastic + description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list + entries: + - field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + type: list + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Filter out good guys ip and agent.name rock01 + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + type: simple + updated_at: '2025-01-09T01:31:12.614Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request, + message: '[request body]: list_id: Expected string, received number' + statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8791,25 +11874,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'exception list item id: \"simple_list_item\" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8822,11 +11927,25 @@ paths: operationId: UpdateExceptionListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple schema: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' @@ -8836,8 +11955,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -8870,13 +11988,43 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleListItem: + value: + _version: WzEyLDFd + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Updated name + namespace_type: single + os_types: [] + tags: [] + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:34:50.233Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: item_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -8884,25 +12032,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list item item_id: \"foo\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -8915,7 +12085,7 @@ paths: description: Get a list of all exception list items in the specified list. operationId: FindExceptionListItems parameters: - - description: List's id + - description: The `list_id`s of the items to fetch. in: query name: list_id required: true @@ -8926,6 +12096,10 @@ paths: - description: | Filters the returned results according to the value of the specified field, using the `:` syntax. + examples: + singleFilter: + value: + - exception-list.attributes.name:%My%20item in: query name: filter required: false @@ -8937,6 +12111,10 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + examples: + single: + value: + - single in: query name: namespace_type required: false @@ -8950,12 +12128,14 @@ paths: name: search required: false schema: + example: host.name type: string - description: The page number to return in: query name: page required: false schema: + example: 1 minimum: 0 type: integer - description: The number of exception list items to return per page @@ -8963,15 +12143,17 @@ paths: name: per_page required: false schema: + example: 20 minimum: 0 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. + example: name in: query name: sort_field required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -8979,11 +12161,47 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleListItems: + value: + data: + - _version: WzgsMV0= + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: This is a sample exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - jupiter + - saturn + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:12:25.512Z' + updated_by: elastic + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -9010,7 +12228,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -9018,25 +12242,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list list_id: "foo" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -9049,19 +12295,24 @@ paths: description: Get a summary of the specified exception list. operationId: ReadExceptionListSummary parameters: - - description: Exception list's identifier generated upon creation + - description: Exception list's identifier generated upon creation. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier + - description: Exception list's human readable identifier. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -9072,11 +12323,19 @@ paths: name: filter required: false schema: + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + summary: + value: + linux: 0 + macos: 0 + total: 0 + windows: 0 schema: type: object properties: @@ -9095,7 +12354,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -9103,25 +12368,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -9138,8 +12425,17 @@ paths: operationId: CreateSharedExceptionList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware type: object properties: description: @@ -9153,13 +12449,40 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + sharedList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -9167,25 +12490,46 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -9195,20 +12539,13 @@ paths: x-beta: true /api/fleet/agent_download_sources: get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].' operationId: get-fleet-agent-download-sources - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9250,7 +12587,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -9269,16 +12606,9 @@ paths: - Elastic Agent binary download sources x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: post-fleet-agent-download-sources parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -9288,7 +12618,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9313,7 +12643,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9344,7 +12674,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -9364,17 +12694,9 @@ paths: x-beta: true /api/fleet/agent_download_sources/{sourceId}: delete: - description: Delete an agent binary download source by ID. + description: 'Delete an agent binary download source by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: delete-fleet-agent-download-sources-sourceid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -9390,7 +12712,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9401,7 +12723,7 @@ paths: - id '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -9420,17 +12742,9 @@ paths: - Elastic Agent binary download sources x-beta: true get: - description: Get an agent binary download source by ID. + description: 'Get an agent binary download source by ID.

[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].' operationId: get-fleet-agent-download-sources-sourceid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: sourceId required: true @@ -9439,7 +12753,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9470,7 +12784,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -9489,17 +12803,9 @@ paths: - Elastic Agent binary download sources x-beta: true put: - description: Update an agent binary download source by ID. + description: 'Update an agent binary download source by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: put-fleet-agent-download-sources-sourceid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -9514,7 +12820,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9539,7 +12845,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9570,7 +12876,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -9590,16 +12896,9 @@ paths: x-beta: true /api/fleet/agent_policies: get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' operationId: get-fleet-agent-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: page required: false @@ -9663,7 +12962,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9826,8 +13125,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -10226,6 +13523,24 @@ paths: - created_at - created_by type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array revision: type: number schema_version: @@ -10279,7 +13594,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -10298,16 +13613,9 @@ paths: - Elastic Agent policies x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' operationId: post-fleet-agent-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -10322,7 +13630,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -10477,8 +13785,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -10495,6 +13801,24 @@ paths: description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array space_ids: items: type: string @@ -10513,7 +13837,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -10675,8 +13999,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -11075,6 +14397,24 @@ paths: - created_at - created_by type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array revision: type: number schema_version: @@ -11118,7 +14458,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -11138,16 +14478,9 @@ paths: x-beta: true /api/fleet/agent_policies/_bulk_get: post: + description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' operationId: post-fleet-agent-policies-bulk-get parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -11165,7 +14498,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -11185,7 +14518,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -11348,8 +14681,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -11748,6 +15079,24 @@ paths: - created_at - created_by type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array revision: type: number schema_version: @@ -11792,7 +15141,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -11812,17 +15161,9 @@ paths: x-beta: true /api/fleet/agent_policies/{agentPolicyId}: get: - description: Get an agent policy by ID. + description: 'Get an agent policy by ID.

[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' operationId: get-fleet-agent-policies-agentpolicyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: agentPolicyId required: true @@ -11839,7 +15180,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -12001,8 +15342,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -12401,6 +15740,24 @@ paths: - created_at - created_by type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array revision: type: number schema_version: @@ -12444,7 +15801,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -12463,17 +15820,9 @@ paths: - Elastic Agent policies x-beta: true put: - description: Update an agent policy by ID. + description: 'Update an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' operationId: put-fleet-agent-policies-agentpolicyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -12496,7 +15845,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -12651,8 +16000,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -12669,6 +16016,24 @@ paths: description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. nullable: true type: object + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array space_ids: items: type: string @@ -12687,7 +16052,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -12849,8 +16214,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -13249,6 +16612,24 @@ paths: - created_at - created_by type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array revision: type: number schema_version: @@ -13292,7 +16673,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -13312,17 +16693,9 @@ paths: x-beta: true /api/fleet/agent_policies/{agentPolicyId}/copy: post: - description: Copy an agent policy by ID. + description: 'Copy an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' operationId: post-fleet-agent-policies-agentpolicyid-copy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -13345,7 +16718,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -13360,7 +16733,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -13522,8 +16895,6 @@ paths: maximum: 65353 minimum: 0 type: number - required: - - enabled monitoring_output_id: nullable: true type: string @@ -13922,6 +17293,24 @@ paths: - created_at - created_by type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array revision: type: number schema_version: @@ -13965,7 +17354,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -13985,17 +17374,9 @@ paths: x-beta: true /api/fleet/agent_policies/{agentPolicyId}/download: get: - description: Download an agent policy by ID. + description: 'Download an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' operationId: get-fleet-agent-policies-agentpolicyid-download parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: agentPolicyId required: true @@ -14019,12 +17400,12 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: string '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14040,7 +17421,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14060,17 +17441,9 @@ paths: x-beta: true /api/fleet/agent_policies/{agentPolicyId}/full: get: - description: Get a full agent policy by ID. + description: 'Get a full agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].' operationId: get-fleet-agent-policies-agentpolicyid-full parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: agentPolicyId required: true @@ -14094,7 +17467,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14399,7 +17772,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14419,17 +17792,9 @@ paths: x-beta: true /api/fleet/agent_policies/{agentPolicyId}/outputs: get: - description: Get a list of outputs associated with agent policy by policy id. + description: 'Get a list of outputs associated with agent policy by policy id.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].' operationId: get-fleet-agent-policies-agentpolicyid-outputs parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: agentPolicyId required: true @@ -14438,7 +17803,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14504,7 +17869,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14524,17 +17889,9 @@ paths: x-beta: true /api/fleet/agent_policies/delete: post: - description: Delete an agent policy by ID. + description: 'Delete an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' operationId: post-fleet-agent-policies-delete parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -14544,7 +17901,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14559,7 +17916,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14573,7 +17930,7 @@ paths: - name '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14593,17 +17950,9 @@ paths: x-beta: true /api/fleet/agent_policies/outputs: post: - description: Get a list of outputs associated with agent policies. + description: 'Get a list of outputs associated with agent policies.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].' operationId: post-fleet-agent-policies-outputs parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -14613,7 +17962,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14628,7 +17977,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14696,7 +18045,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14718,14 +18067,6 @@ paths: get: operationId: get-fleet-agent-status parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: policyId required: false @@ -14748,7 +18089,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14771,10 +18112,14 @@ paths: type: number online: type: number + orphaned: + type: number other: type: number unenrolled: type: number + uninstalled: + type: number updating: type: number required: @@ -14792,7 +18137,7 @@ paths: - results '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14812,16 +18157,9 @@ paths: x-beta: true /api/fleet/agent_status/data: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agent-status-data parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: agentsIds required: true @@ -14850,7 +18188,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14875,7 +18213,7 @@ paths: - dataPreview '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -14895,16 +18233,9 @@ paths: x-beta: true /api/fleet/agents: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: page required: false @@ -14962,7 +18293,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -14989,6 +18320,8 @@ paths: required: - id - version + audit_unenrolled_reason: + type: string components: items: additionalProperties: false @@ -15152,6 +18485,8 @@ paths: - unenrolled - updating - degraded + - uninstalled + - orphaned type: string tags: items: @@ -15178,6 +18513,7 @@ paths: type: array upgrade_details: additionalProperties: false + nullable: true type: object properties: action_id: @@ -15262,7 +18598,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -15281,16 +18617,9 @@ paths: - Elastic Agents x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: post-fleet-agents parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -15300,7 +18629,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -15314,7 +18643,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -15327,7 +18656,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -15347,17 +18676,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}: delete: - description: Delete an agent by ID. + description: 'Delete an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: delete-fleet-agents-agentid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -15373,7 +18694,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -15386,7 +18707,7 @@ paths: - action '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -15405,17 +18726,9 @@ paths: - Elastic Agents x-beta: true get: - description: Get an agent by ID. + description: 'Get an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents-agentid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: agentId required: true @@ -15430,7 +18743,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -15456,6 +18769,8 @@ paths: required: - id - version + audit_unenrolled_reason: + type: string components: items: additionalProperties: false @@ -15619,6 +18934,8 @@ paths: - unenrolled - updating - degraded + - uninstalled + - orphaned type: string tags: items: @@ -15645,6 +18962,7 @@ paths: type: array upgrade_details: additionalProperties: false + nullable: true type: object properties: action_id: @@ -15715,7 +19033,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -15734,17 +19052,9 @@ paths: - Elastic Agents x-beta: true put: - description: Update an agent by ID. + description: 'Update an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: put-fleet-agents-agentid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -15759,7 +19069,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -15774,7 +19084,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -15800,6 +19110,8 @@ paths: required: - id - version + audit_unenrolled_reason: + type: string components: items: additionalProperties: false @@ -15963,6 +19275,8 @@ paths: - unenrolled - updating - degraded + - uninstalled + - orphaned type: string tags: items: @@ -15989,6 +19303,7 @@ paths: type: array upgrade_details: additionalProperties: false + nullable: true type: object properties: action_id: @@ -16059,7 +19374,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16079,16 +19394,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}/actions: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-agentid-actions parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16103,7 +19411,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16154,7 +19462,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16199,12 +19507,11 @@ paths: - data - created_at - ack_data - - agents required: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16224,16 +19531,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}/reassign: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-agentid-reassign parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16248,7 +19548,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16260,14 +19560,14 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object properties: {} '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16287,16 +19587,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}/request_diagnostics: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: post-fleet-agents-agentid-request-diagnostics parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16311,7 +19604,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false nullable: true @@ -16326,7 +19619,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16337,7 +19630,7 @@ paths: - actionId '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16357,16 +19650,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}/unenroll: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-agentid-unenroll parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16381,7 +19667,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false nullable: true @@ -16398,16 +19684,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}/upgrade: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-agentid-upgrade parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16422,7 +19701,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16440,14 +19719,14 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object properties: {} '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16467,16 +19746,9 @@ paths: x-beta: true /api/fleet/agents/{agentId}/uploads: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents-agentid-uploads parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: agentId required: true @@ -16485,7 +19757,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16528,7 +19800,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16548,16 +19820,9 @@ paths: x-beta: true /api/fleet/agents/action_status: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents-action-status parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: page required: false @@ -16589,7 +19854,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16694,7 +19959,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16714,16 +19979,9 @@ paths: x-beta: true /api/fleet/agents/actions/{actionId}/cancel: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-actions-actionid-cancel parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16739,7 +19997,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16784,12 +20042,11 @@ paths: - data - created_at - ack_data - - agents required: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16809,20 +20066,13 @@ paths: x-beta: true /api/fleet/agents/available_versions: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents-available-versions - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16835,7 +20085,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16855,16 +20105,9 @@ paths: x-beta: true /api/fleet/agents/bulk_reassign: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-bulk-reassign parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16874,7 +20117,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16898,7 +20141,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16909,7 +20152,7 @@ paths: - actionId '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -16929,16 +20172,9 @@ paths: x-beta: true /api/fleet/agents/bulk_request_diagnostics: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: post-fleet-agents-bulk-request-diagnostics parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -16948,7 +20184,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16972,7 +20208,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -16983,7 +20219,7 @@ paths: - actionId '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17003,16 +20239,9 @@ paths: x-beta: true /api/fleet/agents/bulk_unenroll: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-bulk-unenroll parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17022,7 +20251,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17051,7 +20280,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17062,7 +20291,7 @@ paths: - actionId '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17082,16 +20311,9 @@ paths: x-beta: true /api/fleet/agents/bulk_update_agent_tags: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-bulk-update-agent-tags parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17101,7 +20323,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17130,7 +20352,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17141,7 +20363,7 @@ paths: - actionId '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17161,16 +20383,9 @@ paths: x-beta: true /api/fleet/agents/bulk_upgrade: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-agents-bulk-upgrade parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17180,7 +20395,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17215,7 +20430,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17226,7 +20441,7 @@ paths: - actionId '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17246,17 +20461,9 @@ paths: x-beta: true /api/fleet/agents/files/{fileId}: delete: - description: Delete a file uploaded by an agent. + description: 'Delete a file uploaded by an agent.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: delete-fleet-agents-files-fileid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17272,7 +20479,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17286,7 +20493,7 @@ paths: - deleted '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17306,17 +20513,9 @@ paths: x-beta: true /api/fleet/agents/files/{fileId}/{fileName}: get: - description: Get a file uploaded by an agent. + description: 'Get a file uploaded by an agent.

[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents-files-fileid-filename parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: fileId required: true @@ -17330,12 +20529,12 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17355,20 +20554,13 @@ paths: x-beta: true /api/fleet/agents/setup: get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' operationId: get-fleet-agents-setup - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. @@ -17404,7 +20596,7 @@ paths: - missing_optional_features '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17423,16 +20615,9 @@ paths: - Elastic Agents x-beta: true post: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' operationId: post-fleet-agents-setup parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17443,7 +20628,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. @@ -17469,7 +20654,7 @@ paths: - nonFatalErrors '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17489,16 +20674,9 @@ paths: x-beta: true /api/fleet/agents/tags: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' operationId: get-fleet-agents-tags parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: kuery required: false @@ -17513,7 +20691,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17526,7 +20704,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17548,14 +20726,6 @@ paths: get: operationId: get-fleet-check-permissions parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: fleetServerSetup required: false @@ -17564,7 +20734,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17581,7 +20751,7 @@ paths: - success '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17601,20 +20771,13 @@ paths: x-beta: true /api/fleet/data_streams: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].' operationId: get-fleet-data-streams - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17686,7 +20849,7 @@ paths: - data_streams '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17706,16 +20869,9 @@ paths: x-beta: true /api/fleet/enrollment_api_keys: get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].' operationId: get-fleet-enrollment-api-keys parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: page required: false @@ -17736,7 +20892,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17818,7 +20974,7 @@ paths: - list '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17837,16 +20993,9 @@ paths: - Fleet enrollment API keys x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-enrollment-api-keys parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17856,7 +21005,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17872,7 +21021,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17915,7 +21064,7 @@ paths: - action '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17935,17 +21084,9 @@ paths: x-beta: true /api/fleet/enrollment_api_keys/{keyId}: delete: - description: Revoke an enrollment API key by ID by marking it as inactive. + description: 'Revoke an enrollment API key by ID by marking it as inactive.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: delete-fleet-enrollment-api-keys-keyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -17961,7 +21102,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -17974,7 +21115,7 @@ paths: - action '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -17993,17 +21134,9 @@ paths: - Fleet enrollment API keys x-beta: true get: - description: Get an enrollment API key by ID. + description: 'Get an enrollment API key by ID.

[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].' operationId: get-fleet-enrollment-api-keys-keyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: keyId required: true @@ -18012,7 +21145,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18050,7 +21183,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -18070,16 +21203,9 @@ paths: x-beta: true /api/fleet/epm/bulk_assets: post: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: post-fleet-epm-bulk-assets parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -18089,7 +21215,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18112,7 +21238,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18149,7 +21275,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -18169,16 +21295,9 @@ paths: x-beta: true /api/fleet/epm/categories: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-categories parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: prerelease required: false @@ -18192,7 +21311,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18221,7 +21340,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -18241,16 +21360,9 @@ paths: x-beta: true /api/fleet/epm/custom_integrations: post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' operationId: post-fleet-epm-custom-integrations parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -18260,7 +21372,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18294,7 +21406,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18364,7 +21476,7 @@ paths: - _meta '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -18384,16 +21496,9 @@ paths: x-beta: true /api/fleet/epm/data_streams: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-data-streams parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: type required: false @@ -18428,7 +21533,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18447,7 +21552,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -18467,16 +21572,9 @@ paths: x-beta: true /api/fleet/epm/packages: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-packages parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: category required: false @@ -18495,7 +21593,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18848,7 +21946,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -18867,16 +21965,9 @@ paths: - Elastic Package Manager (EPM) x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' operationId: post-fleet-epm-packages parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -18898,14 +21989,14 @@ paths: type: boolean requestBody: content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip: schema: format: binary type: string responses: '200': content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip: schema: additionalProperties: false type: object @@ -18975,7 +22066,7 @@ paths: - _meta '400': content: - application/gzip; application/zip; Elastic-Api-Version=2023-10-31: + application/gzip; application/zip: schema: additionalProperties: false description: Generic Error @@ -18995,16 +22086,9 @@ paths: x-beta: true /api/fleet/epm/packages/_bulk: post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' operationId: post-fleet-epm-packages-bulk parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -19019,7 +22103,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19050,7 +22134,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19158,7 +22242,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -19178,16 +22262,9 @@ paths: x-beta: true /api/fleet/epm/packages/{pkgName}/{pkgVersion}: delete: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' operationId: delete-fleet-epm-packages-pkgname-pkgversion parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -19213,7 +22290,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19274,7 +22351,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -19295,14 +22372,6 @@ paths: get: operationId: get-fleet-epm-packages-pkgname-pkgversion parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: pkgName required: true @@ -19337,7 +22406,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19754,7 +22823,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -19773,16 +22842,9 @@ paths: - Elastic Package Manager (EPM) x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' operationId: post-fleet-epm-packages-pkgname-pkgversion parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -19819,7 +22881,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false nullable: true @@ -19834,7 +22896,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19904,7 +22966,7 @@ paths: - _meta '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -19923,16 +22985,9 @@ paths: - Elastic Package Manager (EPM) x-beta: true put: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' operationId: put-fleet-epm-packages-pkgname-pkgversion parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -19952,7 +23007,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19964,7 +23019,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -20373,7 +23428,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20393,16 +23448,9 @@ paths: x-beta: true /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: pkgName required: true @@ -20421,11 +23469,11 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: {} '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20447,14 +23495,6 @@ paths: post: operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -20479,7 +23519,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -20499,7 +23539,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: additionalProperties: false @@ -20518,7 +23558,7 @@ paths: type: array '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20538,16 +23578,9 @@ paths: x-beta: true /api/fleet/epm/packages/{pkgName}/stats: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-packages-pkgname-stats parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: pkgName required: true @@ -20556,7 +23589,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -20573,7 +23606,7 @@ paths: - response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20593,16 +23626,9 @@ paths: x-beta: true /api/fleet/epm/packages/installed: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-packages-installed parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: dataStreamType required: false @@ -20651,7 +23677,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -20727,7 +23753,7 @@ paths: - total '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20747,20 +23773,13 @@ paths: x-beta: true /api/fleet/epm/packages/limited: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-packages-limited - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -20773,7 +23792,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20793,16 +23812,9 @@ paths: x-beta: true /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: pkgName required: true @@ -20836,7 +23848,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - type: string @@ -20881,7 +23893,7 @@ paths: - inputs '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20901,20 +23913,13 @@ paths: x-beta: true /api/fleet/epm/verification_key_id: get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' operationId: get-fleet-epm-verification-key-id - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -20926,7 +23931,7 @@ paths: - id '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -20946,20 +23951,13 @@ paths: x-beta: true /api/fleet/fleet_server_hosts: get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].' operationId: get-fleet-fleet-server-hosts - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21007,7 +24005,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21026,16 +24024,9 @@ paths: - Fleet Server hosts x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: post-fleet-fleet-server-hosts parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -21045,7 +24036,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21076,7 +24067,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21113,7 +24104,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21133,17 +24124,9 @@ paths: x-beta: true /api/fleet/fleet_server_hosts/{itemId}: delete: - description: Delete a Fleet Server host by ID. + description: 'Delete a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: delete-fleet-fleet-server-hosts-itemid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -21159,7 +24142,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21170,7 +24153,7 @@ paths: - id '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21189,17 +24172,9 @@ paths: - Fleet Server hosts x-beta: true get: - description: Get a Fleet Server host by ID. + description: 'Get a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-read].' operationId: get-fleet-fleet-server-hosts-itemid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: itemId required: true @@ -21208,7 +24183,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21245,7 +24220,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21264,17 +24239,9 @@ paths: - Fleet Server hosts x-beta: true put: - description: Update a Fleet Server host by ID. + description: 'Update a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: put-fleet-fleet-server-hosts-itemid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -21289,7 +24256,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21313,7 +24280,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21350,7 +24317,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21370,16 +24337,9 @@ paths: x-beta: true /api/fleet/health_check: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: post-fleet-health-check parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -21389,7 +24349,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21401,7 +24361,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21416,7 +24376,7 @@ paths: - status '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21432,7 +24392,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21452,16 +24412,9 @@ paths: x-beta: true /api/fleet/kubernetes: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' operationId: get-fleet-kubernetes parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: download required: false @@ -21480,7 +24433,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21491,7 +24444,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21511,16 +24464,9 @@ paths: x-beta: true /api/fleet/kubernetes/download: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' operationId: get-fleet-kubernetes-download parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: download required: false @@ -21539,12 +24485,12 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: string '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21560,7 +24506,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21580,16 +24526,9 @@ paths: x-beta: true /api/fleet/logstash_api_keys: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: post-fleet-logstash-api-keys parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -21600,7 +24539,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21611,7 +24550,7 @@ paths: - api_key '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21631,16 +24570,9 @@ paths: x-beta: true /api/fleet/message_signing_service/rotate_key_pair: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].' operationId: post-fleet-message-signing-service-rotate-key-pair parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -21657,7 +24589,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -21668,7 +24600,7 @@ paths: - message '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21684,7 +24616,7 @@ paths: - message '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -21704,20 +24636,13 @@ paths: x-beta: true /api/fleet/outputs: get: + description: '[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].' operationId: get-fleet-outputs - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -22418,7 +25343,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -22437,16 +25362,9 @@ paths: - Fleet outputs x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: post-fleet-outputs parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -22456,7 +25374,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - additionalProperties: false @@ -23141,7 +26059,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -23831,7 +26749,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -23851,17 +26769,9 @@ paths: x-beta: true /api/fleet/outputs/{outputId}: delete: - description: Delete output by ID. + description: 'Delete output by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: delete-fleet-outputs-outputid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -23877,7 +26787,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -23888,7 +26798,7 @@ paths: - id '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -23904,7 +26814,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -23923,17 +26833,9 @@ paths: - Fleet outputs x-beta: true get: - description: Get output by ID. + description: 'Get output by ID.

[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].' operationId: get-fleet-outputs-outputid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: outputId required: true @@ -23942,7 +26844,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -24632,7 +27534,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -24651,17 +27553,9 @@ paths: - Fleet outputs x-beta: true put: - description: Update output by ID. + description: 'Update output by ID.

[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].' operationId: put-fleet-outputs-outputid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -24676,7 +27570,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - additionalProperties: false @@ -25340,7 +28234,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -26030,7 +28924,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -26050,16 +28944,9 @@ paths: x-beta: true /api/fleet/outputs/{outputId}/health: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' operationId: get-fleet-outputs-outputid-health parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: outputId required: true @@ -26068,7 +28955,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -26088,7 +28975,7 @@ paths: - timestamp '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -26110,14 +28997,6 @@ paths: get: operationId: get-fleet-package-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: query name: page required: false @@ -26167,7 +29046,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -26562,7 +29441,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -26583,14 +29462,6 @@ paths: post: operationId: post-fleet-package-policies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -26608,7 +29479,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - additionalProperties: false @@ -27012,7 +29883,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -27396,7 +30267,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -27412,7 +30283,7 @@ paths: - message '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -27434,14 +30305,6 @@ paths: post: operationId: post-fleet-package-policies-bulk-get parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -27459,7 +30322,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -27476,7 +30339,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -27862,7 +30725,7 @@ paths: - items '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -27878,7 +30741,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -27893,17 +30756,9 @@ paths: x-beta: true /api/fleet/package_policies/{packagePolicyId}: delete: - description: Delete a package policy by ID. + description: 'Delete a package policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' operationId: delete-fleet-package-policies-packagepolicyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -27924,7 +30779,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -27935,7 +30790,7 @@ paths: - id '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -27957,14 +30812,6 @@ paths: description: Get a package policy by ID. operationId: get-fleet-package-policies-packagepolicyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: packagePolicyId required: true @@ -27981,7 +30828,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -28365,7 +31212,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -28381,7 +31228,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -28398,14 +31245,6 @@ paths: description: Update a package policy by ID. operationId: put-fleet-package-policies-packagepolicyid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -28428,7 +31267,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - additionalProperties: false @@ -28825,7 +31664,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -29209,7 +32048,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -29225,7 +32064,7 @@ paths: - message '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -29245,16 +32084,9 @@ paths: x-beta: true /api/fleet/package_policies/delete: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' operationId: post-fleet-package-policies-delete parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -29264,7 +32096,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -29280,7 +32112,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: additionalProperties: false @@ -29362,7 +32194,7 @@ paths: type: array '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -29382,17 +32214,9 @@ paths: x-beta: true /api/fleet/package_policies/upgrade: post: - description: Upgrade a package policy to a newer package version. + description: 'Upgrade a package policy to a newer package version.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' operationId: post-fleet-package-policies-upgrade parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -29402,7 +32226,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -29416,7 +32240,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: additionalProperties: false @@ -29444,7 +32268,7 @@ paths: type: array '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -29464,16 +32288,9 @@ paths: x-beta: true /api/fleet/package_policies/upgrade/dryrun: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].' operationId: post-fleet-package-policies-upgrade-dryrun parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -29483,7 +32300,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -29499,7 +32316,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: additionalProperties: false @@ -30245,7 +33062,7 @@ paths: type: array '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30265,20 +33082,13 @@ paths: x-beta: true /api/fleet/proxies: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' operationId: get-fleet-proxies - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30332,7 +33142,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30351,16 +33161,9 @@ paths: - Fleet proxies x-beta: true post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: post-fleet-proxies parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -30370,7 +33173,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30407,7 +33210,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30450,7 +33253,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30470,17 +33273,9 @@ paths: x-beta: true /api/fleet/proxies/{itemId}: delete: - description: Delete a proxy by ID + description: 'Delete a proxy by ID

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: delete-fleet-proxies-itemid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -30496,7 +33291,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30507,7 +33302,7 @@ paths: - id '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30526,17 +33321,9 @@ paths: - Fleet proxies x-beta: true get: - description: Get a proxy by ID. + description: 'Get a proxy by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-read].' operationId: get-fleet-proxies-itemid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: itemId required: true @@ -30545,7 +33332,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30588,7 +33375,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30607,17 +33394,9 @@ paths: - Fleet proxies x-beta: true put: - description: Update a proxy by ID. + description: 'Update a proxy by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: put-fleet-proxies-itemid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -30632,7 +33411,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30666,7 +33445,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30709,7 +33488,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30729,16 +33508,9 @@ paths: x-beta: true /api/fleet/service_tokens: post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: post-fleet-service-tokens parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -30748,7 +33520,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false nullable: true @@ -30760,7 +33532,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30774,7 +33546,7 @@ paths: - value '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30794,20 +33566,13 @@ paths: x-beta: true /api/fleet/settings: get: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' operationId: get-fleet-settings - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string + parameters: [] responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30860,7 +33625,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -30876,7 +33641,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30890,16 +33655,9 @@ paths: - Fleet internals x-beta: true put: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' operationId: put-fleet-settings parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -30909,7 +33667,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30941,7 +33699,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -30994,7 +33752,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -31010,7 +33768,7 @@ paths: - message '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -31025,16 +33783,9 @@ paths: x-beta: true /api/fleet/setup: post: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' operationId: post-fleet-setup parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -31045,7 +33796,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. @@ -31071,7 +33822,7 @@ paths: - nonFatalErrors '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -31087,7 +33838,7 @@ paths: - message '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Internal Server Error @@ -31103,17 +33854,9 @@ paths: x-beta: true /api/fleet/uninstall_tokens: get: - description: List the metadata for the latest uninstall tokens per agent policy. + description: 'List the metadata for the latest uninstall tokens per agent policy.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: get-fleet-uninstall-tokens parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: Partial match filtering for policy IDs in: query name: policyId @@ -31143,7 +33886,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -31184,7 +33927,7 @@ paths: - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -31204,17 +33947,9 @@ paths: x-beta: true /api/fleet/uninstall_tokens/{uninstallTokenId}: get: - description: Get one decrypted uninstall token by its ID. + description: 'Get one decrypted uninstall token by its ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' operationId: get-fleet-uninstall-tokens-uninstalltokenid parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - in: path name: uninstallTokenId required: true @@ -31223,7 +33958,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -31256,7 +33991,7 @@ paths: - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false description: Generic Error @@ -31277,39 +34012,64 @@ paths: /api/lists: delete: description: | - Delete a list using the list ID. + Delete a value list using the list ID. > info > When you delete a list, all of its list items are also deleted. operationId: DeleteList parameters: - - description: List's `id` value - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query + - description: Determines whether exception items referencing this value list should be deleted. + in: query name: deleteReferences required: false schema: default: false + example: false type: boolean - - in: query + - description: Determines whether to delete value list without performing any additional checks of where this list may be utilized. + in: query name: ignoreReferences required: false schema: default: false + example: false type: boolean responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ipList: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: List of bad internet ips. + id: 21b01cfb-058d-44b9-838c-282be16c91cd + immutable: false + name: Bad ips + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:39:39.292Z' + updated_by: elastic + version: 3 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: id: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31317,38 +34077,59 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"ip_list\" was not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete a list + summary: Delete a value list tags: - Security Lists API x-beta: true get: - description: Get the details of a list using the list ID. + description: Get the details of a value list using the list ID. operationId: ReadList parameters: - - description: List's `id` value - in: query + - in: query name: id required: true schema: @@ -31356,13 +34137,35 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ip + id: ip_list + immutable: false + name: My bad ips + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:21:53.843Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: id: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31370,43 +34173,68 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get list details + summary: Get value list details tags: - Security Lists API x-beta: true patch: - description: Update specific fields of an existing list using the list ID. + description: Update specific fields of an existing list using the list `id`. operationId: PatchList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + id: ip_list + name: Bad ips list - UPDATED type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: @@ -31416,22 +34244,43 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' version: - minimum: 1 - type: integer + $ref: '#/components/schemas/Security_Lists_API_ListVersion' required: - id - description: List's properties + description: Value list's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ips + id: ip_list + immutable: false + name: Bad ips list - UPDATED + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:21:53.843Z' + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: name: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31439,45 +34288,94 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PATCH /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Patch a list + summary: Patch a value list tags: - Security Lists API x-beta: true post: - description: Create a new list. + description: Create a new value list. operationId: CreateList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + description: This list describes bad internet ips + id: ip_list + name: Simple list with ips + type: ip + ip_range: + value: + description: This list has ip ranges + id: ip_range_list + name: Simple list with ip ranges + type: ip_range + keyword: + value: + description: This list describes bad host names + id: keyword_list + name: Simple list with a keyword + type: keyword + keyword_custom_format: + value: + description: This parses the first found ipv4 only + deserializer: '{{value}}' + id: keyword_custom_format_list + name: Simple list with a keyword using a custom format + serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) + type: keyword schema: type: object properties: description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' id: $ref: '#/components/schemas/Security_Lists_API_ListId' meta: @@ -31485,7 +34383,7 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' type: $ref: '#/components/schemas/Security_Lists_API_ListType' version: @@ -31496,18 +34394,86 @@ paths: - name - description - type - description: List's properties + description: Value list's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ips + id: ip_list + immutable: false + name: Simple list with ips + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T04:47:34.273Z' + updated_by: elastic + version: 1 + ip_range: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-09T18:23:52.241Z' + created_at: '2025-01-09T18:23:52.241Z' + created_by: elastic + description: This list has ip ranges + id: ip_range_list + immutable: false + name: Simple list with ip ranges + tie_breaker_id: 74aebdaf-601f-4940-b351-155728ff7003 + type: ip_range + updated_at: '2025-01-09T18:23:52.241Z' + updated_by: elastic + version: 1 + keyword: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-09T18:24:55.786Z' + created_at: '2025-01-09T18:24:55.786Z' + created_by: elastic + description: This list describes bad host names + id: keyword_list + immutable: false + name: Simple list with a keyword + tie_breaker_id: f7e7dbaa-daf7-4c9a-a3dc-56643923ef68 + type: keyword + updated_at: '2025-01-09T18:24:55.786Z' + updated_by: elastic + version: 1 + keyword_custom_format: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-09T18:25:39.604Z' + created_at: '2025-01-09T18:25:39.604Z' + created_by: elastic + description: This parses the first found ipv4 only + deserializer: '{{value}}' + id: keyword_custom_format_list + immutable: false + name: Simple list with a keyword using a custom format + serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) + tie_breaker_id: 8247ae63-b780-47b8-9a89-948b643e9ec2 + type: keyword + updated_at: '2025-01-09T18:25:39.604Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: To create a list, the data stream must exist first. Data stream \".lists-default\" does not exist + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31515,46 +34481,72 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'list id: "keyword_custom_format_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Create a list + summary: Create a value list tags: - Security Lists API x-beta: true put: description: | - Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted. + Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted. > info > You cannot modify the `id` value. operationId: UpdateList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: Latest list of bad ips + id: ip_list + name: Bad ips - updated type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: @@ -31564,24 +34556,45 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' version: - minimum: 1 - type: integer + $ref: '#/components/schemas/Security_Lists_API_ListVersion' required: - id - name - description - description: List's properties + description: Value list's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: Latest list of bad ips + id: ip_list + immutable: false + name: Bad ips - updated + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:39:39.292Z' + updated_by: elastic + version: 3 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31589,55 +34602,82 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Update a list + summary: Update a value list tags: - Security Lists API x-beta: true /api/lists/_find: get: - description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page. + description: Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page. operationId: FindLists parameters: - - description: The page number to return + - description: The page number to return. in: query name: page required: false schema: + example: 1 type: integer - - description: The number of lists to return per page + - description: The number of value lists to return per page. in: query name: per_page required: false schema: + example: 20 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + example: name + format: nonempty + minLength: 1 + type: string - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -31646,11 +34686,9 @@ paths: enum: - desc - asc + example: asc type: string - - description: | - Returns the list that come after the last list returned in the previous call - (use the cursor value returned in the previous call). This parameter uses - the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. + - description: Returns the lists that come after the last lists returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false @@ -31667,7 +34705,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ipList: + value: + cursor: WzIwLFsiZjU1MDgxODgtYjFlOS00ZTZlLTk2NjItZDAzOWE3ZDg5ODk5Il1d + data: + - _version: WzAsMV0= + '@timestamp': | + 2025-01-08T04:47:34.273Z + created_at: | + 2025-01-08T04:47:34.273Z + created_by: elastic + description: This list describes bad internet ip + id: ip_list + immutable: false + name: Simple list with an ip + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: | + 2025-01-08T04:47:34.273Z + updated_by: elastic + version: 1 + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -31695,7 +34757,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: page: Expected number, received nan' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31703,23 +34771,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/_find?page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get lists + summary: Get value lists tags: - Security Lists API x-beta: true @@ -31730,7 +34815,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -31741,7 +34826,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31749,29 +34834,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete list data streams + summary: Delete value list data streams tags: - Security Lists API x-beta: true @@ -31781,7 +34877,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -31795,7 +34891,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31803,29 +34899,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream(s) not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get status of list data streams + summary: Get status of value list data streams tags: - Security Lists API x-beta: true @@ -31835,7 +34942,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -31846,7 +34953,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31854,25 +34961,42 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'data stream: \".lists-default\" and \".items-default\" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response @@ -31882,28 +35006,29 @@ paths: x-beta: true /api/lists/items: delete: - description: Delete a list item using its `id`, or its `list_id` and `value` fields. + description: Delete a value list item using its `id`, or its `list_id` and `value` fields. operationId: DeleteListItem parameters: - - description: Required if `list_id` and `value` are not specified + - description: Value list item's identifier. Required if `list_id` and `value` are not specified. in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + - description: Value list's identifier. Required if `id` is not specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + - description: The value used to evaluate exceptions. Required if `id` is not specified. in: query name: value required: false schema: + example: 255.255.255.255 type: string - - description: Determines when changes made by the request are made visible to search + - description: Determines when changes made by the request are made visible to search. in: query name: refresh required: false @@ -31913,11 +35038,26 @@ paths: - 'true' - 'false' - wait_for + example: false type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzIwLDFd + '@timestamp': '2025-01-08T05:15:05.159Z' + created_at: '2025-01-08T05:15:05.159Z' + created_by: elastic + id: pd1WRJQBs4HAK3VQeHFI + list_id: ip_list + tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 + type: ip + updated_at: '2025-01-08T05:44:14.009Z' + updated_by: elastic + value: 255.255.255.255 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -31927,7 +35067,12 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: Either \"list_id\" or \"id\" needs to be defined in the request + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -31935,58 +35080,95 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/lists/items?id=pd1WRJQBs4HAK3VQeHFI] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item with id: \"pd1WRJQBs4HAK3VQeHFI\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete a list item + summary: Delete a value list item tags: - Security Lists API x-beta: true get: - description: Get the details of a list item. + description: Get the details of a value list item. operationId: ReadListItem parameters: - - description: Required if `list_id` and `value` are not specified + - description: Value list item identifier. Required if `list_id` and `value` are not specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + - description: Value list item list's `id` identfier. Required if `id` is not specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + - description: The value used to evaluate exceptions. Required if `id` is not specified. in: query name: value required: false schema: + example: 127.0.0.2 type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzExLDFd + '@timestamp': '2025-01-08T05:16:25.882Z' + created_at: '2025-01-08T05:16:25.882Z' + created_by: elastic + id: qN1XRJQBs4HAK3VQs3Gc + list_id: ip_list + tie_breaker_id: a9a34c02-a385-436e-86a0-02a3942f3537 + type: ip + updated_at: '2025-01-08T05:16:25.882Z' + updated_by: elastic + value: 127.0.0.2 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -31996,7 +35178,12 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: Either \"list_id\" or \"id\" needs to be defined in the request + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32004,49 +35191,74 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/items?id=qN1XRJQBs4HAK3VQs3Gc] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get a list item + summary: Get a value list item tags: - Security Lists API x-beta: true patch: - description: Update specific fields of an existing list item using the list item ID. + description: Update specific fields of an existing value list item using the item `id`. operationId: PatchListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + id: pd1WRJQBs4HAK3VQeHFI + value: 255.255.255.255 type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: Determines when changes made by the request are made visible to search + description: Determines when changes made by the request are made visible to search. enum: - 'true' - 'false' @@ -32056,18 +35268,37 @@ paths: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - description: List item's properties + description: Value list item's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ipItem: + value: + _version: WzE5LDFd + '@timestamp': '2025-01-08T05:15:05.159Z' + created_at: '2025-01-08T05:15:05.159Z' + created_by: elastic + id: pd1WRJQBs4HAK3VQeHFI + list_id: ip_list + tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 + type: ip + updated_at: '2025-01-08T05:23:37.602Z' + updated_by: elastic + value: 255.255.255.255 schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: '{"took":15,"timed_out":false,"total":1,"updated":0,"deleted":0,"batches":1,"version_conflicts":0,"noops":0,"retries":{"bulk":0,"search":0},"throttled_millis":0,"requests_per_second":-1,"throttled_until_millis":0,"failures":[{"index":".ds-.items-default-2025.01.09-000001","id":"ip_item","cause":{"type":"document_parsing_exception","reason":"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2","caused_by":{"type":"illegal_argument_exception","reason":"2 is not an IP string literal."}},"status":400}]}' + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32075,43 +35306,78 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Patch a list item + summary: Patch a value list item tags: - Security Lists API x-beta: true post: description: | - Create a list item and associate it with the specified list. + Create a value list item and associate it with the specified value list. - All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. + All value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. > info > Before creating a list item, you must create a list. operationId: CreateListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + list_id: ip_list + value: 127.0.0.1 + ip_range: + value: + list_id: ip_range_list + value: 192.168.0.0/16 + keyword: + value: + list_id: keyword_list + value: zeek schema: type: object properties: @@ -32122,29 +35388,76 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: Determines when changes made by the request are made visible to search + description: Determines when changes made by the request are made visible to search. enum: - 'true' - 'false' - wait_for + example: wait_for type: string value: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - list_id - value - description: List item's properties + description: Value list item's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-08T04:59:06.154Z' + created_at: '2025-01-08T04:59:06.154Z' + created_by: elastic + id: 21b01cfb-058d-44b9-838c-282be16c91cc + list_id: ip_list + tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a + type: ip + updated_at: '2025-01-08T04:59:06.154Z' + updated_by: elastic + value: 127.0.0.1 + ip_range: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-09T18:33:08.202Z' + created_at: '2025-01-09T18:33:08.202Z' + created_by: elastic + id: ip_range_item + list_id: ip_range_list + tie_breaker_id: ea1b4189-efda-4637-b8f9-74655a5ebb61 + type: ip_range + updated_at: '2025-01-09T18:33:08.202Z' + updated_by: elastic + value: 192.168.0.0/16 + keyword: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-09T18:34:29.422Z' + created_at: '2025-01-09T18:34:29.422Z' + created_by: elastic + id: 7f24737d-1da8-4626-a568-33070591bb4e + list_id: keyword_list + tie_breaker_id: 2108ced2-5e5d-401e-a88e-4dd69fc5fa27 + type: keyword + updated_at: '2025-01-09T18:34:29.422Z' + updated_by: elastic + value: zeek schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: uri [/api/lists/items] with method [post] exists but is not available with the current configuration + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32152,46 +35465,82 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + examples: + listNotFound: + value: + message: 'list id: \"ip_list\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'list item id: \"ip_item\" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Create a list item + summary: Create a value list item tags: - Security Lists API x-beta: true put: description: | - Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. + Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. > info > You cannot modify the `id` value. operationId: UpdateListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + example: + id: ip_item + value: 255.255.255.255 schema: type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: @@ -32201,18 +35550,38 @@ paths: required: - id - value - description: List item's properties + description: Value list item's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzIwLDFd + '@timestamp': '2025-01-08T05:15:05.159Z' + created_at: '2025-01-08T05:15:05.159Z' + created_by: elastic + id: pd1WRJQBs4HAK3VQeHFI + list_id: ip_list + tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 + type: ip + updated_at: '2025-01-08T05:44:14.009Z' + updated_by: elastic + value: 255.255.255.255 schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32220,38 +35589,60 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Update a list item + summary: Update a value list item tags: - Security Lists API x-beta: true /api/lists/items/_export: post: - description: Export list item values from the specified list. + description: Export list item values from the specified value list. operationId: ExportListItems parameters: - - description: List's id to export + - description: Value list's `id` to export. in: query name: list_id required: true @@ -32260,15 +35651,30 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: description: A `.txt` file containing list items from the specified list + example: | + 127.0.0.1 + 127.0.0.2 + 127.0.0.3 + 127.0.0.4 + 127.0.0.5 + 127.0.0.6 + 127.0.0.7 + 127.0.0.8 + 127.0.0.9 format: binary type: string description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: 'Bad Request","message":"[request query]: list_id: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32276,61 +35682,82 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists/items/_export?list_id=ips.txt] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Export list items + summary: Export value list items tags: - Security Lists API x-beta: true /api/lists/items/_find: get: - description: Get all list items in the specified list. + description: Get all value list items in the specified list. operationId: FindListItems parameters: - - description: List's id - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return + - description: The page number to return. in: query name: page required: false schema: + example: 1 type: integer - - description: The number of list items to return per page + - description: The number of list items to return per page. in: query name: per_page required: false schema: + example: 20 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + example: value + format: nonempty + minLength: 1 + type: string - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -32339,12 +35766,9 @@ paths: enum: - desc - asc + example: asc type: string - - description: | - Returns the list that come after the last list returned in the previous call - (use the cursor value returned in the previous call). This parameter uses - the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. - in: query + - in: query name: cursor required: false schema: @@ -32360,7 +35784,26 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + cursor: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d + data: + - _version: WzAsMV0= + '@timestamp': '2025-01-08T04:59:06.154Z' + created_at: '2025-01-08T04:59:06.154Z' + created_by: elastic + id: 21b01cfb-058d-44b9-838c-282be16c91cc + list_id: ip_list + tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a + type: ip + updated_at: '2025-01-08T04:59:06.154Z' + updated_by: elastic + value: 127.0.0.1 + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -32388,7 +35831,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request, + message: '[request query]: list_id: Required' + statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32396,30 +35845,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/items/_find?list_id=ip_list&page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get list items + summary: Get value list items tags: - Security Lists API x-beta: true /api/lists/items/_import: post: description: | - Import list items from a TXT or CSV file. The maximum file size is 9 million bytes. + Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes. You can import items to a new or existing list. operationId: ImportListItems @@ -32436,23 +35902,39 @@ paths: - description: | Type of the importing list. - Required when importing a new list that is `list_id` is not specified. + Required when importing a new list whose list `id` is not specified. + examples: + ip: + value: ip in: query name: type required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query + - description: | + Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups: + + - `(?.+)` - Single value item types, such as ip, long, date, keyword, and text. + - `(?.+)-(?.+)|(?.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + in: query name: serializer required: false schema: + example: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) type: string - - in: query + - description: | + Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions: + + - `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`. + - `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + - `{{{gte}}},{{{lte}}}` - Date range values. + in: query name: deserializer required: false schema: + example: '{{value}}' type: string - - description: Determines when changes made by the request are made visible to search + - description: Determines when changes made by the request are made visible to search. in: query name: refresh required: false @@ -32461,28 +35943,60 @@ paths: - 'true' - 'false' - wait_for + example: true type: string requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: type: object properties: file: - description: A `.txt` or `.csv` file containing newline separated list items + description: A `.txt` or `.csv` file containing newline separated list items. + example: | + 127.0.0.1 + 127.0.0.2 + 127.0.0.3 + 127.0.0.4 + 127.0.0.5 + 127.0.0.6 + 127.0.0.7 + 127.0.0.8 + 127.0.0.9 format: binary type: string required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ip + id: ip_list + immutable: false + name: Simple list with an ip + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T04:47:34.273Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: Either type or list_id need to be defined in the query + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32490,29 +36004,46 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists/items/_import?list_id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List with specified list_id does not exist response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Import list items + summary: Import value list items tags: - Security Lists API x-beta: true @@ -32522,7 +36053,75 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + privileges: + value: + is_authenticated: true + listItems: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + index: + .items-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + username: elastic + lists: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + index: + .lists-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + username: elastic schema: type: object properties: @@ -32539,7 +36138,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -32547,23 +36146,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/privileges] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get list privileges + summary: Get value list privileges tags: - Security Lists API x-beta: true @@ -32577,7 +36193,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: syncExample: $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' @@ -32586,7 +36202,7 @@ paths: description: Indicates a successful call '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' description: Authorization information is missing or invalid. @@ -32600,7 +36216,7 @@ paths: operationId: DeleteNote requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - nullable: true @@ -32683,7 +36299,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' description: Indicates the requested notes were returned. @@ -32696,7 +36312,7 @@ paths: operationId: PersistNoteRoute requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -32727,7 +36343,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' description: Indicates the note was successfully created. @@ -32748,7 +36364,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32761,14 +36377,14 @@ paths: operationId: OsqueryCreateLiveQuery requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32794,7 +36410,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32825,7 +36441,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32846,7 +36462,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32859,14 +36475,14 @@ paths: operationId: OsqueryCreatePacks requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32887,7 +36503,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32907,7 +36523,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32929,14 +36545,14 @@ paths: $ref: '#/components/schemas/Security_Osquery_API_PackId' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32957,7 +36573,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32970,14 +36586,14 @@ paths: operationId: OsqueryCreateSavedQuery requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -32998,7 +36614,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -33018,7 +36634,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -33040,14 +36656,14 @@ paths: $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -33061,7 +36677,7 @@ paths: operationId: PersistPinnedEventRoute requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33080,7 +36696,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' description: Indicates the event was successfully pinned to the Timeline. @@ -33095,7 +36711,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33104,13 +36720,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse' description: Unexpected error @@ -33118,29 +36734,81 @@ paths: tags: - Security Entity Analytics API x-beta: true + /api/risk_score/engine/saved_object/configure: + patch: + description: Configuring the Risk Engine Saved Object + operationId: ConfigureRiskEngineSavedObject + requestBody: + content: + application/json: + schema: + type: object + properties: + exclude_alert_statuses: + items: + type: string + type: array + exclude_alert_tags: + items: + type: string + type: array + range: + type: object + properties: + end: + type: string + start: + type: string + required: true + responses: + '200': + content: + application/json: + schema: + type: object + properties: + risk_engine_saved_object_configured: + type: boolean + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' + description: Task manager is unavailable + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse' + description: Unexpected error + summary: Configure the Risk Engine Saved Object + tags: + - Security Entity Analytics API + x-beta: true /api/risk_score/engine/schedule_now: post: description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. operationId: ScheduleRiskEngineNow requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: {} + application/json: {} responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse' description: Unexpected error @@ -33162,7 +36830,7 @@ paths: - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: exportSavedObjectsRequest: $ref: '#/components/examples/Serverless_saved_objects_export_objects_request' @@ -33192,7 +36860,7 @@ paths: responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: + application/x-ndjson: examples: exportSavedObjectsResponse: $ref: '#/components/examples/Serverless_saved_objects_export_objects_response' @@ -33202,7 +36870,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Serverless_saved_objects_400_response' description: Bad request. @@ -33241,7 +36909,7 @@ paths: type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: examples: importObjectsRequest: $ref: '#/components/examples/Serverless_saved_objects_import_objects_request' @@ -33255,7 +36923,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: importObjectsResponse: $ref: '#/components/examples/Serverless_saved_objects_import_objects_response' @@ -33288,7 +36956,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Serverless_saved_objects_400_response' description: Bad request. @@ -33310,7 +36978,7 @@ paths: operationId: PerformAnonymizationFieldsBulkAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33337,13 +37005,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33407,7 +37075,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33429,7 +37097,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33450,21 +37118,21 @@ paths: operationId: ChatComplete requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' required: true responses: '200': content: - application/octet-stream; Elastic-Api-Version=2023-10-31: + application/octet-stream: schema: format: binary type: string description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33485,20 +37153,20 @@ paths: operationId: CreateConversation requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33562,7 +37230,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33584,7 +37252,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33613,13 +37281,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33647,13 +37315,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33680,20 +37348,20 @@ paths: $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33721,7 +37389,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33742,7 +37410,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33782,13 +37450,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33809,20 +37477,20 @@ paths: operationId: CreateKnowledgeBaseEntry requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' description: Successful request returning Knowledge Base Entries '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -33836,7 +37504,7 @@ paths: operationId: PerformKnowledgeBaseEntryBulkAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33863,13 +37531,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse' description: Successful bulk operation request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -33926,7 +37594,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33948,7 +37616,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -33977,13 +37645,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_DeleteResponseFields' description: Successful request returning the deleted Knowledge Base Entry's ID '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -34004,13 +37672,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' description: Successful request returning a Knowledge Base Entry '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -34030,20 +37698,20 @@ paths: $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' description: Successful request returning the updated Knowledge Base Entry '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -34057,7 +37725,7 @@ paths: operationId: PerformPromptsBulkAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -34084,13 +37752,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -34154,7 +37822,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -34176,7 +37844,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -34195,14 +37863,6 @@ paths: get: operationId: get-security-role parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: If `true` and the response contains any privileges that are associated with deprecated features, they are omitted in favor of details about the appropriate replacement feature privileges. in: query name: replaceDeprecatedPrivileges @@ -34229,7 +37889,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -34270,14 +37930,6 @@ paths: delete: operationId: delete-security-role-name parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -34301,14 +37953,6 @@ paths: get: operationId: get-security-role-name parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: The role name. in: path name: name @@ -34333,14 +37977,6 @@ paths: description: Create a new Kibana role or update the attributes of an existing role. Kibana roles are stored in the Elasticsearch native realm. operationId: put-security-role-name parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -34365,7 +38001,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -34548,14 +38184,6 @@ paths: post: operationId: post-security-roles parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -34565,7 +38193,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -34756,14 +38384,6 @@ paths: get: operationId: get-spaces-space parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: Specifies which authorization checks are applied to the API call. The default value is `any`. in: query name: purpose @@ -34798,7 +38418,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getSpacesResponseExample1: $ref: '#/components/examples/get_spaces_response1' @@ -34811,14 +38431,6 @@ paths: post: operationId: post-spaces-space parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -34828,7 +38440,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -34879,14 +38491,6 @@ paths: description: When you delete a space, all saved objects that belong to the space are automatically deleted, which is permanent and cannot be undone. operationId: delete-spaces-space-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -34912,14 +38516,6 @@ paths: get: operationId: get-spaces-space-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: The space identifier. in: path name: id @@ -34930,7 +38526,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getSpaceResponseExample: $ref: '#/components/examples/get_space_response' @@ -34941,14 +38537,6 @@ paths: put: operationId: put-spaces-space-id parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: A required header to protect against CSRF attacks in: header name: kbn-xsrf @@ -34964,7 +38552,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -35014,14 +38602,6 @@ paths: get: operationId: get-status parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - description: Set to "true" to get the response in v7 format. in: query name: v7format @@ -35037,7 +38617,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' @@ -35046,7 +38626,7 @@ paths: description: Overall status is OK and Kibana should be functioning normally. '503': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' @@ -35063,7 +38643,7 @@ paths: operationId: DeleteTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35104,7 +38684,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' description: Indicates that the (template) Timeline was found and returned. @@ -35117,7 +38697,7 @@ paths: operationId: PatchTimeline requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35138,13 +38718,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '405': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35162,7 +38742,7 @@ paths: operationId: CreateTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35193,13 +38773,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates the Timeline was successfully created. '405': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35219,7 +38799,7 @@ paths: operationId: CopyTimeline requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35234,7 +38814,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the timeline has been successfully copied. @@ -35255,13 +38835,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully retrieved. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35272,7 +38852,7 @@ paths: description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline. '409': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35293,7 +38873,7 @@ paths: operationId: CleanDraftTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35306,13 +38886,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35323,7 +38903,7 @@ paths: description: Indicates that the user does not have the required permissions to create a draft Timeline. '409': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35349,7 +38929,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35363,14 +38943,14 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: description: NDJSON of the exported Timelines type: string description: Indicates the Timelines were successfully exported. '400': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: type: object properties: @@ -35389,7 +38969,7 @@ paths: operationId: PersistFavoriteRoute requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35415,13 +38995,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' description: Indicates the favorite status was successfully updated. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35440,7 +39020,7 @@ paths: operationId: ImportTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35457,13 +39037,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the import of Timelines was successful. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35476,7 +39056,7 @@ paths: description: Indicates the import of Timelines was unsuccessful because of an invalid file extension. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35487,7 +39067,7 @@ paths: description: Indicates that we were unable to locate the saved object client necessary to handle the import. '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35508,7 +39088,7 @@ paths: operationId: InstallPrepackedTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35536,13 +39116,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the installation of prepackaged Timelines was successful. '500': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35572,7 +39152,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' description: The (template) Timeline has been found @@ -35637,7 +39217,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -35663,7 +39243,7 @@ paths: description: Indicates that the (template) Timelines were found and returned. '400': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -35735,31 +39315,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_find_slo_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -35776,38 +39356,38 @@ paths: - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_create_slo_request' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_create_slo_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_409_response' description: Conflict - The SLO id already exists @@ -35825,7 +39405,7 @@ paths: - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_delete_slo_instances_request' required: true @@ -35834,19 +39414,19 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response @@ -35868,25 +39448,25 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -35911,31 +39491,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_slo_with_summary_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -35953,38 +39533,38 @@ paths: - $ref: '#/components/parameters/SLOs_slo_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_update_slo_request' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_slo_definition_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -36004,31 +39584,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_slo_definition_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -36050,25 +39630,25 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -36090,25 +39670,25 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -40879,9 +44459,9 @@ components: - assistant type: string Security_AI_Assistant_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace + description: A string that does not contain only whitespace characters + format: nonempty minLength: 1 - pattern: ^(?! *$).+$ type: string Security_AI_Assistant_API_NormalizedAnonymizationFieldError: type: object @@ -43749,9 +47329,9 @@ components: - severity - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateFields' Security_Detections_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace + description: A string that does not contain only whitespace characters + format: nonempty minLength: 1 - pattern: ^(?! *$).+$ type: string Security_Detections_API_NormalizedRuleAction: additionalProperties: false @@ -46588,11 +50168,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' @@ -46613,13 +50196,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' @@ -46638,31 +50224,42 @@ components: - updated_at - updated_by Security_Endpoint_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: @@ -46680,13 +50277,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -46709,6 +50309,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -46716,6 +50317,7 @@ components: id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -46726,10 +50328,15 @@ components: - created_at - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -46871,22 +50478,40 @@ components: - excluded - included type: string + Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: @@ -46894,24 +50519,31 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Endpoint_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Endpoint_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Endpoint_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -46922,6 +50554,7 @@ components: - endpoint_blocklists type: string Security_Endpoint_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: @@ -46938,8 +50571,18 @@ components: Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Value list's identifier. + example: 21b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ListType: + description: | + Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: + + - `keyword`: Many ECS fields are Elasticsearch keywords + - `ip`: IP addresses + - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -46966,9 +50609,9 @@ components: - text type: string Security_Endpoint_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace + description: A string that does not contain only whitespace characters + format: nonempty minLength: 1 - pattern: ^(?! *$).+$ type: string Security_Endpoint_Exceptions_API_PlatformErrorResponse: type: object @@ -47205,22 +50848,7 @@ components: required: - parameters Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_HostPathScriptParameters: type: object properties: @@ -47239,22 +50867,7 @@ components: required: - hostPath Security_Endpoint_Management_API_IsolateRouteRequestBody: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -47335,10 +50948,32 @@ components: required: - hostStatuses Security_Endpoint_Management_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace + description: A string that does not contain only whitespace characters + format: nonempty minLength: 1 - pattern: ^(?! *$).+$ type: string + Security_Endpoint_Management_API_NoParametersRequestSchema: + type: object + properties: + body: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + required: + - body Security_Endpoint_Management_API_Page: default: 1 description: Page number @@ -47491,22 +51126,7 @@ components: minLength: 1 type: array Security_Endpoint_Management_API_UnisolateRouteRequestBody: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -47702,6 +51322,27 @@ components: required: - cleanup_successful - errors + Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse: + type: object + properties: + errors: + items: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + type: array + risk_engine_saved_object_configured: + example: false + type: boolean + required: + - risk_engine_saved_object_configured + - errors Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' @@ -48240,11 +51881,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -48265,13 +51909,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' @@ -48290,31 +51937,42 @@ components: - updated_at - updated_by Security_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: @@ -48332,13 +51990,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -48361,6 +52022,7 @@ components: comment: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -48368,6 +52030,7 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -48378,10 +52041,15 @@ components: - created_at - created_by Security_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array Security_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -48523,22 +52191,40 @@ components: - excluded - included type: string + Security_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array Security_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Exceptions_API_ExceptionListItemType: enum: @@ -48546,16 +52232,21 @@ components: type: string Security_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array @@ -48585,10 +52276,12 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -48599,6 +52292,7 @@ components: - endpoint_blocklists type: string Security_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: @@ -48615,10 +52309,21 @@ components: Security_Exceptions_API_FindExceptionListItemsFilter: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_FindExceptionListsFilter: + example: exception-list.attributes.name:%Detection%20List type: string Security_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Value list's identifier. + example: 21b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ListType: + description: | + Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: + + - `keyword`: Many ECS fields are Elasticsearch keywords + - `ip`: IP addresses + - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -48645,9 +52350,9 @@ components: - text type: string Security_Exceptions_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace + description: A string that does not contain only whitespace characters + format: nonempty minLength: 1 - pattern: ^(?! *$).+$ type: string Security_Exceptions_API_PlatformErrorResponse: type: object @@ -48692,30 +52397,44 @@ components: format: uuid type: string Security_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Returns the items that come after the last item returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all items are sorted and returned correctly. + example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d + format: nonempty + minLength: 1 + type: string Security_Lists_API_FindListItemsFilter: + example: value:127.0.0.1 type: string Security_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d + format: nonempty + minLength: 1 + type: string Security_Lists_API_FindListsFilter: + example: value:127.0.0.1 type: string Security_Lists_API_List: type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' '@timestamp': + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_at: + description: Autogenerated date of object creation. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_by: + description: Autogenerated value - user that created object. + example: elastic type: string description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' id: $ref: '#/components/schemas/Security_Lists_API_ListId' immutable: @@ -48725,19 +52444,24 @@ components: name: $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. + example: f5508188-b1e9-4e6e-9662-d039a7d89899 type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: + description: Autogenerated date of last object update. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. + example: elastic type: string version: - minimum: 1 - type: integer + $ref: '#/components/schemas/Security_Lists_API_ListVersion' required: - id - type @@ -48751,24 +52475,45 @@ components: - updated_at - updated_by Security_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Describes the value list. + format: nonempty + minLength: 1 + type: string + Security_Lists_API_ListDeserializer: + description: | + Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions: + + - `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`. + - `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + - `{{{gte}}},{{{lte}}}` - Date range values. + example: '{{value}}' + type: string Security_Lists_API_ListId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Value list's identifier. + example: 21b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListItem: type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' '@timestamp': + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_at: + description: Autogenerated date of object creation. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_by: + description: Autogenerated value - user that created object. + example: elastic type: string deserializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: @@ -48776,15 +52521,21 @@ components: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' serializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. + example: f5508188-b1e9-4e6e-9662-d039a7d89899 type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: + description: Autogenerated date of last object update. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. + example: elastic type: string value: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' @@ -48799,9 +52550,14 @@ components: - updated_at - updated_by Security_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Value list item's identifier. + example: 54b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListItemMetadata: additionalProperties: true + description: Placeholder for metadata about the value list item. type: object Security_Lists_API_ListItemPrivileges: type: object @@ -48831,12 +52587,20 @@ components: - index - application Security_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: The value used to evaluate exceptions. + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListMetadata: additionalProperties: true + description: Placeholder for metadata about the value list. type: object Security_Lists_API_ListName: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Value list's name. + example: List of bad IPs + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListPrivileges: type: object properties: @@ -48864,7 +52628,21 @@ components: - cluster - index - application + Security_Lists_API_ListSerializer: + description: | + Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups: + + - `(?.+)` - Single value item types, such as ip, long, date, keyword, and text. + - `(?.+)-(?.+)|(?.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + example: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) + type: string Security_Lists_API_ListType: + description: | + Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: + + - `keyword`: Many ECS fields are Elasticsearch keywords + - `ip`: IP addresses + - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -48890,10 +52668,15 @@ components: - short - text type: string - Security_Lists_API_NonEmptyString: - description: A string that is not empty and does not contain only whitespace - minLength: 1 - pattern: ^(?! *$).+$ + Security_Lists_API_ListVersion: + description: The document version number. + example: 1 + minimum: 1 + type: integer + Security_Lists_API_ListVersionId: + description: | + The version id, normally returned by the API when the document is retrieved. Use it ensure updates are done against the latest version. + example: WzIsMV0= type: string Security_Lists_API_PlatformErrorResponse: type: object @@ -52135,7 +55918,7 @@ components: items: type: string description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format message: type: string description: The email message text. Markdown format is supported. diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index af4132c24e93f..e355846c365c6 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -30,8 +30,10 @@ info: ## Documentation source and versions - This documentation is derived from the `8.x` branch of the [kibana](https://github.com/elastic/kibana) repository. + This documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository. It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/). + + This documentation contains work-in-progress information for future Elastic Stack releases. title: Kibana APIs version: 1.0.2 x-doc-license: @@ -51,10 +53,10 @@ security: tags: - name: alerting description: | - Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations. + Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations. externalDocs: description: Alerting documentation - url: https://www.elastic.co/guide/en/kibana/8.x/alerting-getting-started.html + url: https://www.elastic.co/guide/en/kibana/master/alerting-getting-started.html x-displayName: Alerting - description: | Adjust APM agent configuration without need to redeploy your application. @@ -74,19 +76,35 @@ tags: name: cases externalDocs: description: Cases documentation - url: https://www.elastic.co/guide/en/kibana/8.x/cases.html + url: https://www.elastic.co/guide/en/kibana/master/cases.html x-displayName: Cases - name: connectors description: | Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met. externalDocs: description: Connector documentation - url: https://www.elastic.co/guide/en/kibana/8.x/action-types.html + url: https://www.elastic.co/guide/en/kibana/current/action-types.html x-displayName: Connectors - name: Dashboards + - name: Data streams - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns. name: data views x-displayName: Data views + - name: Elastic Agent actions + - name: Elastic Agent binary download sources + - name: Elastic Agent policies + - name: Elastic Agent status + - name: Elastic Agents + - name: Elastic Package Manager (EPM) + - name: Fleet enrollment API keys + - name: Fleet internals + - name: Fleet outputs + - name: Fleet package policies + - name: Fleet proxies + - name: Fleet Server hosts + - name: Fleet service tokens + - name: Fleet uninstall tokens + - name: Message Signing Service - description: Machine learning name: ml x-displayName: Machine learning @@ -95,7 +113,7 @@ tags: description: Manage the roles that grant Elasticsearch and Kibana privileges. externalDocs: description: Kibana role management - url: https://www.elastic.co/guide/en/kibana/8.x/kibana-role-management.html + url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html - description: | Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs. @@ -205,331 +223,13 @@ tags: x-displayName: Spaces description: Manage your Kibana spaces. externalDocs: - url: https://www.elastic.co/guide/en/kibana/8.x/xpack-spaces.html + url: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html description: Space overview - name: system x-displayName: System description: | Get information about the system status, resource usage, and installed plugins. paths: - /api/actions: - get: - deprecated: true - operationId: get-actions - parameters: [] - responses: {} - summary: Get all connectors - tags: - - connectors - /api/actions/action: - post: - deprecated: true - operationId: post-actions-action - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - actionTypeId: - description: The connector type identifier. - type: string - config: - additionalProperties: {} - default: {} - type: object - name: - description: The display name for the connector. - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - - actionTypeId - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Create a connector - tags: - - connectors - /api/actions/action/{id}: - delete: - deprecated: true - description: 'WARNING: When you delete a connector, it cannot be recovered.' - operationId: delete-actions-action-id - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '204': - description: Indicates a successful call. - summary: Delete a connector - tags: - - connectors - get: - deprecated: true - operationId: get-actions-action-id - parameters: - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Get connector information - tags: - - connectors - put: - deprecated: true - operationId: put-actions-action-id - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - default: {} - type: object - name: - type: string - secrets: - additionalProperties: {} - default: {} - type: object - required: - - name - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Update a connector - tags: - - connectors - /api/actions/action/{id}/_execute: - post: - deprecated: true - operationId: post-actions-action-id-execute - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - description: An identifier for the connector. - in: path - name: id - required: true - schema: - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - params: - additionalProperties: {} - type: object - required: - - params - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - config: - additionalProperties: {} - type: object - connector_type_id: - description: The connector type identifier. - type: string - id: - description: The identifier for the connector. - type: string - is_deprecated: - description: Indicates whether the connector is deprecated. - type: boolean - is_missing_secrets: - description: Indicates whether the connector is missing secrets. - type: boolean - is_preconfigured: - description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' - type: boolean - is_system_action: - description: Indicates whether the connector is used for system actions. - type: boolean - name: - description: ' The name of the rule.' - type: string - required: - - id - - name - - connector_type_id - - is_preconfigured - - is_deprecated - - is_system_action - description: Indicates a successful call. - summary: Run a connector - tags: - - connectors /api/actions/connector_types: get: description: You do not need any Kibana feature privileges to run this API. @@ -545,7 +245,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorTypesServerlessResponse: $ref: '#/components/examples/get_connector_types_generativeai_response' @@ -588,7 +288,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -649,7 +349,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -728,7 +428,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -795,7 +495,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -864,7 +564,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -924,7 +624,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -968,7 +668,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -1029,22 +729,13 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorsResponse: $ref: '#/components/examples/get_connectors_response' summary: Get all connectors tags: - connectors - /api/actions/list_action_types: - get: - deprecated: true - operationId: get-actions-list-action-types - parameters: [] - responses: {} - summary: Get connector types - tags: - - connectors /api/alerting/_health: get: description: | @@ -1053,7 +744,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getAlertingHealthResponse: $ref: '#/components/examples/Alerting_get_health_response' @@ -1121,7 +812,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Alerting_401_response' description: Authorization information is missing or invalid. @@ -1136,7 +827,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getRuleTypesResponse: $ref: '#/components/examples/Alerting_get_rule_types_response' @@ -1380,7 +1071,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Alerting_401_response' description: Authorization information is missing or invalid. @@ -1428,7 +1119,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -2100,7 +1791,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -2346,7 +2037,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -3029,7 +2720,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -3239,7 +2930,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -3917,7 +3608,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false nullable: true @@ -4229,7 +3920,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -4886,1391 +4577,720 @@ paths: summary: Get information about rules tags: - alerting - /api/alerts/alert/{alertId}: - delete: - deprecated: true - description: | - Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it. - operationId: legaryDeleteAlert + /api/apm/agent_keys: + post: + description: Create a new agent key for APM. + operationId: createAgentKey parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_agent_keys_object' + required: true responses: - '204': - description: Indicates a successful call. - '401': + '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Delete an alert - tags: - - alerting - get: - deprecated: true - description: Deprecated in 7.13.0. Use the get rule API instead. - operationId: legacyGetAlert - parameters: - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - responses: - '200': + $ref: '#/components/schemas/APM_UI_agent_keys_response' + description: Agent key created successfully + '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' - description: Indicates a successful call. + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get an alert by identifier + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + summary: Create an APM agent key tags: - - alerting + - APM agent keys + /api/apm/fleet/apm_server_schema: post: - deprecated: true - description: Deprecated in 7.13.0. Use the create rule API instead. - operationId: legacyCreateAlert + operationId: saveApmServerSchema parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - title: Legacy create alert request properties type: object properties: - actions: - items: - type: object - properties: - actionTypeId: - description: The identifier for the action type. - type: string - group: - description: | - Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`. - type: string - id: - description: The ID of the action saved object. - type: string - params: - description: | - The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context. - type: object - required: - - actionTypeId - - group - - id - - params - type: array - alertTypeId: - description: The ID of the alert type that you want to call when the alert is scheduled to run. - type: string - consumer: - description: The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges. - type: string - enabled: - description: Indicates if you want to run the alert on an interval basis after it is created. - type: boolean - name: - description: A name to reference and search. - type: string - notifyWhen: - description: The condition for throttling the notification. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - params: - description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined. - type: object - schedule: - description: | - The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule. + schema: + additionalProperties: true + description: Schema object + example: + foo: bar type: object - properties: - interval: - description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run. - example: 10s - type: string - tags: - description: A list of keywords to reference and search. - items: - type: string - type: array - throttle: - description: | - How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period. - type: string - required: - - alertTypeId - - consumer - - name - - notifyWhen - - params - - schedule required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' - description: Indicates a successful call. + additionalProperties: false + type: object + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Create an alert + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Save APM server schema tags: - - alerting - put: - deprecated: true - description: Deprecated in 7.13.0. Use the update rule API instead. - operationId: legacyUpdateAlert + - APM server schema + /api/apm/services/{serviceName}/annotation: + post: + description: Create a new annotation for a specific service. + operationId: createAnnotation parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + - description: The name of the service in: path - name: alertId + name: serviceName required: true schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - title: Legacy update alert request properties - type: object - properties: - actions: - items: - type: object - properties: - actionTypeId: - description: The identifier for the action type. - type: string - group: - description: | - Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`. - type: string - id: - description: The ID of the action saved object. - type: string - params: - description: | - The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context. - type: object - required: - - actionTypeId - - group - - id - - params - type: array - name: - description: A name to reference and search. - type: string - notifyWhen: - description: The condition for throttling the notification. - enum: - - onActionGroupChange - - onActiveAlert - - onThrottleInterval - type: string - params: - description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined. - type: object - schedule: - description: | - The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule. - type: object - properties: - interval: - description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run. - example: 1d - type: string - tags: - description: A list of keywords to reference and search. - items: - type: string - type: array - throttle: - description: | - How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period. - type: string - required: - - name - - notifyWhen - - params - - schedule + $ref: '#/components/schemas/APM_UI_create_annotation_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_alert_response_properties' - description: Indicates a successful call. + $ref: '#/components/schemas/APM_UI_create_annotation_response' + description: Annotation created successfully + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Update an alert + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Create a service annotation tags: - - alerting - /api/alerts/alert/{alertId}/_disable: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the disable rule API instead. - operationId: legacyDisableAlert + - APM annotations + /api/apm/services/{serviceName}/annotation/search: + get: + description: Search for annotations related to a specific service. + operationId: getAnnotation parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: The name of the service in: path - name: alertId + name: serviceName required: true schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string + - description: The environment to filter annotations by + in: query + name: environment + required: false + schema: + type: string + - description: The start date for the search + in: query + name: start + required: false + schema: + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: type: string responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_annotation_search_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Disable an alert + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + summary: Search for annotations tags: - - alerting - /api/alerts/alert/{alertId}/_enable: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the enable rule API instead. - operationId: legacyEnableAlert + - APM annotations + /api/apm/settings/agent-configuration: + delete: + operationId: deleteAgentConfiguration parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_service_object' + required: true responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Enable an alert + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Delete agent configuration tags: - - alerting - /api/alerts/alert/{alertId}/_mute_all: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the mute all alerts API instead. - operationId: legacyMuteAllAlertInstances + - APM agent configuration + get: + operationId: getAgentConfigurations parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + - $ref: '#/components/parameters/APM_UI_elastic_api_version' responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_agent_configurations_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Mute all alert instances + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get a list of agent configurations tags: - - alerting - /api/alerts/alert/{alertId}/_unmute_all: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the unmute all alerts API instead. - operationId: legacyUnmuteAllAlertInstances + - APM agent configuration + put: + operationId: createUpdateAgentConfiguration parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: The identifier for the alert. - in: path - name: alertId - required: true + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + - description: If the config exists ?overwrite=true is required + in: query + name: overwrite schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string + type: boolean + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_agent_configuration_intake_object' + required: true responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Unmute all alert instances + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Create or update agent configuration tags: - - alerting - /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the mute alert API instead. - operationId: legacyMuteAlertInstance + - APM agent configuration + /api/apm/settings/agent-configuration/agent_name: + get: + description: Retrieve `agentName` for a service. + operationId: getAgentNameForService parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - - description: An identifier for the alert instance. - in: path - name: alertInstanceId + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: The name of the service + example: node + in: query + name: serviceName required: true schema: - example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 type: string responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_service_agent_name_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Mute an alert instance + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get agent name for service tags: - - alerting - /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute: - post: - deprecated: true - description: Deprecated in 7.13.0. Use the unmute alert API instead. - operationId: legacyUnmuteAlertInstance + - APM agent configuration + /api/apm/settings/agent-configuration/environments: + get: + operationId: getEnvironmentsForService parameters: - - $ref: '#/components/parameters/Alerting_kbn_xsrf' - - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 41893910-6bca-11eb-9e0d-85d233e3ee35 - type: string - - description: An identifier for the alert instance. - in: path - name: alertInstanceId - required: true + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: The name of the service + in: query + name: serviceName schema: - example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 type: string responses: - '204': - description: Indicates a successful call. + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_service_environments_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Unmute an alert instance + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get environments for service tags: - - alerting - /api/alerts/alerts/_find: - get: - deprecated: true + - APM agent configuration + /api/apm/settings/agent-configuration/search: + post: description: | - Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert `params` are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data. - operationId: legacyFindAlerts - parameters: - - description: The default operator to use for the `simple_query_string`. - example: OR - in: query - name: default_search_operator - schema: - default: OR - type: string - - description: The fields to return in the `attributes` key of the response. - in: query - name: fields - schema: - items: - type: string - type: array - - description: | - A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`. - in: query - name: filter - schema: - type: string - - description: Filters the rules that have a relation with the reference objects with a specific type and identifier. - in: query - name: has_reference - schema: - type: object - properties: - id: - type: string - type: - type: string - - description: The page number to return. - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: The number of alerts to return per page. - example: 20 - in: query - name: per_page - schema: - default: 20 - type: integer - - description: An Elasticsearch `simple_query_string` query that filters the alerts in the response. - in: query - name: search - schema: - type: string - - description: The fields to perform the `simple_query_string` parsed query against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - items: - type: string - type: array - - description: | - Determines which field is used to sort the results. The field must exist in the `attributes` key of the response. - in: query - name: sort_field - schema: - type: string - - description: Determines the sort order. - example: asc - in: query - name: sort_order - schema: - default: desc - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Alerting_alert_response_properties' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get a paginated set of alerts - tags: - - alerting - /api/alerts/alerts/_health: - get: - deprecated: true - description: Deprecated in 7.13.0. Use the get alerting framework health API instead. - operationId: legacyGetAlertingHealth - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - alertingFrameworkHealth: - description: | - Three substates identify the health of the alerting framework: `decryptionHealth`, `executionHealth`, and `readHealth`. - type: object - properties: - decryptionHealth: - description: The timestamp and status of the alert decryption. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - executionHealth: - description: The timestamp and status of the alert execution. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - readHealth: - description: The timestamp and status of the alert reading events. - type: object - properties: - status: - enum: - - error - - ok - - warn - example: ok - type: string - timestamp: - example: '2023-01-13T01:28:00.280Z' - format: date-time - type: string - hasPermanentEncryptionKey: - description: If `false`, the encrypted saved object plugin does not have a permanent encryption key. - example: true - type: boolean - isSufficientlySecure: - description: If `false`, security is enabled but TLS is not. - example: true - type: boolean - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the alerting framework health - tags: - - alerting - /api/alerts/alerts/list_alert_types: - get: - deprecated: true - description: Deprecated in 7.13.0. Use the get rule types API instead. - operationId: legacyGetAlertTypes - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - properties: - actionGroups: - description: | - An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid. - items: - type: object - properties: - id: - type: string - name: - type: string - type: array - actionVariables: - description: | - A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors. - type: object - properties: - context: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - params: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - state: - items: - type: object - properties: - description: - type: string - name: - type: string - type: array - authorizedConsumers: - description: The list of the plugins IDs that have access to the alert type. - type: object - defaultActionGroupId: - description: The default identifier for the alert type group. - type: string - enabledInLicense: - description: Indicates whether the rule type is enabled based on the subscription. - type: boolean - id: - description: The unique identifier for the alert type. - type: string - isExportable: - description: Indicates whether the alert type is exportable in Saved Objects Management UI. - type: boolean - minimumLicenseRequired: - description: The subscriptions required to use the alert type. - type: string - name: - description: The descriptive name of the alert type. - type: string - producer: - description: An identifier for the application that produces this alert type. - type: string - recoveryActionGroup: - description: | - An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used. - type: object - properties: - id: - type: string - name: - type: string - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Alerting_401_response' - description: Authorization information is missing or invalid. - summary: Get the alert types - tags: - - alerting - /api/apm/agent_keys: - post: - description: Create a new agent key for APM. - operationId: createAgentKey - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_agent_keys_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_agent_keys_response' - description: Agent key created successfully - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - summary: Create an APM agent key - tags: - - APM agent keys - /api/apm/fleet/apm_server_schema: - post: - operationId: saveApmServerSchema + This endpoint allows to search for single agent configuration and update 'applied_by_agent' field. + operationId: searchSingleConfiguration parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - type: object - properties: - schema: - additionalProperties: true - description: Schema object - example: - foo: bar - type: object + $ref: '#/components/schemas/APM_UI_search_agent_configuration_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - additionalProperties: false - type: object + $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response - summary: Save APM server schema + summary: Lookup single agent configuration tags: - - APM server schema - /api/apm/services/{serviceName}/annotation: - post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + - APM agent configuration + /api/apm/settings/agent-configuration/view: + get: + operationId: getSingleAgentConfiguration parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - - description: The name of the service - in: path - name: serviceName - required: true + - description: Service name + example: node + in: query + name: name + schema: + type: string + - description: Service environment + example: prod + in: query + name: environment schema: type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_create_annotation_object' - required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_create_annotation_response' - description: Annotation created successfully + $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' + description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response - summary: Create a service annotation + summary: Get single agent configuration tags: - - APM annotations - /api/apm/services/{serviceName}/annotation/search: + - APM agent configuration + /api/apm/sourcemaps: get: - description: Search for annotations related to a specific service. - operationId: getAnnotation + description: Returns an array of Fleet artifacts, including source map uploads. + operationId: getSourceMaps parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: The name of the service - in: path - name: serviceName - required: true - schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search + - description: Page number in: query - name: start - required: false + name: page schema: - type: string - - description: The end date for the search + type: number + - description: Number of records per page in: query - name: end - required: false + name: perPage schema: - type: string + type: number responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_annotation_search_response' + $ref: '#/components/schemas/APM_UI_source_maps_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response - summary: Search for annotations + '501': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_501_response' + description: Not Implemented response + summary: Get source maps tags: - - APM annotations - /api/apm/settings/agent-configuration: - delete: - operationId: deleteAgentConfiguration + - APM sourcemaps + post: + description: Upload a source map for a specific service and version. + operationId: uploadSourceMap parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: - $ref: '#/components/schemas/APM_UI_service_object' + $ref: '#/components/schemas/APM_UI_upload_source_map_object' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' + $ref: '#/components/schemas/APM_UI_upload_source_maps_response' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Delete agent configuration - tags: - - APM agent configuration - get: - operationId: getAgentConfigurations - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_agent_configurations_response' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': + '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + '501': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get a list of agent configurations + $ref: '#/components/schemas/APM_UI_501_response' + description: Not Implemented response + summary: Upload source map tags: - - APM agent configuration - put: - operationId: createUpdateAgentConfiguration + - APM sourcemaps + /api/apm/sourcemaps/{id}: + delete: + description: Delete a previously uploaded source map. + operationId: deleteSourceMap parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - - description: If the config exists ?overwrite=true is required - in: query - name: overwrite + - description: Source map identifier + in: path + name: id + required: true schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_agent_configuration_intake_object' - required: true + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_400_response' description: Bad Request response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response - '404': + '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Create or update agent configuration + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + '501': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_501_response' + description: Not Implemented response + summary: Delete source map tags: - - APM agent configuration - /api/apm/settings/agent-configuration/agent_name: - get: - description: Retrieve `agentName` for a service. - operationId: getAgentNameForService + - APM sourcemaps + /api/asset_criticality: + delete: + description: Delete the asset criticality record for a specific entity. + operationId: DeleteAssetCriticalityRecord parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: The name of the service - example: node + - description: The ID value of the asset. + example: my_host in: query - name: serviceName + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field required: true schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + - description: If 'wait_for' the request will wait for the index refresh. + in: query + name: refresh + required: false + schema: + enum: + - wait_for type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/APM_UI_service_agent_name_response' + type: object + properties: + deleted: + description: True if the record was deleted or false if the record did not exist. + type: boolean + record: + $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' + description: The deleted record if it existed. + required: + - deleted description: Successful response '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get agent name for service + description: Invalid request + summary: Delete an asset criticality record tags: - - APM agent configuration - /api/apm/settings/agent-configuration/environments: + - Security Entity Analytics API get: - operationId: getEnvironmentsForService - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: The name of the service - in: query - name: serviceName - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_service_environments_response' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get environments for service - tags: - - APM agent configuration - /api/apm/settings/agent-configuration/search: - post: - description: | - This endpoint allows to search for single agent configuration and update 'applied_by_agent' field. - operationId: searchSingleConfiguration - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_search_agent_configuration_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Lookup single agent configuration - tags: - - APM agent configuration - /api/apm/settings/agent-configuration/view: - get: - operationId: getSingleAgentConfiguration - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: Service name - example: node - in: query - name: name - schema: - type: string - - description: Service environment - example: prod - in: query - name: environment - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get single agent configuration - tags: - - APM agent configuration - /api/apm/sourcemaps: - get: - description: Returns an array of Fleet artifacts, including source map uploads. - operationId: getSourceMaps - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: Page number - in: query - name: page - schema: - type: number - - description: Number of records per page - in: query - name: perPage - schema: - type: number - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_source_maps_response' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - '501': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_501_response' - description: Not Implemented response - summary: Get source maps - tags: - - APM sourcemaps - post: - description: Upload a source map for a specific service and version. - operationId: uploadSourceMap - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_upload_source_map_object' - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_upload_source_maps_response' - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - '501': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_501_response' - description: Not Implemented response - summary: Upload source map - tags: - - APM sourcemaps - /api/apm/sourcemaps/{id}: - delete: - description: Delete a previously uploaded source map. - operationId: deleteSourceMap - parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - - description: Source map identifier - in: path - name: id - required: true - schema: - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - '501': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/APM_UI_501_response' - description: Not Implemented response - summary: Delete source map - tags: - - APM sourcemaps - /api/asset_criticality: - delete: - description: Delete the asset criticality record for a specific entity. - operationId: DeleteAssetCriticalityRecord + description: Get the asset criticality record for a specific entity. + operationId: GetAssetCriticalityRecord parameters: - description: The ID value of the asset. example: my_host @@ -6286,57 +5306,10 @@ paths: required: true schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - - description: If 'wait_for' the request will wait for the index refresh. - in: query - name: refresh - required: false - schema: - enum: - - wait_for - type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - deleted: - description: True if the record was deleted or false if the record did not exist. - type: boolean - record: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' - description: The deleted record if it existed. - required: - - deleted - description: Successful response - '400': - description: Invalid request - summary: Delete an asset criticality record - tags: - - Security Entity Analytics API - get: - description: Get the asset criticality record for a specific entity. - operationId: GetAssetCriticalityRecord - parameters: - - description: The ID value of the asset. - example: my_host - in: query - name: id_value - required: true - schema: - type: string - - description: The field representing the ID. - example: host.name - in: query - name: id_field - required: true - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response @@ -6355,7 +5328,7 @@ paths: operationId: CreateAssetCriticalityRecord requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord' @@ -6374,7 +5347,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord' description: Successful response @@ -6392,7 +5365,7 @@ paths: operationId: BulkUpsertAssetCriticalityRecords requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: records: @@ -6415,7 +5388,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: errors: @@ -6491,7 +5464,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: page: 1 @@ -6556,7 +5529,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6571,7 +5544,7 @@ paths: - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateCaseRequest: $ref: '#/components/examples/Cases_update_case_request' @@ -6580,7 +5553,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateCaseResponse: $ref: '#/components/examples/Cases_update_case_response' @@ -6591,7 +5564,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6606,7 +5579,7 @@ paths: - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createCaseRequest: $ref: '#/components/examples/Cases_create_case_request' @@ -6616,7 +5589,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createCaseResponse: $ref: '#/components/examples/Cases_create_case_response' @@ -6625,7 +5598,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6657,7 +5630,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: findCaseResponse: $ref: '#/components/examples/Cases_find_case_response' @@ -6684,7 +5657,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6698,11 +5671,10 @@ paths: operationId: getCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' - - $ref: '#/components/parameters/Cases_includeComments' responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getDefaultCaseResponse: $ref: '#/components/examples/Cases_get_case_response' @@ -6713,7 +5685,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6730,7 +5702,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getCaseAlertsResponse: $ref: '#/components/examples/Cases_get_case_alerts_response' @@ -6741,7 +5713,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6762,36 +5734,13 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. summary: Delete all case comments and alerts tags: - cases - get: - deprecated: true - description: | - Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. - operationId: getAllCaseCommentsDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_case_response_properties' - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get all case comments - tags: - - cases patch: description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. @@ -6801,7 +5750,7 @@ paths: - $ref: '#/components/parameters/Cases_case_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateCaseCommentRequest: $ref: '#/components/examples/Cases_update_comment_request' @@ -6811,7 +5760,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateCaseCommentResponse: $ref: '#/components/examples/Cases_update_comment_response' @@ -6820,7 +5769,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6836,7 +5785,7 @@ paths: - $ref: '#/components/parameters/Cases_case_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createCaseCommentRequest: $ref: '#/components/examples/Cases_add_comment_request' @@ -6846,7 +5795,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createCaseCommentResponse: $ref: '#/components/examples/Cases_add_comment_response' @@ -6855,7 +5804,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6875,13 +5824,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_case_response_properties' description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6902,7 +5851,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6919,7 +5868,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getCaseCommentResponse: $ref: '#/components/examples/Cases_get_comment_response' @@ -6930,7 +5879,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6948,14 +5897,14 @@ paths: - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: nullable: true type: object responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: pushCaseResponse: $ref: '#/components/examples/Cases_push_case_response' @@ -6964,7 +5913,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -6983,14 +5932,14 @@ paths: - $ref: '#/components/parameters/Cases_case_id' requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: $ref: '#/components/schemas/Cases_add_case_file_request' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: addCaseFileResponse: $ref: '#/components/examples/Cases_add_comment_response' @@ -6999,39 +5948,13 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. summary: Attach a file to a case tags: - cases - /api/cases/{caseId}/user_actions: - get: - deprecated: true - description: | - Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. - operationId: getCaseActivityDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_case_id' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - $ref: '#/components/schemas/Cases_user_actions_response_properties' - type: array - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case activity - tags: - - cases /api/cases/{caseId}/user_actions/_find: get: description: | @@ -7046,7 +5969,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: findCaseActivityResponse: $ref: '#/components/examples/Cases_find_case_activity_response' @@ -7067,7 +5990,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7085,7 +6008,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: example: - id: 06116b80-e1c3-11ec-be9b-9b1838238ee6 @@ -7104,7 +6027,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7122,7 +6045,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConfigurationResponse: $ref: '#/components/examples/Cases_get_case_configuration_response' @@ -7268,7 +6191,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7283,7 +6206,7 @@ paths: - $ref: '#/components/parameters/Cases_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: setCaseConfigRequest: $ref: '#/components/examples/Cases_set_case_configuration_request' @@ -7292,7 +6215,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: setCaseConfigResponse: $ref: '#/components/examples/Cases_set_case_configuration_response' @@ -7436,7 +6359,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7453,7 +6376,7 @@ paths: - $ref: '#/components/parameters/Cases_configuration_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateCaseConfigurationRequest: $ref: '#/components/examples/Cases_update_case_configuration_request' @@ -7462,7 +6385,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateCaseConfigurationResponse: $ref: '#/components/examples/Cases_update_case_configuration_response' @@ -7606,7 +6529,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7621,7 +6544,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: findConnectorResponse: $ref: '#/components/examples/Cases_find_connector_response' @@ -7656,7 +6579,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7673,7 +6596,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getReportersResponse: $ref: '#/components/examples/Cases_get_reporters_response' @@ -7705,44 +6628,13 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. summary: Get case creators tags: - cases - /api/cases/status: - get: - deprecated: true - description: | - Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. - operationId: getCaseStatusDefaultSpace - parameters: - - $ref: '#/components/parameters/Cases_owner_filter' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - count_closed_cases: - type: integer - count_in_progress_cases: - type: integer - count_open_cases: - type: integer - description: Indicates a successful call. - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Cases_4xx_response' - description: Authorization information is missing or invalid. - summary: Get case status summary - tags: - - cases /api/cases/tags: get: description: | @@ -7753,7 +6645,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getTagsResponse: $ref: '#/components/examples/Cases_get_tags_response' @@ -7765,7 +6657,7 @@ paths: description: Indicates a successful call. '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Cases_4xx_response' description: Authorization information is missing or invalid. @@ -7796,7 +6688,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -7930,7 +6822,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -8399,7 +7291,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -8783,7 +7675,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9232,7 +8124,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -9612,7 +8504,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -10048,7 +8940,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getAllDataViewsResponse: $ref: '#/components/examples/Data_views_get_data_views_response' @@ -10075,7 +8967,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10089,7 +8981,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createDataViewRequest: $ref: '#/components/examples/Data_views_create_data_view_request' @@ -10099,13 +8991,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_data_view_response_object' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10125,7 +9017,7 @@ paths: description: Indicates a successful call. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_404_response' description: Object is not found. @@ -10139,7 +9031,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getDataViewResponse: $ref: '#/components/examples/Data_views_get_data_view_response' @@ -10148,7 +9040,7 @@ paths: description: Indicates a successful call. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_404_response' description: Object is not found. @@ -10162,7 +9054,7 @@ paths: - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateDataViewRequest: $ref: '#/components/examples/Data_views_update_data_view_request' @@ -10172,13 +9064,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_data_view_response_object' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10195,7 +9087,7 @@ paths: - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateFieldsMetadataRequest: $ref: '#/components/examples/Data_views_update_field_metadata_request' @@ -10211,7 +9103,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10220,7 +9112,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10235,7 +9127,7 @@ paths: - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createRuntimeFieldRequest: $ref: '#/components/examples/Data_views_create_runtime_field_request' @@ -10257,7 +9149,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. @@ -10277,7 +9169,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateRuntimeFieldRequest: $ref: '#/components/examples/Data_views_create_runtime_field_request' @@ -10299,7 +9191,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10312,7 +9204,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10330,7 +9222,7 @@ paths: description: Indicates a successful call. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_404_response' description: Object is not found. @@ -10345,7 +9237,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getRuntimeFieldResponse: $ref: '#/components/examples/Data_views_get_runtime_field_response' @@ -10361,7 +9253,7 @@ paths: description: Indicates a successful call. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_404_response' description: Object is not found. @@ -10375,7 +9267,7 @@ paths: - $ref: '#/components/parameters/Data_views_view_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateRuntimeFieldRequest: $ref: '#/components/examples/Data_views_update_runtime_field_request' @@ -10399,7 +9291,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10412,7 +9304,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getDefaultDataViewResponse: $ref: '#/components/examples/Data_views_get_default_data_view_response' @@ -10424,7 +9316,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10437,7 +9329,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: setDefaultDataViewRequest: $ref: '#/components/examples/Data_views_set_default_data_view_request' @@ -10459,7 +9351,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10468,7 +9360,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Data_views_400_response' description: Bad request @@ -10484,7 +9376,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: swapDataViewRequest: $ref: '#/components/examples/Data_views_swap_data_view_request' @@ -10494,7 +9386,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10529,7 +9421,7 @@ paths: - $ref: '#/components/parameters/Data_views_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: previewSwapDataViewRequest: $ref: '#/components/examples/Data_views_preview_swap_data_view_request' @@ -10539,7 +9431,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10564,7 +9456,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10575,25 +9467,25 @@ paths: description: Successful response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not enough permissions response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: string description: Index does not exist response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -10605,7 +9497,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10620,25 +9512,25 @@ paths: description: Successful response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not enough permissions response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -10650,7 +9542,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10661,25 +9553,25 @@ paths: description: Successful response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not enough permissions response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -10697,7 +9589,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -10711,13 +9603,13 @@ paths: description: Successful response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -10744,7 +9636,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -10770,7 +9662,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -10782,14 +9674,14 @@ paths: operationId: PatchRule requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -10801,14 +9693,14 @@ paths: operationId: CreateRule requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -10823,14 +9715,14 @@ paths: operationId: UpdateRule requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleResponse' description: Indicates a successful call. @@ -10850,7 +9742,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' @@ -10863,7 +9755,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_BulkEditActionResponse' @@ -10879,7 +9771,7 @@ paths: operationId: BulkCreateRules requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' @@ -10889,7 +9781,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. @@ -10903,7 +9795,7 @@ paths: operationId: BulkDeleteRules requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -10918,13 +9810,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -10932,13 +9824,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -10951,7 +9843,7 @@ paths: operationId: BulkDeleteRulesPost requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -10966,13 +9858,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -10980,13 +9872,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11000,7 +9892,7 @@ paths: operationId: BulkPatchRules requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' @@ -11010,7 +9902,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. @@ -11026,7 +9918,7 @@ paths: operationId: BulkUpdateRules requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' @@ -11036,7 +9928,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_BulkCrudRulesResponse' description: Indicates a successful call. @@ -11069,7 +9961,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: nullable: true type: object @@ -11090,7 +9982,7 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: description: An `.ndjson` file containing the returned rules. format: binary @@ -11160,7 +10052,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11221,7 +10113,7 @@ paths: type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: type: object properties: @@ -11233,7 +10125,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -11294,6 +10186,9 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier + examples: + id: + value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -11301,8 +10196,30 @@ paths: $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + items: + - description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: items: @@ -11311,12 +10228,43 @@ paths: type: array required: - items - description: Rule exception list items + description: Rule exception items. required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ruleExceptionItems: + value: + - _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -11324,7 +10272,18 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badPayload: + value: + error: Bad Request + message: Invalid request payload JSON format + statusCode: 400 + badRequest: + value: + error: Bad Request + message: '[request params]: id: Invalid uuid' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -11332,23 +10291,39 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create rule exception list items + summary: Create rule exception items tags: - Security Exceptions API /api/detection_engine/rules/prepackaged: @@ -11358,7 +10333,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -11395,7 +10370,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -11452,7 +10427,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - allOf: @@ -11486,7 +10461,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11503,7 +10478,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11511,13 +10486,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11533,7 +10508,7 @@ paths: operationId: SetAlertAssignees requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11565,7 +10540,7 @@ paths: operationId: FinalizeAlertsMigration requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11581,7 +10556,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Detections_API_MigrationFinalizationResult' @@ -11589,7 +10564,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11597,13 +10572,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11624,7 +10599,7 @@ paths: operationId: AlertsMigrationCleanup requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11640,7 +10615,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Detections_API_MigrationCleanupResult' @@ -11648,7 +10623,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11656,13 +10631,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11677,7 +10652,7 @@ paths: operationId: CreateAlertsMigration requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: allOf: - type: object @@ -11695,7 +10670,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11711,7 +10686,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11719,13 +10694,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11751,7 +10726,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11764,7 +10739,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11772,13 +10747,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11791,7 +10766,7 @@ paths: operationId: SearchAlerts requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: description: Elasticsearch query and aggregation request type: object @@ -11828,7 +10803,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: true description: Elasticsearch search response @@ -11836,7 +10811,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11844,13 +10819,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11863,7 +10838,7 @@ paths: operationId: SetAlertsStatus requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_SetAlertsStatusByIds' @@ -11873,7 +10848,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: true description: Elasticsearch update by query response @@ -11881,7 +10856,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11889,13 +10864,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11911,7 +10886,7 @@ paths: operationId: SetAlertTags requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -11927,7 +10902,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: true description: Elasticsearch update by query response @@ -11935,7 +10910,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' @@ -11943,13 +10918,13 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_PlatformErrorResponse' description: Unsuccessful authentication response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' description: Internal server error response @@ -11963,7 +10938,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' description: Indicates a successful call @@ -11998,7 +10973,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: rotateEncryptionKeyResponse: $ref: '#/components/examples/Saved_objects_key_rotation_response' @@ -12022,13 +10997,13 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request '429': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Already in progress. @@ -12042,13 +11017,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -12056,19 +11031,19 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -12095,13 +11070,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -12109,25 +11084,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -12153,7 +11128,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' @@ -12161,7 +11136,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -12169,25 +11144,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -12199,7 +11174,7 @@ paths: operationId: CreateEndpointListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -12234,13 +11209,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -12248,25 +11223,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item already exists '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -12278,7 +11253,7 @@ paths: operationId: UpdateEndpointListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -12318,13 +11293,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -12332,25 +11307,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list item not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -12402,7 +11377,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -12429,7 +11404,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' @@ -12437,25 +11412,25 @@ paths: description: Invalid input data '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse' description: Insufficient privileges '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Endpoint list not found '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse' description: Internal server error @@ -12475,39 +11450,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get response actions tags: - Security Endpoint Management API - /api/endpoint/action_log/{agent_id}: - get: - deprecated: true - description: Get an action request log for the specified agent ID. - operationId: EndpointGetActionLog - parameters: - - in: path - name: agent_id - required: true - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' - - in: query - name: query - required: true - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' - description: OK - summary: Get an action request log - tags: - - Security Endpoint Management API /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -12524,7 +11473,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse' description: OK @@ -12544,7 +11493,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12569,7 +11518,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12594,7 +11543,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12607,14 +11556,14 @@ paths: operationId: EndpointExecuteAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12627,14 +11576,14 @@ paths: operationId: EndpointGetFileAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12647,14 +11596,14 @@ paths: operationId: EndpointIsolateAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12667,14 +11616,14 @@ paths: operationId: EndpointKillProcessAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12687,14 +11636,14 @@ paths: operationId: EndpointGetProcessesAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12707,14 +11656,14 @@ paths: operationId: RunScriptAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_RunScriptRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12727,14 +11676,14 @@ paths: operationId: EndpointScanAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12748,7 +11697,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse' description: OK @@ -12761,14 +11710,14 @@ paths: operationId: EndpointSuspendProcessAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12781,14 +11730,14 @@ paths: operationId: EndpointUnisolateAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12801,67 +11750,20 @@ paths: operationId: EndpointUploadAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Upload a file tags: - Security Endpoint Management API - /api/endpoint/isolate: - post: - deprecated: true - description: | - Isolate an endpoint from the network. - > info - > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/isolate`. - operationId: EndpointIsolateRedirect - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' - description: OK - '308': - description: Permanent Redirect - headers: - Location: - description: Permanently redirects to "/api/endpoint/action/isolate" - schema: - example: /api/endpoint/action/isolate - type: string - summary: Isolate an endpoint - tags: - - Security Endpoint Management API /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -12874,7 +11776,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK @@ -12893,27 +11795,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get metadata tags: - Security Endpoint Management API - /api/endpoint/metadata/transforms: - get: - deprecated: true - operationId: GetEndpointMetadataTransform - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' - description: OK - summary: Get metadata transforms - tags: - - Security Endpoint Management API /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -12929,39 +11817,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' description: OK summary: Get a policy response tags: - Security Endpoint Management API - /api/endpoint/policy/summaries: - get: - deprecated: true - operationId: GetAgentPolicySummary - parameters: - - in: query - name: query - required: true - schema: - type: object - properties: - package_name: - type: string - policy_id: - nullable: true - type: string - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' - description: OK - summary: Get an agent policy summary - tags: - - Security Endpoint Management API /api/endpoint/protection_updates_note/{package_policy_id}: get: operationId: GetProtectionUpdatesNote @@ -12974,7 +11836,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK @@ -12991,7 +11853,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13001,103 +11863,19 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse' description: OK summary: Create or update a protection updates note tags: - Security Endpoint Management API - /api/endpoint/suggestions/{suggestion_type}: - post: - deprecated: true - operationId: GetEndpointSuggestions - parameters: - - in: path - name: suggestion_type - required: true - schema: - enum: - - eventFilters - type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - field: - type: string - fieldMeta: {} - filters: {} - query: - type: string - required: - - parameters - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' - description: OK - summary: Get suggestions - tags: - - Security Endpoint Management API - /api/endpoint/unisolate: - post: - deprecated: true - description: | - Release an isolated endpoint, allowing it to rejoin a network. - > info - > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/unisolate`. - operationId: EndpointUnisolateRedirect - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' - description: OK - '308': - description: Permanent Redirect - headers: - Location: - description: Permanently redirects to "/api/endpoint/action/unisolate" - schema: - example: /api/endpoint/action/unisolate - type: string - summary: Release an isolated endpoint - tags: - - Security Endpoint Management API /api/entity_store/enable: post: operationId: InitEntityStore requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13147,7 +11925,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13167,7 +11945,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13200,7 +11978,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13222,7 +12000,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response @@ -13241,7 +12019,7 @@ paths: $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13287,7 +12065,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineDescriptor' description: Successful response @@ -13307,7 +12085,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13330,7 +12108,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13346,7 +12124,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13359,7 +12137,7 @@ paths: description: Successful response '207': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13376,7 +12154,7 @@ paths: description: Partial successful response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13435,7 +12213,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13476,7 +12254,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -13505,19 +12283,29 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Either `id` or `list_id` must be specified + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. + examples: + autogeneratedId: + value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + list_id: + value: simple_list in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -13526,13 +12314,40 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + detectionExceptionList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13540,25 +12355,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list list_id: "foo" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13569,19 +12406,24 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Either `id` or `list_id` must be specified + - description: Exception list's identifier. Either `id` or `list_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Either `id` or `list_id` must be specified + - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -13590,13 +12432,40 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + detectionType: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13604,25 +12473,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13631,14 +12522,24 @@ paths: - Security Exceptions API post: description: | - An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. + An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: detection type: object properties: description: @@ -13671,13 +12572,99 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + autogeneratedListId: + value: + _version: WzMsMV0= + created_at: '2025-01-09T01:05:23.019Z' + created_by: elastic + description: This is a sample detection type exception with an autogenerated list_id. + id: 28243c2f-624a-4443-823d-c0b894880931 + immutable: false + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 + type: detection + updated_at: '2025-01-09T01:05:23.020Z' + updated_by: elastic + version: 1 + namespaceAgnostic: + value: + _version: WzUsMV0= + created_at: '2025-01-09T01:10:36.369Z' + created_by: elastic + description: This is a sample agnostic endpoint type exception. + id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 + immutable: false + list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 + name: Sample Agnostic Endpoint Exception List + namespace_type: agnostic + os_types: + - linux + tags: + - malware + tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 + type: endpoint + updated_at: '2025-01-09T01:10:36.369Z' + updated_by: elastic + version: 1 + typeDetection: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 + typeEndpoint: + value: + _version: WzQsMV0= + created_at: '2025-01-09T01:07:49.658Z' + created_by: elastic + description: This is a sample endpoint type exception list. + id: a79f4730-6e32-4278-abfc-349c0add7d54 + immutable: false + list_id: endpoint_list + name: Sample Endpoint Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee + type: endpoint + updated_at: '2025-01-09T01:07:49.658Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13685,25 +12672,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13715,11 +12724,21 @@ paths: operationId: UpdateExceptionList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: Different description + list_id: simple_list + name: Updated exception list name + os_types: + - linux + tags: + - draft malware + type: detection type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -13752,13 +12771,39 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleList: + value: + _version: WzExLDFd + created_at: '2025-01-07T20:43:55.264Z' + created_by: elastic + description: Different description + id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 + immutable: false + list_id: simple_list + name: Updated exception list name + namespace_type: single + os_types: [] + tags: + - draft malware + tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f + type: detection + updated_at: '2025-01-07T21:32:03.726Z' + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13766,25 +12811,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13796,18 +12863,22 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - description: Exception list's human identifier - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list + - description: Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. in: query name: include_expired_exceptions required: true @@ -13816,17 +12887,44 @@ paths: enum: - 'true' - 'false' + example: true type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + detectionExceptionList: + value: + _version: WzExNDY1LDFd + created_at: '2025-01-09T16:19:50.280Z' + created_by: elastic + description: This is a sample detection type exception + id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 + immutable: false + list_id: d6390d60-bce3-4a48-9002-52db600f329c + name: Sample Detection Exception List [Duplicate] + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 + type: detection + updated_at: '2025-01-09T16:19:50.280Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13834,25 +12932,53 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Exception list not found '405': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list to duplicate not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13864,24 +12990,28 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - description: Exception list's identifier - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human identifier - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list + - description: Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. + example: true in: query name: include_expired_exceptions required: true @@ -13894,7 +13024,13 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: + examples: + exportSavedObjectsResponse: + value: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} + {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: A `.ndjson` file containing specified exception list and its items format: binary @@ -13902,7 +13038,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: list_id: Required, namespace_type: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13910,25 +13052,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13937,7 +13101,7 @@ paths: - Security Exceptions API /api/exception_lists/_find: get: - description: Get a list of all exception lists. + description: Get a list of all exception list containers. operationId: FindExceptionLists parameters: - description: | @@ -13955,6 +13119,11 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) + examples: + agnostic: + value: agnostic + single: + value: single in: query name: namespace_type required: false @@ -13969,6 +13138,7 @@ paths: name: page required: false schema: + example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page @@ -13976,15 +13146,17 @@ paths: name: per_page required: false schema: + example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: + example: name type: string - - description: Determines the sort order, which can be `desc` or `asc` + - description: Determines the sort order, which can be `desc` or `asc`. in: query name: sort_order required: false @@ -13992,11 +13164,36 @@ paths: enum: - desc - asc + example: desc type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleLists: + value: + data: + - _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Detection Exception List + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -14021,7 +13218,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14029,19 +13232,36 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -14061,18 +13281,7 @@ paths: required: false schema: default: false - type: boolean - - in: query - name: overwrite_exceptions - required: false - schema: - default: false - type: boolean - - in: query - name: overwrite_action_connectors - required: false - schema: - default: false + example: false type: boolean - description: | Determines whether the list being imported will have a new `list_id` generated. @@ -14083,22 +13292,54 @@ paths: required: false schema: default: false + example: false type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: type: object properties: file: description: A `.ndjson` file containing the exception list + example: | + {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} + {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + withErrors: + value: + errors: + - error: + message: 'Error found importing exception list: Invalid value \"4\" supplied to \"list_id\"' + status_code: 400 + list_id: (unknown list_id) + - error: + message: 'Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped.' + status_code: 409 + item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 + list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee + success: false, + success_count: 0, + success_count_exception_list_items: 0 + success_count_exception_lists: 0, + success_exception_list_items: false, + success_exception_lists: false, + withoutErrors: + value: + errors: [] + success: true + success_count: 2 + success_count_exception_list_items: 1 + success_count_exception_lists: 1 + success_exception_list_items: true + success_exception_lists: true, schema: type: object properties: @@ -14130,7 +13371,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14138,19 +13379,36 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -14162,19 +13420,24 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified + - description: Exception item's identifier. Either `id` or `item_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -14183,39 +13446,96 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleExceptionItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/exception_lists/items?item_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list item item_id: \"foo\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -14226,19 +13546,24 @@ paths: description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - - description: Either `id` or `item_id` must be specified + - description: Exception list item's identifier. Either `id` or `item_id` must be specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Either `id` or `item_id` must be specified + - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - in: query + - examples: + agnostic: + value: agnostic + single: + value: single + in: query name: namespace_type required: false schema: @@ -14247,13 +13572,50 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14261,25 +13623,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items?item_id=&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'exception list item item_id: \"foo\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -14294,8 +13678,29 @@ paths: operationId: CreateExceptionListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + type: simple type: object properties: comments: @@ -14306,8 +13711,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' item_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: @@ -14338,13 +13742,201 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + autogeneratedItemId: + value: + _version: WzYsMV0= + comments: [] + created_at: '2025-01-09T01:16:23.322Z' + created_by: elastic + description: This is a sample exception that has no item_id so it is autogenerated. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 323faa75-c657-4fa0-9084-8827612c207b + item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Sample Autogenerated Exception List Item ID + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 + type: simple + updated_at: '2025-01-09T01:16:23.322Z' + updated_by: elastic + detectionExceptionListItem: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withExistEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withMatchAnyEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: host.name + operator: included + type: match_any + value: + - saturn + - jupiter + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withMatchEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - field: actingProcess.file.signer + operator: included + type: match + value: Elastic N.V. + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withNestedEntry: + value: + _version: WzQsMV0= + comments: [] + created_at: '2025-01-07T20:07:33.119Z' + created_by: elastic + description: This is a sample detection type exception item. + entries: + - entries: + - field: signer + operator: included + type: match + value: Evil + - field: trusted + operator: included + type: match + value: true + field: file.signature + type: nested + id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c + type: simple + updated_at: '2025-01-07T20:07:33.119Z' + updated_by: elastic + withValueListEntry: + value: + _version: WzcsMV0= + comments: [] + created_at: '2025-01-09T01:31:12.614Z' + created_by: elastic + description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list + entries: + - field: source.ip + list: + id: goodguys.txt + type: ip + operator: excluded + type: list + id: deb26876-297d-4677-8a1f-35467d2f1c4f + item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 + list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 + name: Filter out good guys ip and agent.name rock01 + namespace_type: single + os_types: [] + tags: + - malware + tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 + type: simple + updated_at: '2025-01-09T01:31:12.614Z' + updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request, + message: '[request body]: list_id: Expected string, received number' + statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14352,25 +13944,47 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'exception list item id: \"simple_list_item\" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -14382,11 +13996,25 @@ paths: operationId: UpdateExceptionListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + example: + comments: [] + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + item_id: simple_list_item + name: Updated name + namespace_type: single + tags: [] + type: simple schema: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' @@ -14396,8 +14024,7 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -14430,361 +14057,21982 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + simpleListItem: + value: + _version: WzEyLDFd + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: Updated description + entries: + - field: host.name + operator: included + type: match + value: rock01 + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Updated name + namespace_type: single + os_types: [] + tags: [] + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:34:50.233Z' + updated_by: elastic + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response + '400': + content: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: item_id: Expected string, received number' + statusCode: 400 + schema: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message: 'exception list item item_id: \"foo\" does not exist' + status_code: 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list item + tags: + - Security Exceptions API + /api/exception_lists/items/_find: + get: + description: Get a list of all exception list items in the specified list. + operationId: FindExceptionListItems + parameters: + - description: The `list_id`s of the items to fetch. + in: query + name: list_id + required: true + schema: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + type: array + - description: | + Filters the returned results according to the value of the specified field, + using the `:` syntax. + examples: + singleFilter: + value: + - exception-list.attributes.name:%My%20item + in: query + name: filter + required: false + schema: + default: [] + items: + $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter' + type: array + - description: | + Determines whether the returned containers are Kibana associated with a Kibana space + or available in all spaces (`agnostic` or `single`) + examples: + single: + value: + - single + in: query + name: namespace_type + required: false + schema: + default: + - single + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + type: array + - in: query + name: search + required: false + schema: + example: host.name + type: string + - description: The page number to return + in: query + name: page + required: false + schema: + example: 1 + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + example: 20 + minimum: 0 + type: integer + - description: Determines which field is used to sort the results. + example: name + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc`. + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + example: desc + type: string + responses: + '200': + content: + application/json: + examples: + simpleListItems: + value: + data: + - _version: WzgsMV0= + comments: [] + created_at: '2025-01-07T21:12:25.512Z' + created_by: elastic + description: This is a sample exception item. + entries: + - field: actingProcess.file.signer + operator: excluded + type: exists + - field: host.name + operator: included + type: match_any + value: + - jupiter + - saturn + id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da + item_id: simple_list_item + list_id: simple_list + name: Sample Exception List Item + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 + type: simple + updated_at: '2025-01-07T21:12:25.512Z' + updated_by: elastic + page: 1 + per_page: 20 + total: 1 + schema: + type: object + properties: + data: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + description: Successful response + '400': + content: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 + schema: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message: 'exception list list_id: "foo" does not exist' + status_code: 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list items + tags: + - Security Exceptions API + /api/exception_lists/summary: + get: + description: Get a summary of the specified exception list. + operationId: ReadExceptionListSummary + parameters: + - description: Exception list's identifier generated upon creation. + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human readable identifier. + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - examples: + agnostic: + value: agnostic + single: + value: single + in: query + name: namespace_type + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + - description: Search filter clause + in: query + name: filter + required: false + schema: + example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" + type: string + responses: + '200': + content: + application/json: + examples: + summary: + value: + linux: 0 + macos: 0 + total: 0 + windows: 0 + schema: + type: object + properties: + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + description: Successful response + '400': + content: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' + statusCode: 400 + schema: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary] + statusCode: 403 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + examples: + notFound: + value: + message": 'exception list id: "foo" does not exist' + status_code": 404 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list summary + tags: + - Security Exceptions API + /api/exceptions/shared: + post: + description: | + An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. + > info + > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. + operationId: CreateSharedExceptionList + requestBody: + content: + application/json: + schema: + example: + description: This is a sample detection type exception list. + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + type: object + properties: + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + required: + - name + - description + required: true + responses: + '200': + content: + application/json: + examples: + sharedList: + value: + _version: WzIsMV0= + created_at: '2025-01-07T19:34:27.942Z' + created_by: elastic + description: This is a sample detection type exception list. + id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + immutable: false + list_id: simple_list + name: Sample Detection Exception List + namespace_type: single + os_types: + - linux + tags: + - malware + tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 + type: detection + updated_at: '2025-01-07T19:34:27.942Z' + updated_by: elastic + version: 1 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': + content: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: list_id: Expected string, received number' + statusCode: 400 + schema: + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + examples: + forbidden: + value: + message: Unable to create exception-list + status_code: 403 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json: + examples: + alreadyExists: + value: + message: 'exception list id: "simple_list" already exists' + status_code: 409 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create a shared exception list + tags: + - Security Exceptions API + /api/fleet/agent_download_sources: + get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].' + operationId: get-fleet-agent-download-sources + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agent binary download sources + tags: + - Elastic Agent binary download sources + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: post-fleet-agent-download-sources + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + required: + - name + - host + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create an agent binary download source + tags: + - Elastic Agent binary download sources + /api/fleet/agent_download_sources/{sourceId}: + delete: + description: 'Delete an agent binary download source by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: delete-fleet-agent-download-sources-sourceid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: sourceId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete an agent binary download source + tags: + - Elastic Agent binary download sources + get: + description: 'Get an agent binary download source by ID.

[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].' + operationId: get-fleet-agent-download-sources-sourceid + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an agent binary download source + tags: + - Elastic Agent binary download sources + put: + description: 'Update an agent binary download source by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: put-fleet-agent-download-sources-sourceid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: sourceId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + required: + - name + - host + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host: + format: uri + type: string + id: + type: string + is_default: + default: false + type: boolean + name: + type: string + proxy_id: + description: The ID of the proxy to use for this download source. See the proxies API for more information. + nullable: true + type: string + required: + - id + - name + - host + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update an agent binary download source + tags: + - Elastic Agent binary download sources + /api/fleet/agent_policies: + get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' + operationId: get-fleet-agent-policies + parameters: + - in: query + name: page + required: false + schema: + type: number + - in: query + name: perPage + required: false + schema: + type: number + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - desc + - asc + type: string + - in: query + name: showUpgradeable + required: false + schema: + type: boolean + - in: query + name: kuery + required: false + schema: + type: string + - description: use withAgentCount instead + in: query + name: noAgentCount + required: false + schema: + deprecated: true + type: boolean + - description: get policies with agent count + in: query + name: withAgentCount + required: false + schema: + type: boolean + - description: get full policies with package policies populated + in: query + name: full + required: false + schema: + type: boolean + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agent policies + tags: + - Elastic Agent policies + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' + operationId: post-fleet-agent-policies + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: sys_monitoring + required: false + schema: + type: boolean + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + space_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create an agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: + post: + description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' + operationId: post-fleet-agent-policies-bulk-get + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk get agent policies + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}: + get: + description: 'Get an agent policy by ID.

[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' + operationId: get-fleet-agent-policies-agentpolicyid + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an agent policy + tags: + - Elastic Agent policies + put: + description: 'Update an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' + operationId: put-fleet-agent-policies-agentpolicyid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + type: boolean + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_protected: + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + space_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + required: + - name + - namespace + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update an agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/copy: + post: + description: 'Copy an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' + operationId: post-fleet-agent-policies-agentpolicyid-copy + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + description: + type: string + name: + minLength: 1 + type: string + required: + - name + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + advanced_settings: + additionalProperties: false + type: object + properties: + agent_download_target_directory: + nullable: true + agent_download_timeout: + nullable: true + agent_limits_go_max_procs: + nullable: true + agent_logging_files_interval: + nullable: true + agent_logging_files_keepfiles: + nullable: true + agent_logging_files_rotateeverybytes: + nullable: true + agent_logging_level: + nullable: true + agent_logging_metrics_period: + nullable: true + agent_logging_to_files: + nullable: true + agent_features: + items: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agentless: + additionalProperties: false + type: object + properties: + resources: + additionalProperties: false + type: object + properties: + requests: + additionalProperties: false + type: object + properties: + cpu: + type: string + memory: + type: string + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. + items: + additionalProperties: false + type: object + properties: + name: + type: string + value: + anyOf: + - type: string + - type: number + required: + - name + - value + type: array + has_fleet_server: + type: boolean + id: + type: string + inactivity_timeout: + default: 1209600 + minimum: 0 + type: number + is_default: + type: boolean + is_default_fleet_server: + type: boolean + is_managed: + type: boolean + is_preconfigured: + type: boolean + is_protected: + description: Indicates whether the agent policy has tamper protection enabled. Default false. + type: boolean + keep_monitoring_alive: + default: false + description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + additionalProperties: false + type: object + properties: + limit: + additionalProperties: false + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + additionalProperties: false + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - logs + - metrics + - traces + type: string + type: array + monitoring_http: + additionalProperties: false + type: object + properties: + buffer: + additionalProperties: false + type: object + properties: + enabled: + default: false + type: boolean + enabled: + type: boolean + host: + type: string + port: + maximum: 65353 + minimum: 0 + type: number + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + minLength: 1 + type: string + namespace: + minLength: 1 + type: string + overrides: + additionalProperties: {} + description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + anyOf: + - items: + type: string + type: array + - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required_versions: + items: + additionalProperties: false + type: object + properties: + percentage: + description: Target percentage of agents to auto upgrade + maximum: 100 + minimum: 0 + type: number + version: + description: Target version for automatic agent upgrade + type: string + required: + - version + - percentage + nullable: true + type: array + revision: + type: number + schema_version: + type: string + space_ids: + items: + type: string + type: array + status: + enum: + - active + - inactive + type: string + supports_agentless: + default: false + description: Indicates whether the agent policy supports agentless integrations. + nullable: true + type: boolean + unenroll_timeout: + minimum: 0 + type: number + unprivileged_agents: + type: number + updated_at: + type: string + updated_by: + type: string + version: + type: string + required: + - id + - name + - namespace + - is_managed + - is_protected + - status + - updated_at + - updated_by + - revision + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Copy an agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/download: + get: + description: 'Download an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' + operationId: get-fleet-agent-policies-agentpolicyid-download + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: standalone + required: false + schema: + type: boolean + - in: query + name: kubernetes + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + type: string + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Download an agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/full: + get: + description: 'Get a full agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].' + operationId: get-fleet-agent-policies-agentpolicyid-full + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: standalone + required: false + schema: + type: boolean + - in: query + name: kubernetes + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + download: + additionalProperties: false + type: object + properties: + sourceURI: + type: string + required: + - sourceURI + features: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + required: + - enabled + type: object + limits: + additionalProperties: false + type: object + properties: + go_max_procs: + type: number + logging: + additionalProperties: false + type: object + properties: + files: + additionalProperties: false + type: object + properties: + interval: + type: string + keepfiles: + type: number + rotateeverybytes: + type: number + level: + type: string + to_files: + type: boolean + monitoring: + additionalProperties: false + type: object + properties: + apm: {} + enabled: + type: boolean + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + - apm + protection: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + signing_key: + type: string + uninstall_token_hash: + type: string + required: + - enabled + - uninstall_token_hash + - signing_key + required: + - monitoring + - download + - features + fleet: + anyOf: + - additionalProperties: false + type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + additionalProperties: false + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + required: + - hosts + - proxy_headers + - additionalProperties: false + type: object + properties: + kibana: + additionalProperties: false + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + required: + - hosts + - protocol + required: + - kibana + id: + type: string + inputs: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + package_policy_id: + type: string + processors: + items: + additionalProperties: true + type: object + properties: + add_fields: + additionalProperties: true + type: object + properties: + fields: + additionalProperties: + anyOf: + - type: string + - type: number + type: object + target: + type: string + required: + - target + - fields + required: + - add_fields + type: array + revision: + type: number + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + type: array + namespaces: + items: + type: string + type: array + output_permissions: + additionalProperties: + additionalProperties: {} + type: object + type: object + outputs: + additionalProperties: + additionalProperties: true + type: object + properties: + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + type: + type: string + required: + - type + - proxy_headers + type: object + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + signed: + additionalProperties: false + type: object + properties: + data: + type: string + signature: + type: string + required: + - data + - signature + required: + - id + - outputs + - inputs + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a full agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/outputs: + get: + description: 'Get a list of outputs associated with agent policy by policy id.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].' + operationId: get-fleet-agent-policies-agentpolicyid-outputs + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + additionalProperties: false + type: object + properties: + integrations: + items: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + type: array + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + monitoring: + additionalProperties: false + type: object + properties: + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + required: + - monitoring + - data + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get outputs for an agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/delete: + post: + description: 'Delete an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' + operationId: post-fleet-agent-policies-delete + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + force: + description: bypass validation checks that can prevent agent policy deletion + type: boolean + required: + - agentPolicyId + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete an agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/outputs: + post: + description: 'Get a list of outputs associated with agent policies.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].' + operationId: post-fleet-agent-policies-outputs + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + required: + - ids + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + agentPolicyId: + type: string + data: + additionalProperties: false + type: object + properties: + integrations: + items: + additionalProperties: false + type: object + properties: + id: + type: string + integrationPolicyName: + type: string + name: + type: string + pkgName: + type: string + type: array + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + monitoring: + additionalProperties: false + type: object + properties: + output: + additionalProperties: false + type: object + properties: + id: + type: string + name: + type: string + required: + - id + - name + required: + - output + required: + - monitoring + - data + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get outputs for agent policies + tags: + - Elastic Agent policies + /api/fleet/agent_status: + get: + operationId: get-fleet-agent-status + parameters: + - in: query + name: policyId + required: false + schema: + type: string + - in: query + name: policyIds + required: false + schema: + anyOf: + - items: + type: string + type: array + - type: string + - in: query + name: kuery + required: false + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + results: + additionalProperties: false + type: object + properties: + active: + type: number + all: + type: number + error: + type: number + events: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + orphaned: + type: number + other: + type: number + unenrolled: + type: number + uninstalled: + type: number + updating: + type: number + required: + - events + - online + - error + - offline + - other + - updating + - inactive + - unenrolled + - all + - active + required: + - results + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an agent status summary + tags: + - Elastic Agent status + /api/fleet/agent_status/data: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agent-status-data + parameters: + - in: query + name: agentsIds + required: true + schema: + anyOf: + - items: + type: string + type: array + - type: string + - in: query + name: pkgName + required: false + schema: + type: string + - in: query + name: pkgVersion + required: false + schema: + type: string + - in: query + name: previewData + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + dataPreview: + items: {} + type: array + items: + items: + additionalProperties: + additionalProperties: false + type: object + properties: + data: + type: boolean + required: + - data + type: object + type: array + required: + - items + - dataPreview + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get incoming agent data + tags: + - Elastic Agents + /api/fleet/agents: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents + parameters: + - in: query + name: page + required: false + schema: + default: 1 + type: number + - in: query + name: perPage + required: false + schema: + default: 20 + type: number + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: showInactive + required: false + schema: + default: false + type: boolean + - in: query + name: withMetrics + required: false + schema: + default: false + type: boolean + - in: query + name: showUpgradeable + required: false + schema: + default: false + type: boolean + - in: query + name: getStatusSummary + required: false + schema: + default: false + type: boolean + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + audit_unenrolled_reason: + type: string + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + type: array + page: + type: number + perPage: + type: number + statusSummary: + additionalProperties: + type: number + type: object + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agents + tags: + - Elastic Agents + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: post-fleet-agents + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionIds: + items: + type: string + type: array + required: + - actionIds + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agents by action ids + tags: + - Elastic Agents + /api/fleet/agents/{agentId}: + delete: + description: 'Delete an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: delete-fleet-agents-agentid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete an agent + tags: + - Elastic Agents + get: + description: 'Get an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents-agentid + parameters: + - in: path + name: agentId + required: true + schema: + type: string + - in: query + name: withMetrics + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + audit_unenrolled_reason: + type: string + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an agent + tags: + - Elastic Agents + put: + description: 'Update an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: put-fleet-agents-agentid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + tags: + items: + type: string + type: array + user_provided_metadata: + additionalProperties: {} + type: object + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + agent: + additionalProperties: true + type: object + properties: + id: + type: string + version: + type: string + required: + - id + - version + audit_unenrolled_reason: + type: string + components: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + type: string + units: + items: + additionalProperties: false + type: object + properties: + id: + type: string + message: + type: string + payload: + additionalProperties: {} + type: object + status: + enum: + - STARTING + - CONFIGURING + - HEALTHY + - DEGRADED + - FAILED + - STOPPING + - STOPPED + type: string + type: + enum: + - input + - output + type: string + required: + - id + - type + - status + - message + type: array + required: + - id + - type + - status + - message + type: array + default_api_key: + type: string + default_api_key_history: + items: + additionalProperties: false + deprecated: true + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + last_checkin_message: + type: string + last_checkin_status: + enum: + - error + - online + - degraded + - updating + - starting + type: string + local_metadata: + additionalProperties: {} + type: object + metrics: + additionalProperties: false + type: object + properties: + cpu_avg: + type: number + memory_size_byte_avg: + type: number + namespaces: + items: + type: string + type: array + outputs: + additionalProperties: + additionalProperties: false + type: object + properties: + api_key_id: + type: string + to_retire_api_key_ids: + items: + additionalProperties: false + type: object + properties: + id: + type: string + retired_at: + type: string + required: + - id + - retired_at + type: array + type: + type: string + required: + - api_key_id + - type + type: object + packages: + items: + type: string + type: array + policy_id: + type: string + policy_revision: + nullable: true + type: number + sort: + items: + anyOf: + - type: number + - type: string + - enum: [] + nullable: true + type: array + status: + enum: + - offline + - error + - online + - inactive + - enrolling + - unenrolling + - unenrolled + - updating + - degraded + - uninstalled + - orphaned + type: string + tags: + items: + type: string + type: array + type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + type: string + unenrolled_at: + type: string + unenrollment_started_at: + type: string + unhealthy_reason: + items: + enum: + - input + - output + - other + type: string + nullable: true + type: array + upgrade_details: + additionalProperties: false + nullable: true + type: object + properties: + action_id: + type: string + metadata: + additionalProperties: false + type: object + properties: + download_percent: + type: number + download_rate: + type: number + error_msg: + type: string + failed_state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + retry_error_msg: + type: string + retry_until: + type: string + scheduled_at: + type: string + state: + enum: + - UPG_REQUESTED + - UPG_SCHEDULED + - UPG_DOWNLOADING + - UPG_EXTRACTING + - UPG_REPLACING + - UPG_RESTARTING + - UPG_FAILED + - UPG_WATCHING + - UPG_ROLLBACK + type: string + target_version: + type: string + required: + - target_version + - action_id + - state + upgrade_started_at: + nullable: true + type: string + upgraded_at: + nullable: true + type: string + user_provided_metadata: + additionalProperties: {} + type: object + required: + - id + - packages + - type + - active + - enrolled_at + - local_metadata + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update an agent + tags: + - Elastic Agents + /api/fleet/agents/{agentId}/actions: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-agentid-actions + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + action: + anyOf: + - additionalProperties: false + type: object + properties: + ack_data: {} + data: {} + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + required: + - type + - data + - ack_data + - additionalProperties: false + type: object + properties: + data: + additionalProperties: false + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + required: + - log_level + type: + enum: + - SETTINGS + type: string + required: + - type + - data + required: + - action + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create an agent action + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/reassign: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-agentid-reassign + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + policy_id: + type: string + required: + - policy_id + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: {} + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Reassign an agent + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/request_diagnostics: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: post-fleet-agents-agentid-request-diagnostics + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + nullable: true + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + type: array + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Request agent diagnostics + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/unenroll: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-agentid-unenroll + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + nullable: true + type: object + properties: + force: + type: boolean + revoke: + type: boolean + responses: {} + summary: Unenroll an agent + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/upgrade: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-agentid-upgrade + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: agentId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + force: + type: boolean + skipRateLimitCheck: + type: boolean + source_uri: + type: string + version: + type: string + required: + - version + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: {} + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Upgrade an agent + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/uploads: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents-agentid-uploads + parameters: + - in: path + name: agentId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + actionId: + type: string + createTime: + type: string + error: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - EXPIRED + - IN_PROGRESS + - FAILED + type: string + required: + - id + - name + - filePath + - createTime + - status + - actionId + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agent uploads + tags: + - Elastic Agents + /api/fleet/agents/action_status: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents-action-status + parameters: + - in: query + name: page + required: false + schema: + default: 0 + type: number + - in: query + name: perPage + required: false + schema: + default: 20 + type: number + - in: query + name: date + required: false + schema: + type: string + - in: query + name: latest + required: false + schema: + type: number + - in: query + name: errorSize + required: false + schema: + default: 5 + type: number + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + hasRolloutPeriod: + type: boolean + latestErrors: + items: + additionalProperties: false + description: latest errors that happened when the agents executed the action + type: object + properties: + agentId: + type: string + error: + type: string + hostname: + type: string + timestamp: + type: string + required: + - agentId + - error + - timestamp + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: number + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - UPGRADE + - UNENROLL + - SETTINGS + - POLICY_REASSIGN + - CANCEL + - FORCE_UNENROLL + - REQUEST_DIAGNOSTICS + - UPDATE_TAGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - type + - nbAgentsActioned + - status + - creationTime + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an agent action status + tags: + - Elastic Agent actions + /api/fleet/agents/actions/{actionId}/cancel: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-actions-actionid-cancel + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: actionId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + ack_data: {} + agents: + items: + type: string + type: array + created_at: + type: string + data: {} + expiration: + type: string + id: + type: string + minimum_execution_duration: + type: number + namespaces: + items: + type: string + type: array + rollout_duration_seconds: + type: number + sent_at: + type: string + source_uri: + type: string + start_time: + type: string + total: + type: number + type: + type: string + required: + - id + - type + - data + - created_at + - ack_data + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Cancel an agent action + tags: + - Elastic Agent actions + /api/fleet/agents/available_versions: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents-available-versions + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get available agent versions + tags: + - Elastic Agents + /api/fleet/agents/bulk_reassign: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-bulk-reassign + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + includeInactive: + default: false + type: boolean + policy_id: + type: string + required: + - policy_id + - agents + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk reassign agents + tags: + - Elastic Agent actions + /api/fleet/agents/bulk_request_diagnostics: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: post-fleet-agents-bulk-request-diagnostics + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + additional_metrics: + items: + enum: + - CPU + type: string + type: array + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + required: + - agents + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk request diagnostics from agents + tags: + - Elastic Agent actions + /api/fleet/agents/bulk_unenroll: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-bulk-unenroll + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + description: KQL query string, leave empty to action all agents + type: string + type: array + - description: list of agent IDs + type: string + batchSize: + type: number + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: When passing agents by KQL query, unenrolls inactive agents too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk unenroll agents + tags: + - Elastic Agent actions + /api/fleet/agents/bulk_update_agent_tags: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-bulk-update-agent-tags + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + includeInactive: + default: false + type: boolean + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk update agent tags + tags: + - Elastic Agent actions + /api/fleet/agents/bulk_upgrade: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-agents-bulk-upgrade + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + agents: + anyOf: + - items: + type: string + type: array + - type: string + batchSize: + type: number + force: + type: boolean + includeInactive: + default: false + type: boolean + rollout_duration_seconds: + minimum: 600 + type: number + skipRateLimitCheck: + type: boolean + source_uri: + type: string + start_time: + type: string + version: + type: string + required: + - agents + - version + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionId: + type: string + required: + - actionId + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk upgrade agents + tags: + - Elastic Agent actions + /api/fleet/agents/files/{fileId}: + delete: + description: 'Delete a file uploaded by an agent.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: delete-fleet-agents-files-fileid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: fileId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + deleted: + type: boolean + id: + type: string + required: + - id + - deleted + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete an uploaded file + tags: + - Elastic Agents + /api/fleet/agents/files/{fileId}/{fileName}: + get: + description: 'Get a file uploaded by an agent.

[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents-files-fileid-filename + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + type: object + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an uploaded file + tags: + - Elastic Agents + /api/fleet/agents/setup: + get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' + operationId: get-fleet-agents-setup + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. + type: object + properties: + is_secrets_storage_enabled: + type: boolean + is_space_awareness_enabled: + type: boolean + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - security_required + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agent setup info + tags: + - Elastic Agents + post: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' + operationId: post-fleet-agents-setup + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Initiate agent setup + tags: + - Elastic Agents + /api/fleet/agents/tags: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' + operationId: get-fleet-agents-tags + parameters: + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: showInactive + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get agent tags + tags: + - Elastic Agents + /api/fleet/check-permissions: + get: + operationId: get-fleet-check-permissions + parameters: + - in: query + name: fleetServerSetup + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + error: + enum: + - MISSING_SECURITY + - MISSING_PRIVILEGES + - MISSING_FLEET_SERVER_SETUP_PRIVILEGES + type: string + success: + type: boolean + required: + - success + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Check permissions + tags: + - Fleet internals + /api/fleet/data_streams: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].' + operationId: get-fleet-data-streams + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + data_streams: + items: + additionalProperties: false + type: object + properties: + dashboards: + items: + additionalProperties: false + type: object + properties: + id: + type: string + title: + type: string + required: + - id + - title + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + serviceDetails: + additionalProperties: false + nullable: true + type: object + properties: + environment: + type: string + serviceName: + type: string + required: + - environment + - serviceName + size_in_bytes: + type: number + size_in_bytes_formatted: + anyOf: + - type: number + - type: string + type: + type: string + required: + - index + - dataset + - namespace + - type + - package + - package_version + - last_activity_ms + - size_in_bytes + - size_in_bytes_formatted + - dashboards + - serviceDetails + type: array + required: + - data_streams + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get data streams + tags: + - Data streams + /api/fleet/enrollment_api_keys: + get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].' + operationId: get-fleet-enrollment-api-keys + parameters: + - in: query + name: page + required: false + schema: + default: 1 + type: number + - in: query + name: perPage + required: false + schema: + default: 20 + type: number + - in: query + name: kuery + required: false + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + type: array + list: + deprecated: true + items: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + - list + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get enrollment API keys + tags: + - Fleet enrollment API keys + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-enrollment-api-keys + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + expiration: + type: string + name: + type: string + policy_id: + type: string + required: + - policy_id + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + action: + enum: + - created + type: string + item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + required: + - item + - action + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create an enrollment API key + tags: + - Fleet enrollment API keys + /api/fleet/enrollment_api_keys/{keyId}: + delete: + description: 'Revoke an enrollment API key by ID by marking it as inactive.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: delete-fleet-enrollment-api-keys-keyid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: keyId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Revoke an enrollment API key + tags: + - Fleet enrollment API keys + get: + description: 'Get an enrollment API key by ID.

[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].' + operationId: get-fleet-enrollment-api-keys-keyid + parameters: + - in: path + name: keyId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + active: + description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an enrollment API key + tags: + - Fleet enrollment API keys + /api/fleet/epm/bulk_assets: + post: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: post-fleet-epm-bulk-assets + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + assetIds: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - id + - type + type: array + required: + - assetIds + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + appLink: + type: string + attributes: + additionalProperties: false + type: object + properties: + description: + type: string + service: + type: string + title: + type: string + id: + type: string + type: + type: string + updatedAt: + type: string + required: + - id + - type + - attributes + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-categories + parameters: + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: include_policy_templates + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + count: + type: number + id: + type: string + parent_id: + type: string + parent_title: + type: string + title: + type: string + required: + - id + - title + - count + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get package categories + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/custom_integrations: + post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' + operationId: post-fleet-epm-custom-integrations + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + datasets: + items: + additionalProperties: false + type: object + properties: + name: + type: string + type: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + required: + - name + - type + type: array + force: + type: boolean + integrationName: + type: string + required: + - integrationName + - datasets + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create a custom integration + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/data_streams: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-data-streams + parameters: + - in: query + name: type + required: false + schema: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + - in: query + name: datasetQuery + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + default: asc + enum: + - asc + - desc + type: string + - in: query + name: uncategorisedOnly + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + name: + type: string + required: + - name + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get data streams + tags: + - Data streams + /api/fleet/epm/packages: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-packages + parameters: + - in: query + name: category + required: false + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: excludeInstallStatus + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: true + type: object + properties: + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + id: + type: string + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + integration: + type: string + internal: + type: boolean + latestVersion: + type: string + name: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - name + - version + - title + - id + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get packages + tags: + - Elastic Package Manager (EPM) + post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' + operationId: post-fleet-epm-packages + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: ignoreMappingUpdateErrors + required: false + schema: + default: false + type: boolean + - in: query + name: skipDataStreamRollover + required: false + schema: + default: false + type: boolean + requestBody: + content: + application/gzip; application/zip: + schema: + format: binary + type: string + responses: + '200': + content: + application/gzip; application/zip: + schema: + additionalProperties: false + type: object + properties: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': + content: + application/gzip; application/zip: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Install a package by upload + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: + post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' + operationId: post-fleet-epm-packages-bulk + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + force: + default: false + type: boolean + packages: + items: + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + name: + type: string + prerelease: + type: boolean + version: + type: string + required: + - name + - version + minItems: 1 + type: array + required: + - packages + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + name: + type: string + result: + additionalProperties: false + type: object + properties: + assets: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + error: {} + installSource: + type: string + installType: + type: string + status: + enum: + - installed + - already_installed + type: string + required: + - error + - installType + version: + type: string + required: + - name + - version + - result + - additionalProperties: false + type: object + properties: + error: + anyOf: + - type: string + - {} + name: + type: string + statusCode: + type: number + required: + - name + - statusCode + - error + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}: + delete: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' + operationId: delete-fleet-epm-packages-pkgname-pkgversion + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: false + schema: + type: string + - in: query + name: force + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete a package + tags: + - Elastic Package Manager (EPM) + get: + operationId: get-fleet-epm-packages-pkgname-pkgversion + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: false + schema: + type: string + - in: query + name: ignoreUnverified + required: false + schema: + type: boolean + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: full + required: false + schema: + type: boolean + - in: query + name: withMetadata + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - name + - version + - title + - assets + metadata: + additionalProperties: false + type: object + properties: + has_policies: + type: boolean + required: + - has_policies + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a package + tags: + - Elastic Package Manager (EPM) + post: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' + operationId: post-fleet-epm-packages-pkgname-pkgversion + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: false + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: ignoreMappingUpdateErrors + required: false + schema: + default: false + type: boolean + - in: query + name: skipDataStreamRollover + required: false + schema: + default: false + type: boolean + requestBody: + content: + application/json: + schema: + additionalProperties: false + nullable: true + type: object + properties: + force: + default: false + type: boolean + ignore_constraints: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + _meta: + additionalProperties: false + type: object + properties: + install_source: + type: string + required: + - install_source + items: + items: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + - additionalProperties: false + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + required: + - items + - _meta + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Install a package from the registry + tags: + - Elastic Package Manager (EPM) + put: + description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' + operationId: put-fleet-epm-packages-pkgname-pkgversion + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: false + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + keepPoliciesUpToDate: + type: boolean + required: + - keepPoliciesUpToDate + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: true + type: object + properties: + agent: + additionalProperties: false + type: object + properties: + privileges: + additionalProperties: false + type: object + properties: + root: + type: boolean + asset_tags: + items: + additionalProperties: false + type: object + properties: + asset_ids: + items: + type: string + type: array + asset_types: + items: + type: string + type: array + text: + type: string + required: + - text + type: array + assets: + additionalProperties: {} + type: object + categories: + items: + type: string + type: array + conditions: + additionalProperties: true + type: object + properties: + elastic: + additionalProperties: true + type: object + properties: + capabilities: + items: + type: string + type: array + subscription: + type: string + kibana: + additionalProperties: true + type: object + properties: + version: + type: string + data_streams: + items: + additionalProperties: {} + type: object + type: array + description: + type: string + discovery: + additionalProperties: true + type: object + properties: + fields: + items: + additionalProperties: true + type: object + properties: + name: + type: string + required: + - name + type: array + download: + type: string + elasticsearch: + additionalProperties: {} + type: object + format_version: + type: string + icons: + items: + additionalProperties: true + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + installationInfo: + additionalProperties: true + type: object + properties: + additional_spaces_installed_kibana: + additionalProperties: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + type: object + created_at: + type: string + experimental_data_stream_features: + items: + additionalProperties: true + type: object + properties: + data_stream: + type: string + features: + additionalProperties: true + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + install_format_schema_version: + type: string + install_source: + enum: + - registry + - upload + - bundled + - custom + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + items: + additionalProperties: true + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + enum: + - index + - index_template + - component_template + - ingest_pipeline + - ilm_policy + - data_stream_ilm_policy + - transform + - ml_model + type: string + version: + type: string + required: + - id + - type + type: array + installed_kibana: + items: + additionalProperties: true + type: object + properties: + id: + type: string + originId: + type: string + type: + enum: + - dashboard + - lens + - visualization + - search + - index-pattern + - map + - ml-module + - security-rule + - csp-rule-template + - osquery-pack-asset + - osquery-saved-query + - tag + type: string + required: + - id + - type + type: array + installed_kibana_space_id: + type: string + latest_executed_state: + additionalProperties: true + type: object + properties: + error: + type: string + name: + type: string + started_at: + type: string + required: + - name + - started_at + latest_install_failed_attempts: + items: + additionalProperties: true + type: object + properties: + created_at: + type: string + error: + additionalProperties: true + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + required: + - name + - message + target_version: + type: string + required: + - created_at + - target_version + - error + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - unverified + - verified + - unknown + type: string + version: + type: string + required: + - type + - installed_kibana + - installed_es + - name + - version + - install_status + - install_source + - verification_status + internal: + type: boolean + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + license: + type: string + licensePath: + type: string + name: + type: string + notice: + type: string + owner: + additionalProperties: true + type: object + properties: + github: + type: string + type: + enum: + - elastic + - partner + - community + type: string + path: + type: string + policy_templates: + items: + additionalProperties: {} + type: object + type: array + readme: + type: string + release: + enum: + - ga + - beta + - experimental + type: string + screenshots: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + signature_path: + type: string + source: + additionalProperties: true + type: object + properties: + license: + type: string + required: + - license + status: + type: string + title: + type: string + type: + enum: + - integration + - input + - content + type: string + vars: + items: + additionalProperties: {} + type: object + type: array + version: + type: string + required: + - name + - version + - title + - assets + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: {} + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a package file + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + post: + operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + transforms: + items: + additionalProperties: false + type: object + properties: + transformId: + type: string + required: + - transformId + type: array + required: + - transforms + responses: + '200': + content: + application/json: + schema: + items: + additionalProperties: false + type: object + properties: + error: + nullable: true + success: + type: boolean + transformId: + type: string + required: + - transformId + - success + - error + type: array + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/stats: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-packages-pkgname-stats + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + response: + additionalProperties: false + type: object + properties: + agent_policy_count: + type: number + required: + - agent_policy_count + required: + - response + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/installed: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-packages-installed + parameters: + - in: query + name: dataStreamType + required: false + schema: + enum: + - logs + - metrics + - traces + - synthetics + - profiling + type: string + - in: query + name: showOnlyActiveDataStreams + required: false + schema: + type: boolean + - in: query + name: nameQuery + required: false + schema: + type: string + - in: query + name: searchAfter + required: false + schema: + items: + anyOf: + - type: string + - type: number + type: array + - in: query + name: perPage + required: false + schema: + default: 15 + type: number + - in: query + name: sortOrder + required: false + schema: + default: asc + enum: + - asc + - desc + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + dataStreams: + items: + additionalProperties: false + type: object + properties: + name: + type: string + title: + type: string + required: + - name + - title + type: array + description: + type: string + icons: + items: + additionalProperties: false + type: object + properties: + dark_mode: + type: boolean + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + type: array + name: + type: string + status: + type: string + title: + type: string + version: + type: string + required: + - name + - version + - status + - dataStreams + type: array + searchAfter: + items: + anyOf: + - type: string + - type: number + - type: boolean + - enum: [] + nullable: true + - {} + type: array + total: + type: number + required: + - items + - total + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get installed packages + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/limited: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-packages-limited + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + type: string + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a limited package list + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + default: json + enum: + - json + - yml + - yaml + type: string + - in: query + name: prerelease + required: false + schema: + type: boolean + - in: query + name: ignoreUnverified + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + anyOf: + - type: string + - additionalProperties: false + type: object + properties: + inputs: + items: + additionalProperties: false + type: object + properties: + id: + type: string + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + required: + - id + - type + type: array + required: + - inputs + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get an inputs template + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/verification_key_id: + get: + description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' + operationId: get-fleet-epm-verification-key-id + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + nullable: true + type: string + required: + - id + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a package signature verification key ID + tags: + - Elastic Package Manager (EPM) + /api/fleet/fleet_server_hosts: + get: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].' + operationId: get-fleet-fleet-server-hosts + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get Fleet Server hosts + tags: + - Fleet Server hosts + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: post-fleet-fleet-server-hosts + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - name + - host_urls + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create a Fleet Server host + tags: + - Fleet Server hosts + /api/fleet/fleet_server_hosts/{itemId}: + delete: + description: 'Delete a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: delete-fleet-fleet-server-hosts-itemid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete a Fleet Server host + tags: + - Fleet Server hosts + get: + description: 'Get a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-read].' + operationId: get-fleet-fleet-server-hosts-itemid + parameters: + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a Fleet Server host + tags: + - Fleet Server hosts + put: + description: 'Update a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: put-fleet-fleet-server-hosts-itemid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - proxy_id + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + host_urls: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + required: + - id + - name + - host_urls + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update a Fleet Server host + tags: + - Fleet Server hosts + /api/fleet/health_check: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: post-fleet-health-check + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + host_id: + type: string + name: + type: string + status: + type: string + required: + - status + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Check Fleet Server health + tags: + - Fleet internals + /api/fleet/kubernetes: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' + operationId: get-fleet-kubernetes + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + type: string + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a full K8s agent manifest + tags: + - Elastic Agent policies + /api/fleet/kubernetes/download: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' + operationId: get-fleet-kubernetes-download + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json: + schema: + type: string + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Download an agent manifest + tags: + - Elastic Agent policies + /api/fleet/logstash_api_keys: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: post-fleet-logstash-api-keys + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + api_key: + type: string + required: + - api_key + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Generate a Logstash API key + tags: + - Fleet outputs + /api/fleet/message_signing_service/rotate_key_pair: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].' + operationId: post-fleet-message-signing-service-rotate-key-pair + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: acknowledge + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '500': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Rotate a Fleet message signing key pair + tags: + - Message Signing Service + /api/fleet/outputs: + get: + description: '[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].' + operationId: get-fleet-outputs + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get outputs + tags: + - Fleet outputs + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: post-fleet-outputs + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: false + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: false + type: object + properties: + password: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create output + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}: + delete: + description: 'Delete output by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: delete-fleet-outputs-outputid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: outputId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete output + tags: + - Fleet outputs + get: + description: 'Get output by ID.

[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].' + operationId: get-fleet-outputs-outputid + parameters: + - in: path + name: outputId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get output + tags: + - Fleet outputs + put: + description: 'Update output by ID.

[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].' + operationId: put-fleet-outputs-outputid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: outputId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + service_token: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: false + type: object + properties: + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + - additionalProperties: false + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: false + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: false + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: false + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: false + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: false + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: false + type: object + properties: + password: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: false + type: object + properties: + key: + anyOf: + - additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: false + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: false + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - compression_level + - connection_type + - username + - password + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + anyOf: + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + format: uri + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + service_token: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + service_token: + nullable: true + type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + config_yaml: + nullable: true + type: string + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + nullable: true + type: string + secrets: + additionalProperties: true + type: object + properties: + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + type: + enum: + - logstash + type: string + required: + - name + - type + - hosts + - additionalProperties: true + type: object + properties: + allow_edit: + items: + type: string + type: array + auth_type: + enum: + - none + - user_pass + - ssl + - kerberos + type: string + broker_timeout: + type: number + ca_sha256: + nullable: true + type: string + ca_trusted_fingerprint: + nullable: true + type: string + client_id: + type: string + compression: + enum: + - gzip + - snappy + - lz4 + - none + type: string + compression_level: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: number + - not: {} + config_yaml: + nullable: true + type: string + connection_type: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - plaintext + - encryption + type: string + - not: {} + hash: + additionalProperties: true + type: object + properties: + hash: + type: string + random: + type: boolean + headers: + items: + additionalProperties: true + type: object + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: array + hosts: + items: + type: string + minItems: 1 + type: array + id: + type: string + is_default: + default: false + type: boolean + is_default_monitoring: + default: false + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + key: + type: string + name: + type: string + partition: + enum: + - random + - round_robin + - hash + type: string + password: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - not: {} + - anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + proxy_id: + nullable: true + type: string + random: + additionalProperties: true + type: object + properties: + group_events: + type: number + required_acks: + enum: + - 1 + - 0 + - -1 + type: integer + round_robin: + additionalProperties: true + type: object + properties: + group_events: + type: number + sasl: + additionalProperties: true + nullable: true + type: object + properties: + mechanism: + enum: + - PLAIN + - SCRAM-SHA-256 + - SCRAM-SHA-512 + type: string + secrets: + additionalProperties: true + type: object + properties: + password: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + ssl: + additionalProperties: true + type: object + properties: + key: + anyOf: + - additionalProperties: true + type: object + properties: + id: + type: string + required: + - id + - type: string + required: + - key + shipper: + additionalProperties: true + nullable: true + type: object + properties: + compression_level: + nullable: true + type: number + disk_queue_compression_enabled: + nullable: true + type: boolean + disk_queue_enabled: + default: false + nullable: true + type: boolean + disk_queue_encryption_enabled: + nullable: true + type: boolean + disk_queue_max_size: + nullable: true + type: number + disk_queue_path: + nullable: true + type: string + loadbalance: + nullable: true + type: boolean + max_batch_bytes: + nullable: true + type: number + mem_queue_events: + nullable: true + type: number + queue_flush_timeout: + nullable: true + type: number + required: + - disk_queue_path + - disk_queue_max_size + - disk_queue_encryption_enabled + - disk_queue_compression_enabled + - compression_level + - loadbalance + - mem_queue_events + - queue_flush_timeout + - max_batch_bytes + ssl: + additionalProperties: true + nullable: true + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - full + - none + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + type: + enum: + - kafka + type: string + username: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - type: string + - not: {} + version: + type: string + required: + - name + - type + - hosts + - compression_level + - auth_type + - connection_type + - username + - password + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update output + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}/health: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' + operationId: get-fleet-outputs-outputid-health + parameters: + - in: path + name: outputId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + required: + - state + - message + - timestamp + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get the latest output health + tags: + - Fleet outputs + /api/fleet/package_policies: + get: + operationId: get-fleet-package-policies + parameters: + - in: query + name: page + required: false + schema: + type: number + - in: query + name: perPage + required: false + schema: + type: number + - in: query + name: sortField + required: false + schema: + type: string + - in: query + name: sortOrder + required: false + schema: + enum: + - desc + - asc + type: string + - in: query + name: showUpgradeable + required: false + schema: + type: boolean + - in: query + name: kuery + required: false + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + - in: query + name: withAgentCount + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get package policies + tags: + - Fleet package policies + post: + operationId: post-fleet-package-policies + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + description: Force package policy creation even if package is not verified, or if the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + type: array + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - name + - inputs + - additionalProperties: false + type: object + properties: + description: + type: string + force: + type: boolean + id: + type: string + inputs: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + name: + type: string + namespace: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + nullable: true + type: string + policy_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + required: + - name + - package + description: You should use inputs as an object and not use the deprecated inputs array. + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '409': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create a package policy + tags: + - Fleet package policies + /api/fleet/package_policies/_bulk_get: + post: + operationId: post-fleet-package-policies-bulk-get + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + type: array + required: + - items + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: Bulk get package policies + tags: + - Fleet package policies + /api/fleet/package_policies/{packagePolicyId}: + delete: + description: 'Delete a package policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' + operationId: delete-fleet-package-policies-packagepolicyid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: force + required: false + schema: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete a package policy + tags: + - Fleet package policies + get: + description: Get a package policy by ID. + operationId: get-fleet-package-policies-packagepolicyid + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: Get a package policy + tags: + - Fleet package policies + put: + description: Update a package policy by ID. + operationId: put-fleet-package-policies-packagepolicyid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: packagePolicyId + required: true + schema: + type: string + - in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + requestBody: + content: + application/json: + schema: + anyOf: + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + force: + type: boolean + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + type: array + is_managed: + type: boolean + name: + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + version: + type: string + - additionalProperties: false + type: object + properties: + description: + type: string + force: + type: boolean + id: + type: string + inputs: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + name: + type: string + namespace: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + nullable: true + type: string + policy_ids: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + required: + - name + - package + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - id + - revision + - updated_at + - updated_by + - created_at + - created_by + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '403': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update a package policy + tags: + - Fleet package policies + /api/fleet/package_policies/delete: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' + operationId: post-fleet-package-policies-delete + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json: + schema: + items: + additionalProperties: false + type: object + properties: + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + id: + type: string + name: + type: string + output_id: + nullable: true + type: string + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Use `policy_ids` instead + nullable: true + type: string + policy_ids: + items: + type: string + type: array + statusCode: + type: number + success: + type: boolean + required: + - id + - success + - policy_ids + - package + type: array + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Bulk delete package policies + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade: + post: + description: 'Upgrade a package policy to a newer package version.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' + operationId: post-fleet-package-policies-upgrade + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json: + schema: + items: + additionalProperties: false + type: object + properties: + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + id: + type: string + name: + type: string + statusCode: + type: number + success: + type: boolean + required: + - id + - success + type: array + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Upgrade a package policy + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].' + operationId: post-fleet-package-policies-upgrade-dryrun + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json: + schema: + items: + additionalProperties: false + type: object + properties: + agent_diff: + items: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + additionalProperties: true + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + required: + - package + name: + type: string + package_policy_id: + type: string + processors: + items: + additionalProperties: true + type: object + properties: + add_fields: + additionalProperties: true + type: object + properties: + fields: + additionalProperties: + anyOf: + - type: string + - type: number + type: object + target: + type: string + required: + - target + - fields + required: + - add_fields + type: array + revision: + type: number + streams: + items: + additionalProperties: true + type: object + properties: + data_stream: + additionalProperties: true + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + id: + type: string + required: + - id + - data_stream + type: array + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + - package_policy_id + type: array + type: array + body: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + diff: + items: + anyOf: + - additionalProperties: false + type: object + properties: + agents: + type: number + created_at: + type: string + created_by: + type: string + description: + description: Package policy description + type: string + elasticsearch: + additionalProperties: true + type: object + properties: + privileges: + additionalProperties: true + type: object + properties: + cluster: + items: + type: string + type: array + enabled: + type: boolean + id: + type: string + inputs: + anyOf: + - items: + additionalProperties: false + type: object + properties: + compiled_input: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + - compiled_input + type: array + - additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + additionalProperties: false + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Input streams (see integration documentation to know what streams are available) + type: object + vars: + additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + description: Package policy inputs (see integration documentation to know what inputs are available) + type: object + x-oas-optional: true + is_managed: + type: boolean + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + revision: + type: number + secret_references: + items: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + type: array + spaceIds: + items: + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + updated_at: + type: string + updated_by: + type: string + vars: + anyOf: + - additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + - additionalProperties: + anyOf: + - type: boolean + - type: string + - type: number + - items: + type: string + type: array + - items: + type: number + type: array + - additionalProperties: false + type: object + properties: + id: + type: string + isSecretRef: + type: boolean + required: + - id + - isSecretRef + nullable: true + description: Input/stream level variable (see integration documentation for more information) + type: object + x-oas-optional: true + version: + type: string + required: + - name + - enabled + - inputs + - revision + - updated_at + - updated_by + - created_at + - created_by + - additionalProperties: false + type: object + properties: + description: + description: Package policy description + type: string + enabled: + type: boolean + errors: + items: + additionalProperties: false + type: object + properties: + key: + type: string + message: + type: string + required: + - message + type: array + force: + type: boolean + id: + type: string + inputs: + items: + additionalProperties: false + type: object + properties: + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + policy_template: + type: string + streams: + items: + additionalProperties: false + type: object + properties: + compiled_stream: {} + config: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + data_stream: + additionalProperties: false + type: object + properties: + dataset: + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + dynamic_dataset: + type: boolean + dynamic_namespace: + type: boolean + privileges: + additionalProperties: false + type: object + properties: + indices: + items: + type: string + type: array + type: + type: string + required: + - dataset + - type + enabled: + type: boolean + id: + type: string + keep_enabled: + type: boolean + release: + enum: + - ga + - beta + - experimental + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - enabled + - data_stream + - compiled_stream + type: array + type: + type: string + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - type + - enabled + - streams + type: array + is_managed: + type: boolean + missingVars: + items: + type: string + type: array + name: + description: Package policy name (should be unique) + type: string + namespace: + description: The package policy namespace. Leave blank to inherit the agent policy's namespace. + type: string + output_id: + nullable: true + type: string + overrides: + additionalProperties: false + description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + properties: + inputs: + additionalProperties: {} + type: object + package: + additionalProperties: false + type: object + properties: + experimental_data_stream_features: + items: + additionalProperties: false + type: object + properties: + data_stream: + type: string + features: + additionalProperties: false + type: object + properties: + doc_value_only_numeric: + type: boolean + doc_value_only_other: + type: boolean + synthetic_source: + type: boolean + tsdb: + type: boolean + required: + - data_stream + - features + type: array + name: + description: Package name + type: string + requires_root: + type: boolean + title: + type: string + version: + description: Package version + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + nullable: true + type: string + policy_ids: + items: + description: Agent policy IDs where that package policy will be added + type: string + type: array + supports_agentless: + default: false + description: Indicates whether the package policy belongs to an agentless agent policy. + nullable: true + type: boolean + vars: + additionalProperties: + additionalProperties: false + type: object + properties: + frozen: + type: boolean + type: + type: string + value: {} + required: + - value + description: Package variable (see integration documentation for more information) + type: object + required: + - name + - enabled + - inputs + type: array + hasErrors: + type: boolean + name: + type: string + statusCode: + type: number + required: + - hasErrors + type: array + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Dry run a package policy upgrade + tags: + - Fleet package policies + /api/fleet/proxies: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' + operationId: get-fleet-proxies + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + items: + items: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get proxies + tags: + - Fleet proxies + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: post-fleet-proxies + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - url + - name + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create a proxy + tags: + - Fleet proxies + /api/fleet/proxies/{itemId}: + delete: + description: 'Delete a proxy by ID

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: delete-fleet-proxies-itemid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + id: + type: string + required: + - id + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Delete a proxy + tags: + - Fleet proxies + get: + description: 'Get a proxy by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-read].' + operationId: get-fleet-proxies-itemid + parameters: + - in: path + name: itemId + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a proxy + tags: + - Fleet proxies + put: + description: 'Update a proxy by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: put-fleet-proxies-itemid + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: itemId + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - proxy_headers + - certificate_authorities + - certificate + - certificate_key + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + certificate: + nullable: true + type: string + certificate_authorities: + nullable: true + type: string + certificate_key: + nullable: true + type: string + id: + type: string + is_preconfigured: + default: false + type: boolean + name: + type: string + proxy_headers: + additionalProperties: + anyOf: + - type: string + - type: boolean + - type: number + nullable: true + type: object + url: + type: string + required: + - id + - url + - name + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Update a proxy + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: post-fleet-service-tokens + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + nullable: true + type: object + properties: + remote: + default: false + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + name: + type: string + value: + type: string + required: + - name + - value + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Create a service token + tags: + - Fleet service tokens + /api/fleet/settings: + get: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' + operationId: get-fleet-settings + parameters: [] + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + has_seen_add_data_notice: + type: boolean + id: + type: string + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + nullable: true + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + required: + - id + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: Get settings + tags: + - Fleet internals + put: + description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' + operationId: put-fleet-settings + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + additional_yaml_config: + type: string + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + has_seen_add_data_notice: + type: boolean + kibana_ca_sha256: + type: string + kibana_urls: + items: + format: uri + type: string + type: array + prerelease_integrations_enabled: + type: boolean + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + item: + additionalProperties: false + type: object + properties: + delete_unenrolled_agents: + additionalProperties: false + type: object + properties: + enabled: + type: boolean + is_preconfigured: + type: boolean + required: + - enabled + - is_preconfigured + has_seen_add_data_notice: + type: boolean + id: + type: string + output_secret_storage_requirements_met: + type: boolean + preconfigured_fields: + items: + enum: + - fleet_server_hosts + type: string + type: array + prerelease_integrations_enabled: + type: boolean + secret_storage_requirements_met: + type: boolean + use_space_awareness_migration_started_at: + nullable: true + type: string + use_space_awareness_migration_status: + enum: + - pending + - success + - error + type: string + version: + type: string + required: + - id + required: + - item + '400': + content: + application/json: + schema: + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + '404': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + message: + type: string + required: + - message + summary: Update settings + tags: + - Fleet internals + /api/fleet/setup: + post: + description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' + operationId: post-fleet-setup + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + responses: + '200': + content: + application/json: schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - description: Successful response + additionalProperties: false + description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + additionalProperties: false + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors '400': content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list item + additionalProperties: false + description: Internal Server Error + type: object + properties: + message: + type: string + required: + - message + summary: Initiate Fleet setup tags: - - Security Exceptions API - /api/exception_lists/items/_find: + - Fleet internals + /api/fleet/uninstall_tokens: get: - description: Get a list of all exception list items in the specified list. - operationId: FindExceptionListItems + description: 'List the metadata for the latest uninstall tokens per agent policy.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: get-fleet-uninstall-tokens parameters: - - description: List's id - in: query - name: list_id - required: true - schema: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - type: array - - description: | - Filters the returned results according to the value of the specified field, - using the `:` syntax. - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter' - type: array - - description: | - Determines whether the returned containers are Kibana associated with a Kibana space - or available in all spaces (`agnostic` or `single`) + - description: Partial match filtering for policy IDs in: query - name: namespace_type + name: policyId required: false schema: - default: - - single - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - type: array + maxLength: 50 + type: string - in: query name: search required: false schema: + maxLength: 50 type: string - - description: The page number to return - in: query - name: page - required: false - schema: - minimum: 0 - type: integer - - description: The number of exception list items to return per page + - description: The number of items to return in: query - name: per_page - required: false - schema: - minimum: 0 - type: integer - - description: Determines which field is used to sort the results - in: query - name: sort_field + name: perPage required: false schema: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc` - in: query - name: sort_order + minimum: 5 + type: number + - in: query + name: page required: false schema: - enum: - - desc - - asc - type: string + minimum: 1 + type: number responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + additionalProperties: false type: object properties: - data: + items: items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + required: + - id + - policy_id + - created_at type: array page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string + type: number + perPage: + type: number total: - minimum: 0 - type: integer + type: number required: - - data - - page - - per_page + - items - total - description: Successful response + - page + - perPage '400': content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list items + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get metadata for latest uninstall tokens tags: - - Security Exceptions API - /api/exception_lists/summary: + - Fleet uninstall tokens + /api/fleet/uninstall_tokens/{uninstallTokenId}: get: - description: Get a summary of the specified exception list. - operationId: ReadExceptionListSummary + description: 'Get one decrypted uninstall token by its ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' + operationId: get-fleet-uninstall-tokens-uninstalltokenid parameters: - - description: Exception list's identifier generated upon creation - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - in: query - name: namespace_type - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - - description: Search filter clause - in: query - name: filter - required: false + - in: path + name: uninstallTokenId + required: true schema: type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + additionalProperties: false type: object properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer - description: Successful response - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list summary - tags: - - Security Exceptions API - /api/exceptions/shared: - post: - description: | - An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. - > info - > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. - operationId: CreateSharedExceptionList - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - required: - - name - - description - required: true - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response + item: + additionalProperties: false + type: object + properties: + created_at: + type: string + id: + type: string + namespaces: + items: + type: string + type: array + policy_id: + type: string + policy_name: + nullable: true + type: string + token: + type: string + required: + - id + - policy_id + - created_at + - token + required: + - item '400': content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': - content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create a shared exception list + additionalProperties: false + description: Generic Error + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + required: + - message + summary: Get a decrypted uninstall token tags: - - Security Exceptions API + - Fleet uninstall tokens /api/lists: delete: description: | - Delete a list using the list ID. + Delete a value list using the list ID. > info > When you delete a list, all of its list items are also deleted. operationId: DeleteList parameters: - - description: List's `id` value - in: query + - in: query name: id required: true schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - in: query + - description: Determines whether exception items referencing this value list should be deleted. + in: query name: deleteReferences required: false schema: default: false + example: false type: boolean - - in: query + - description: Determines whether to delete value list without performing any additional checks of where this list may be utilized. + in: query name: ignoreReferences required: false schema: default: false + example: false type: boolean responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ipList: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: List of bad internet ips. + id: 21b01cfb-058d-44b9-838c-282be16c91cd + immutable: false + name: Bad ips + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:39:39.292Z' + updated_by: elastic + version: 3 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: id: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -14792,37 +36040,58 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"ip_list\" was not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete a list + summary: Delete a value list tags: - Security Lists API get: - description: Get the details of a list using the list ID. + description: Get the details of a value list using the list ID. operationId: ReadList parameters: - - description: List's `id` value - in: query + - in: query name: id required: true schema: @@ -14830,13 +36099,35 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ip + id: ip_list + immutable: false + name: My bad ips + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:21:53.843Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: id: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -14844,42 +36135,67 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get list details + summary: Get value list details tags: - Security Lists API patch: - description: Update specific fields of an existing list using the list ID. + description: Update specific fields of an existing list using the list `id`. operationId: PatchList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + id: ip_list + name: Bad ips list - UPDATED type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: @@ -14889,22 +36205,43 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' version: - minimum: 1 - type: integer + $ref: '#/components/schemas/Security_Lists_API_ListVersion' required: - id - description: List's properties + description: Value list's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ips + id: ip_list + immutable: false + name: Bad ips list - UPDATED + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:21:53.843Z' + updated_by: elastic + version: 2 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: name: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -14912,44 +36249,93 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PATCH /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Patch a list + summary: Patch a value list tags: - Security Lists API post: - description: Create a new list. + description: Create a new value list. operationId: CreateList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + description: This list describes bad internet ips + id: ip_list + name: Simple list with ips + type: ip + ip_range: + value: + description: This list has ip ranges + id: ip_range_list + name: Simple list with ip ranges + type: ip_range + keyword: + value: + description: This list describes bad host names + id: keyword_list + name: Simple list with a keyword + type: keyword + keyword_custom_format: + value: + description: This parses the first found ipv4 only + deserializer: '{{value}}' + id: keyword_custom_format_list + name: Simple list with a keyword using a custom format + serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) + type: keyword schema: type: object properties: description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' id: $ref: '#/components/schemas/Security_Lists_API_ListId' meta: @@ -14957,7 +36343,7 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' type: $ref: '#/components/schemas/Security_Lists_API_ListType' version: @@ -14968,18 +36354,86 @@ paths: - name - description - type - description: List's properties + description: Value list's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ips + id: ip_list + immutable: false + name: Simple list with ips + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T04:47:34.273Z' + updated_by: elastic + version: 1 + ip_range: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-09T18:23:52.241Z' + created_at: '2025-01-09T18:23:52.241Z' + created_by: elastic + description: This list has ip ranges + id: ip_range_list + immutable: false + name: Simple list with ip ranges + tie_breaker_id: 74aebdaf-601f-4940-b351-155728ff7003 + type: ip_range + updated_at: '2025-01-09T18:23:52.241Z' + updated_by: elastic + version: 1 + keyword: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-09T18:24:55.786Z' + created_at: '2025-01-09T18:24:55.786Z' + created_by: elastic + description: This list describes bad host names + id: keyword_list + immutable: false + name: Simple list with a keyword + tie_breaker_id: f7e7dbaa-daf7-4c9a-a3dc-56643923ef68 + type: keyword + updated_at: '2025-01-09T18:24:55.786Z' + updated_by: elastic + version: 1 + keyword_custom_format: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-09T18:25:39.604Z' + created_at: '2025-01-09T18:25:39.604Z' + created_by: elastic + description: This parses the first found ipv4 only + deserializer: '{{value}}' + id: keyword_custom_format_list + immutable: false + name: Simple list with a keyword using a custom format + serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) + tie_breaker_id: 8247ae63-b780-47b8-9a89-948b643e9ec2 + type: keyword + updated_at: '2025-01-09T18:25:39.604Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: To create a list, the data stream must exist first. Data stream \".lists-default\" does not exist + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -14987,45 +36441,71 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'list id: "keyword_custom_format_list" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Create a list + summary: Create a value list tags: - Security Lists API put: description: | - Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted. + Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted. > info > You cannot modify the `id` value. operationId: UpdateList requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + description: Latest list of bad ips + id: ip_list + name: Bad ips - updated type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: @@ -15035,24 +36515,45 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' version: - minimum: 1 - type: integer + $ref: '#/components/schemas/Security_Lists_API_ListVersion' required: - id - name - description - description: List's properties + description: Value list's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: Latest list of bad ips + id: ip_list + immutable: false + name: Bad ips - updated + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T05:39:39.292Z' + updated_by: elastic + version: 3 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15060,54 +36561,81 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PUT /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Update a list + summary: Update a value list tags: - Security Lists API /api/lists/_find: get: - description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page. + description: Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page. operationId: FindLists parameters: - - description: The page number to return + - description: The page number to return. in: query name: page required: false schema: + example: 1 type: integer - - description: The number of lists to return per page + - description: The number of value lists to return per page. in: query name: per_page required: false schema: + example: 20 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + example: name + format: nonempty + minLength: 1 + type: string - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -15116,11 +36644,9 @@ paths: enum: - desc - asc + example: asc type: string - - description: | - Returns the list that come after the last list returned in the previous call - (use the cursor value returned in the previous call). This parameter uses - the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. + - description: Returns the lists that come after the last lists returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false @@ -15137,7 +36663,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ipList: + value: + cursor: WzIwLFsiZjU1MDgxODgtYjFlOS00ZTZlLTk2NjItZDAzOWE3ZDg5ODk5Il1d + data: + - _version: WzAsMV0= + '@timestamp': | + 2025-01-08T04:47:34.273Z + created_at: | + 2025-01-08T04:47:34.273Z + created_by: elastic + description: This list describes bad internet ip + id: ip_list + immutable: false + name: Simple list with an ip + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: | + 2025-01-08T04:47:34.273Z + updated_by: elastic + version: 1 + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -15165,7 +36715,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request query]: page: Expected number, received nan' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15173,23 +36729,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/_find?page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get lists + summary: Get value lists tags: - Security Lists API /api/lists/index: @@ -15199,7 +36772,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -15210,7 +36783,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15218,29 +36791,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete list data streams + summary: Delete value list data streams tags: - Security Lists API get: @@ -15249,7 +36833,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -15263,7 +36847,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15271,29 +36855,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream(s) not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get status of list data streams + summary: Get status of value list data streams tags: - Security Lists API post: @@ -15302,7 +36897,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -15313,7 +36908,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15321,25 +36916,42 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: | + [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'data stream: \".lists-default\" and \".items-default\" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response @@ -15348,28 +36960,29 @@ paths: - Security Lists API /api/lists/items: delete: - description: Delete a list item using its `id`, or its `list_id` and `value` fields. + description: Delete a value list item using its `id`, or its `list_id` and `value` fields. operationId: DeleteListItem parameters: - - description: Required if `list_id` and `value` are not specified + - description: Value list item's identifier. Required if `list_id` and `value` are not specified. in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + - description: Value list's identifier. Required if `id` is not specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + - description: The value used to evaluate exceptions. Required if `id` is not specified. in: query name: value required: false schema: + example: 255.255.255.255 type: string - - description: Determines when changes made by the request are made visible to search + - description: Determines when changes made by the request are made visible to search. in: query name: refresh required: false @@ -15379,11 +36992,26 @@ paths: - 'true' - 'false' - wait_for + example: false type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzIwLDFd + '@timestamp': '2025-01-08T05:15:05.159Z' + created_at: '2025-01-08T05:15:05.159Z' + created_by: elastic + id: pd1WRJQBs4HAK3VQeHFI + list_id: ip_list + tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 + type: ip + updated_at: '2025-01-08T05:44:14.009Z' + updated_by: elastic + value: 255.255.255.255 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -15393,7 +37021,12 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: Either \"list_id\" or \"id\" needs to be defined in the request + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15401,57 +37034,94 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [DELETE /api/lists/items?id=pd1WRJQBs4HAK3VQeHFI] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item with id: \"pd1WRJQBs4HAK3VQeHFI\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete a list item + summary: Delete a value list item tags: - Security Lists API get: - description: Get the details of a list item. + description: Get the details of a value list item. operationId: ReadListItem parameters: - - description: Required if `list_id` and `value` are not specified + - description: Value list item identifier. Required if `list_id` and `value` are not specified. in: query name: id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + - description: Value list item list's `id` identfier. Required if `id` is not specified. in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Required if `id` is not specified + - description: The value used to evaluate exceptions. Required if `id` is not specified. in: query name: value required: false schema: + example: 127.0.0.2 type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzExLDFd + '@timestamp': '2025-01-08T05:16:25.882Z' + created_at: '2025-01-08T05:16:25.882Z' + created_by: elastic + id: qN1XRJQBs4HAK3VQs3Gc + list_id: ip_list + tie_breaker_id: a9a34c02-a385-436e-86a0-02a3942f3537 + type: ip + updated_at: '2025-01-08T05:16:25.882Z' + updated_by: elastic + value: 127.0.0.2 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -15461,7 +37131,12 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: Either \"list_id\" or \"id\" needs to be defined in the request + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15469,48 +37144,73 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/items?id=qN1XRJQBs4HAK3VQs3Gc] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get a list item + summary: Get a value list item tags: - Security Lists API patch: - description: Update specific fields of an existing list item using the list item ID. + description: Update specific fields of an existing value list item using the item `id`. operationId: PatchListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: + example: + id: pd1WRJQBs4HAK3VQeHFI + value: 255.255.255.255 type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: Determines when changes made by the request are made visible to search + description: Determines when changes made by the request are made visible to search. enum: - 'true' - 'false' @@ -15520,18 +37220,37 @@ paths: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - description: List item's properties + description: Value list item's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ipItem: + value: + _version: WzE5LDFd + '@timestamp': '2025-01-08T05:15:05.159Z' + created_at: '2025-01-08T05:15:05.159Z' + created_by: elastic + id: pd1WRJQBs4HAK3VQeHFI + list_id: ip_list + tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 + type: ip + updated_at: '2025-01-08T05:23:37.602Z' + updated_by: elastic + value: 255.255.255.255 schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: '{"took":15,"timed_out":false,"total":1,"updated":0,"deleted":0,"batches":1,"version_conflicts":0,"noops":0,"retries":{"bulk":0,"search":0},"throttled_millis":0,"requests_per_second":-1,"throttled_until_millis":0,"failures":[{"index":".ds-.items-default-2025.01.09-000001","id":"ip_item","cause":{"type":"document_parsing_exception","reason":"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2","caused_by":{"type":"illegal_argument_exception","reason":"2 is not an IP string literal."}},"status":400}]}' + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15539,42 +37258,77 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Patch a list item + summary: Patch a value list item tags: - Security Lists API post: description: | - Create a list item and associate it with the specified list. + Create a value list item and associate it with the specified value list. - All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. + All value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. > info > Before creating a list item, you must create a list. operationId: CreateListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + list_id: ip_list + value: 127.0.0.1 + ip_range: + value: + list_id: ip_range_list + value: 192.168.0.0/16 + keyword: + value: + list_id: keyword_list + value: zeek schema: type: object properties: @@ -15585,29 +37339,76 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: Determines when changes made by the request are made visible to search + description: Determines when changes made by the request are made visible to search. enum: - 'true' - 'false' - wait_for + example: wait_for type: string value: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - list_id - value - description: List item's properties + description: Value list item's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-08T04:59:06.154Z' + created_at: '2025-01-08T04:59:06.154Z' + created_by: elastic + id: 21b01cfb-058d-44b9-838c-282be16c91cc + list_id: ip_list + tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a + type: ip + updated_at: '2025-01-08T04:59:06.154Z' + updated_by: elastic + value: 127.0.0.1 + ip_range: + value: + _version: WzEsMV0= + '@timestamp': '2025-01-09T18:33:08.202Z' + created_at: '2025-01-09T18:33:08.202Z' + created_by: elastic + id: ip_range_item + list_id: ip_range_list + tie_breaker_id: ea1b4189-efda-4637-b8f9-74655a5ebb61 + type: ip_range + updated_at: '2025-01-09T18:33:08.202Z' + updated_by: elastic + value: 192.168.0.0/16 + keyword: + value: + _version: WzIsMV0= + '@timestamp': '2025-01-09T18:34:29.422Z' + created_at: '2025-01-09T18:34:29.422Z' + created_by: elastic + id: 7f24737d-1da8-4626-a568-33070591bb4e + list_id: keyword_list + tie_breaker_id: 2108ced2-5e5d-401e-a88e-4dd69fc5fa27 + type: keyword + updated_at: '2025-01-09T18:34:29.422Z' + updated_by: elastic + value: zeek schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: uri [/api/lists/items] with method [post] exists but is not available with the current configuration + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15615,45 +37416,81 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + examples: + listNotFound: + value: + message: 'list id: \"ip_list\" does not exist' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + alreadyExists: + value: + message: 'list item id: \"ip_item\" already exists' + status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item already exists response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Create a list item + summary: Create a value list item tags: - Security Lists API put: description: | - Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. + Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. > info > You cannot modify the `id` value. operationId: UpdateListItem requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + example: + id: ip_item + value: 255.255.255.255 schema: type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: @@ -15663,18 +37500,38 @@ paths: required: - id - value - description: List item's properties + description: Value list item's properties required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzIwLDFd + '@timestamp': '2025-01-08T05:15:05.159Z' + created_at: '2025-01-08T05:15:05.159Z' + created_by: elastic + id: pd1WRJQBs4HAK3VQeHFI + list_id: ip_list + tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 + type: ip + updated_at: '2025-01-08T05:44:14.009Z' + updated_by: elastic + value: 255.255.255.255 schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request + message: '[request body]: id: Expected string, received number' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15682,37 +37539,59 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + notFound: + value: + message: 'list item id: \"foo\" not found' + status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Update a list item + summary: Update a value list item tags: - Security Lists API /api/lists/items/_export: post: - description: Export list item values from the specified list. + description: Export list item values from the specified value list. operationId: ExportListItems parameters: - - description: List's id to export + - description: Value list's `id` to export. in: query name: list_id required: true @@ -15721,15 +37600,30 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: description: A `.txt` file containing list items from the specified list + example: | + 127.0.0.1 + 127.0.0.2 + 127.0.0.3 + 127.0.0.4 + 127.0.0.5 + 127.0.0.6 + 127.0.0.7 + 127.0.0.8 + 127.0.0.9 format: binary type: string description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: 'Bad Request","message":"[request query]: list_id: Required' + statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15737,60 +37631,81 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists/items/_export?list_id=ips.txt] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Export list items + summary: Export value list items tags: - Security Lists API /api/lists/items/_find: get: - description: Get all list items in the specified list. + description: Get all value list items in the specified list. operationId: FindListItems parameters: - - description: List's id - in: query + - in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return + - description: The page number to return. in: query name: page required: false schema: + example: 1 type: integer - - description: The number of list items to return per page + - description: The number of list items to return per page. in: query name: per_page required: false schema: + example: 20 type: integer - - description: Determines which field is used to sort the results + - description: Determines which field is used to sort the results. in: query name: sort_field required: false schema: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + example: value + format: nonempty + minLength: 1 + type: string - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -15799,12 +37714,9 @@ paths: enum: - desc - asc + example: asc type: string - - description: | - Returns the list that come after the last list returned in the previous call - (use the cursor value returned in the previous call). This parameter uses - the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. - in: query + - in: query name: cursor required: false schema: @@ -15820,7 +37732,26 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + cursor: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d + data: + - _version: WzAsMV0= + '@timestamp': '2025-01-08T04:59:06.154Z' + created_at: '2025-01-08T04:59:06.154Z' + created_by: elastic + id: 21b01cfb-058d-44b9-838c-282be16c91cc + list_id: ip_list + tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a + type: ip + updated_at: '2025-01-08T04:59:06.154Z' + updated_by: elastic + value: 127.0.0.1 + page: 1 + per_page: 20 + total: 1 schema: type: object properties: @@ -15848,7 +37779,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + error: Bad Request, + message: '[request query]: list_id: Required' + statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15856,29 +37793,46 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/items/_find?list_id=ip_list&page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get list items + summary: Get value list items tags: - Security Lists API /api/lists/items/_import: post: description: | - Import list items from a TXT or CSV file. The maximum file size is 9 million bytes. + Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes. You can import items to a new or existing list. operationId: ImportListItems @@ -15895,23 +37849,39 @@ paths: - description: | Type of the importing list. - Required when importing a new list that is `list_id` is not specified. + Required when importing a new list whose list `id` is not specified. + examples: + ip: + value: ip in: query name: type required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListType' - - in: query + - description: | + Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups: + + - `(?.+)` - Single value item types, such as ip, long, date, keyword, and text. + - `(?.+)-(?.+)|(?.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + in: query name: serializer required: false schema: + example: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) type: string - - in: query + - description: | + Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions: + + - `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`. + - `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + - `{{{gte}}},{{{lte}}}` - Date range values. + in: query name: deserializer required: false schema: + example: '{{value}}' type: string - - description: Determines when changes made by the request are made visible to search + - description: Determines when changes made by the request are made visible to search. in: query name: refresh required: false @@ -15920,28 +37890,60 @@ paths: - 'true' - 'false' - wait_for + example: true type: string requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: type: object properties: file: - description: A `.txt` or `.csv` file containing newline separated list items + description: A `.txt` or `.csv` file containing newline separated list items. + example: | + 127.0.0.1 + 127.0.0.2 + 127.0.0.3 + 127.0.0.4 + 127.0.0.5 + 127.0.0.6 + 127.0.0.7 + 127.0.0.8 + 127.0.0.9 format: binary type: string required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + ip: + value: + _version: WzAsMV0= + '@timestamp': '2025-01-08T04:47:34.273Z' + created_at: '2025-01-08T04:47:34.273Z' + created_by: elastic + description: This list describes bad internet ip + id: ip_list + immutable: false + name: Simple list with an ip + tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 + type: ip + updated_at: '2025-01-08T04:47:34.273Z' + updated_by: elastic + version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + badRequest: + value: + message: Either type or list_id need to be defined in the query + status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -15949,29 +37951,46 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [POST /api/lists/items/_import?list_id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List with specified list_id does not exist response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Import list items + summary: Import value list items tags: - Security Lists API /api/lists/privileges: @@ -15980,7 +37999,75 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + privileges: + value: + is_authenticated: true + listItems: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + index: + .items-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + username: elastic + lists: + application: {} + cluster: + all: true + manage: true + manage_api_key: true + manage_index_templates: true + manage_ml: true + manage_own_api_key: true + manage_pipeline: true + manage_security: true + manage_transform: true + monitor: true + monitor_ml: true + monitor_transform: true + has_all_requested: true + index: + .lists-default: + all: true + create: true + create_doc: true + create_index: true + delete: true + delete_index: true + index: true + maintenance: true + manage: true + monitor: true + read: true + view_index_metadata: true + write: true + username: elastic schema: type: object properties: @@ -15997,7 +38084,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -16005,23 +38092,40 @@ paths: description: Invalid input data response '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + unauthorized: + value: + error: Unauthorized + message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' + statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + forbidden: + value: + error: Forbidden + message: API [GET /api/lists/privileges] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] + statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: + examples: + serverError: + value: + message: Internal Server Error + status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get list privileges + summary: Get value list privileges tags: - Security Lists API /api/ml/saved_objects/sync: @@ -16034,7 +38138,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: syncExample: $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' @@ -16043,7 +38147,7 @@ paths: description: Indicates a successful call '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' description: Authorization information is missing or invalid. @@ -16056,7 +38160,7 @@ paths: operationId: DeleteNote requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: oneOf: - nullable: true @@ -16080,13 +38184,6 @@ paths: required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object description: Indicates the note was successfully deleted. summary: Delete a note tags: @@ -16145,11 +38242,9 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' - - type: object + $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' description: Indicates the requested notes were returned. summary: Get notes tags: @@ -16159,7 +38254,7 @@ paths: operationId: PersistNoteRoute requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -16190,19 +38285,9 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - type: object - properties: - data: - type: object - properties: - persistNote: - $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' - required: - - persistNote - required: - - data + $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' description: Indicates the note was successfully created. summary: Add or update a note tags: @@ -16220,7 +38305,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16232,14 +38317,14 @@ paths: operationId: OsqueryCreateLiveQuery requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16264,7 +38349,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16294,7 +38379,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16314,7 +38399,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16326,14 +38411,14 @@ paths: operationId: OsqueryCreatePacks requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16353,7 +38438,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16372,7 +38457,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16393,14 +38478,14 @@ paths: $ref: '#/components/schemas/Security_Osquery_API_PackId' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16420,7 +38505,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16432,14 +38517,14 @@ paths: operationId: OsqueryCreateSavedQuery requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16459,7 +38544,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16478,7 +38563,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16499,14 +38584,14 @@ paths: $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Osquery_API_DefaultSuccessResponse' description: OK @@ -16519,7 +38604,7 @@ paths: operationId: PersistPinnedEventRoute requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -16538,19 +38623,9 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - type: object - properties: - data: - type: object - properties: - persistPinnedEventOnTimeline: - $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' - required: - - persistPinnedEventOnTimeline - required: - - data + $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' description: Indicates the event was successfully pinned to the Timeline. summary: Pin an event tags: @@ -16562,7 +38637,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -16571,42 +38646,93 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse' description: Unexpected error summary: Cleanup the Risk Engine tags: - Security Entity Analytics API + /api/risk_score/engine/saved_object/configure: + patch: + description: Configuring the Risk Engine Saved Object + operationId: ConfigureRiskEngineSavedObject + requestBody: + content: + application/json: + schema: + type: object + properties: + exclude_alert_statuses: + items: + type: string + type: array + exclude_alert_tags: + items: + type: string + type: array + range: + type: object + properties: + end: + type: string + start: + type: string + required: true + responses: + '200': + content: + application/json: + schema: + type: object + properties: + risk_engine_saved_object_configured: + type: boolean + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' + description: Task manager is unavailable + default: + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse' + description: Unexpected error + summary: Configure the Risk Engine Saved Object + tags: + - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. operationId: ScheduleRiskEngineNow requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: {} + application/json: {} responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse' description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse' description: Unexpected error @@ -16626,7 +38752,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -16635,13 +38761,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request @@ -16664,7 +38790,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -16673,14 +38799,14 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: | Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request @@ -16695,7 +38821,7 @@ paths: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -16704,13 +38830,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request @@ -16727,7 +38853,7 @@ paths: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -16736,14 +38862,14 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: | Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request @@ -16759,7 +38885,7 @@ paths: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: items: type: object @@ -16768,14 +38894,14 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: | Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request @@ -16796,7 +38922,7 @@ paths: - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: exportSavedObjectsRequest: $ref: '#/components/examples/Saved_objects_export_objects_request' @@ -16826,7 +38952,7 @@ paths: responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: + application/x-ndjson: examples: exportSavedObjectsResponse: $ref: '#/components/examples/Saved_objects_export_objects_response' @@ -16836,7 +38962,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request. @@ -16932,13 +39058,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request @@ -16976,7 +39102,7 @@ paths: type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: examples: importObjectsRequest: $ref: '#/components/examples/Saved_objects_import_objects_request' @@ -16990,7 +39116,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: importObjectsResponse: $ref: '#/components/examples/Saved_objects_import_objects_response' @@ -17023,7 +39149,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request. @@ -17065,7 +39191,7 @@ paths: type: boolean requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: examples: resolveImportErrorsRequest: $ref: '#/components/examples/Saved_objects_resolve_missing_reference_request' @@ -17118,7 +39244,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: resolveImportErrorsResponse: $ref: '#/components/examples/Saved_objects_resolve_missing_reference_response' @@ -17152,7 +39278,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request. @@ -17174,7 +39300,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17190,13 +39316,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a conflict error. @@ -17214,13 +39340,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request. @@ -17242,7 +39368,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17258,13 +39384,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a conflict error. @@ -17281,26 +39407,26 @@ paths: - $ref: '#/components/parameters/Saved_objects_saved_object_type' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates the object was not found. '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a conflict error. @@ -17319,13 +39445,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Saved_objects_400_response' description: Bad request. @@ -17338,7 +39464,7 @@ paths: operationId: PerformAnonymizationFieldsBulkAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17365,13 +39491,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17434,7 +39560,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17456,7 +39582,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17476,21 +39602,21 @@ paths: operationId: ChatComplete requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' required: true responses: '200': content: - application/octet-stream; Elastic-Api-Version=2023-10-31: + application/octet-stream: schema: format: binary type: string description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17510,20 +39636,20 @@ paths: operationId: CreateConversation requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCreateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17586,7 +39712,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17608,7 +39734,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17636,13 +39762,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17669,13 +39795,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17701,20 +39827,20 @@ paths: $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17741,7 +39867,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17762,7 +39888,7 @@ paths: description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17801,13 +39927,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17827,20 +39953,20 @@ paths: operationId: CreateKnowledgeBaseEntry requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryCreateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' description: Successful request returning Knowledge Base Entries '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -17853,7 +39979,7 @@ paths: operationId: PerformKnowledgeBaseEntryBulkAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17880,13 +40006,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryBulkCrudActionResponse' description: Successful bulk operation request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -17942,7 +40068,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17964,7 +40090,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -17992,13 +40118,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_DeleteResponseFields' description: Successful request returning the deleted Knowledge Base Entry's ID '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -18018,13 +40144,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' description: Successful request returning a Knowledge Base Entry '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -18043,20 +40169,20 @@ paths: $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryUpdateProps' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryResponse' description: Successful request returning the updated Knowledge Base Entry '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_KnowledgeBaseEntryErrorSchema' description: Generic Error @@ -18069,7 +40195,7 @@ paths: operationId: PerformPromptsBulkAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -18096,13 +40222,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse' description: Indicates a successful call. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -18165,7 +40291,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -18187,7 +40313,7 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -18215,7 +40341,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getRolesResponse1: $ref: '#/components/examples/get_roles_response1' @@ -18235,7 +40361,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18314,7 +40440,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getRoleResponse1: $ref: '#/components/examples/get_role_response1' @@ -18349,7 +40475,7 @@ paths: type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18549,7 +40675,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18749,7 +40875,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18801,7 +40927,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: copySavedObjectsResponseExample1: $ref: '#/components/examples/copy_saved_objects_response1' @@ -18827,7 +40953,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18874,7 +41000,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18912,7 +41038,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -18980,7 +41106,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: resolveCopySavedObjectsResponseExample1: $ref: '#/components/examples/copy_saved_objects_response1' @@ -19002,7 +41128,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19042,7 +41168,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateObjectSpacesResponseExample1: $ref: '#/components/examples/update_saved_objects_spaces_response1' @@ -19087,7 +41213,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getSpacesResponseExample1: $ref: '#/components/examples/get_spaces_response1' @@ -19108,7 +41234,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19199,7 +41325,7 @@ paths: '200': description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getSpaceResponseExample: $ref: '#/components/examples/get_space_response' @@ -19224,7 +41350,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: additionalProperties: false type: object @@ -19295,7 +41421,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' @@ -19304,7 +41430,7 @@ paths: description: Overall status is OK and Kibana should be functioning normally. '503': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: anyOf: - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' @@ -19320,7 +41446,7 @@ paths: operationId: DeleteTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19339,20 +41465,6 @@ paths: required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - data: - type: object - properties: - deleteTimeline: - type: boolean - required: - - deleteTimeline - required: - - data description: Indicates the Timeline was successfully deleted. summary: Delete Timelines or Timeline templates tags: @@ -19374,22 +41486,9 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - oneOf: - - type: object - properties: - data: - type: object - properties: - getOneTimeline: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' - required: - - getOneTimeline - required: - - data - - additionalProperties: false - type: object + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' description: Indicates that the (template) Timeline was found and returned. summary: Get Timeline or Timeline template details tags: @@ -19399,7 +41498,7 @@ paths: operationId: PatchTimeline requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19420,13 +41519,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '405': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19443,7 +41542,7 @@ paths: operationId: CreateTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19474,13 +41573,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates the Timeline was successfully created. '405': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19499,7 +41598,7 @@ paths: operationId: CopyTimeline requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19514,7 +41613,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the timeline has been successfully copied. @@ -19534,13 +41633,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully retrieved. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -19551,7 +41650,7 @@ paths: description: If a draft Timeline was not found and we attempted to create one, it indicates that the user does not have the required permissions to create a draft Timeline. '409': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -19571,7 +41670,7 @@ paths: operationId: CleanDraftTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19584,13 +41683,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_PersistTimelineResponse' description: Indicates that the draft Timeline was successfully created. In the event the user already has a draft Timeline, the existing draft Timeline is cleared and returned. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -19601,7 +41700,7 @@ paths: description: Indicates that the user does not have the required permissions to create a draft Timeline. '409': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -19626,7 +41725,7 @@ paths: type: string requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19640,14 +41739,14 @@ paths: responses: '200': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: description: NDJSON of the exported Timelines type: string description: Indicates the Timelines were successfully exported. '400': content: - application/ndjson; Elastic-Api-Version=2023-10-31: + application/ndjson: schema: type: object properties: @@ -19665,7 +41764,7 @@ paths: operationId: PersistFavoriteRoute requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19691,23 +41790,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - type: object - properties: - data: - type: object - properties: - persistFavorite: - $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' - required: - - persistFavorite - required: - - data + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' description: Indicates the favorite status was successfully updated. '403': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -19725,7 +41814,7 @@ paths: operationId: ImportTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19742,13 +41831,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the import of Timelines was successful. '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19761,7 +41850,7 @@ paths: description: Indicates the import of Timelines was unsuccessful because of an invalid file extension. '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19772,7 +41861,7 @@ paths: description: Indicates that we were unable to locate the saved object client necessary to handle the import. '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19792,7 +41881,7 @@ paths: operationId: InstallPrepackedTimelines requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19820,13 +41909,13 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Timeline_API_ImportTimelineResult' description: Indicates the installation of prepackaged Timelines was successful. '500': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -19855,17 +41944,9 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: - oneOf: - - type: object - properties: - data: - $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' - required: - - data - - additionalProperties: false - type: object + $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' description: The (template) Timeline has been found '400': description: The request is missing parameters @@ -19927,7 +42008,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -19953,7 +42034,7 @@ paths: description: Indicates that the (template) Timelines were found and returned. '400': content: - application:json; Elastic-Api-Version=2023-10-31: + application:json: schema: type: object properties: @@ -20024,31 +42105,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_find_slo_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -20064,38 +42145,38 @@ paths: - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_create_slo_request' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_create_slo_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '409': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_409_response' description: Conflict - The SLO id already exists @@ -20112,7 +42193,7 @@ paths: - $ref: '#/components/parameters/SLOs_space_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_delete_slo_instances_request' required: true @@ -20121,19 +42202,19 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response @@ -20154,25 +42235,25 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -20196,31 +42277,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_slo_with_summary_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -20237,38 +42318,38 @@ paths: - $ref: '#/components/parameters/SLOs_slo_id' requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_update_slo_request' required: true responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_slo_definition_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -20287,31 +42368,31 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_slo_definition_response' description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -20332,25 +42413,25 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -20371,25 +42452,25 @@ paths: description: Successful request '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_400_response' description: Bad request '401': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_401_response' description: Unauthorized response '403': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_403_response' description: Unauthorized response '404': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/SLOs_404_response' description: Not found response @@ -24736,13 +46817,6 @@ components: disabledFeatures: [] imageUrl: '' parameters: - Alerting_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string APM_UI_elastic_api_version: description: The version of the API to use in: header @@ -24848,14 +46922,6 @@ components: minItems: 1 type: string type: array - Cases_includeComments: - deprecated: true - description: Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. - in: query - name: includeComments - schema: - default: true - type: boolean Cases_kbn_xsrf: description: Cross-site request forgery protection in: header @@ -25096,89 +47162,6 @@ components: type: integer title: Unsuccessful rule API response type: object - Alerting_alert_response_properties: - title: Legacy alert response properties - type: object - properties: - actions: - items: - type: object - type: array - alertTypeId: - example: .index-threshold - type: string - apiKeyOwner: - example: elastic - nullable: true - type: string - createdAt: - description: The date and time that the alert was created. - example: '2022-12-05T23:36:58.284Z' - format: date-time - type: string - createdBy: - description: The identifier for the user that created the alert. - example: elastic - type: string - enabled: - description: Indicates whether the alert is currently enabled. - example: true - type: boolean - executionStatus: - type: object - properties: - lastExecutionDate: - example: '2022-12-06T00:13:43.890Z' - format: date-time - type: string - status: - example: ok - type: string - id: - description: The identifier for the alert. - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string - muteAll: - example: false - type: boolean - mutedInstanceIds: - items: - type: string - nullable: true - type: array - name: - description: The name of the alert. - example: my alert - type: string - notifyWhen: - example: onActionGroupChange - type: string - params: - additionalProperties: true - type: object - schedule: - type: object - properties: - interval: - type: string - scheduledTaskId: - example: b530fed0-74f5-11ed-9801-35303b735aef - type: string - tags: - items: - type: string - type: array - throttle: - nullable: true - type: string - updatedAt: - example: '2022-12-05T23:36:58.284Z' - type: string - updatedBy: - description: The identifier for the user that updated this alert most recently. - example: elastic - nullable: true - type: string Alerting_fieldmap_properties: title: Field map objects in the get rule types response type: object @@ -25694,23 +47677,6 @@ components: type: integer title: Unsuccessful cases API response type: object - Cases_action_types: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string Cases_actions: enum: - add @@ -27461,76 +49427,6 @@ components: - payload - type - version - Cases_user_actions_response_properties: - type: object - properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 - type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true - type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time - type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owner' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' - required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type Cases_user_comment_response_properties: title: Case response properties for user comments type: object @@ -34962,11 +56858,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' @@ -34987,13 +56886,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' @@ -35012,31 +56914,42 @@ components: - updated_at - updated_by Security_Endpoint_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: @@ -35054,13 +56967,16 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -35083,6 +56999,7 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -35090,6 +57007,7 @@ components: id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -35100,10 +57018,15 @@ components: - created_at - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -35245,22 +57168,40 @@ components: - excluded - included type: string + Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Endpoint_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: @@ -35268,24 +57209,31 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Endpoint_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Endpoint_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Endpoint_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -35296,6 +57244,7 @@ components: - endpoint_blocklists type: string Security_Endpoint_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: @@ -35312,8 +57261,18 @@ components: Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Value list's identifier. + example: 21b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Endpoint_Exceptions_API_ListType: + description: | + Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: + + - `keyword`: Many ECS fields are Elasticsearch keywords + - `ip`: IP addresses + - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -35367,17 +57326,6 @@ components: required: - status_code - message - Security_Endpoint_Management_API_ActionLogRequestQuery: - type: object - properties: - end_date: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - page_size: - $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' - start_date: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' Security_Endpoint_Management_API_ActionStateSuccessResponse: type: object properties: @@ -35590,22 +57538,7 @@ components: required: - parameters Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_HostPathScriptParameters: type: object properties: @@ -35624,22 +57557,7 @@ components: required: - hostPath Security_Endpoint_Management_API_IsolateRouteRequestBody: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -35724,17 +57642,33 @@ components: format: nonempty minLength: 1 type: string + Security_Endpoint_Management_API_NoParametersRequestSchema: + type: object + properties: + body: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + required: + - body Security_Endpoint_Management_API_Page: default: 1 description: Page number minimum: 1 type: integer - Security_Endpoint_Management_API_PageSize: - default: 10 - description: Number of items per page - maximum: 100 - minimum: 1 - type: integer Security_Endpoint_Management_API_Parameters: description: Optional parameters object type: object @@ -35882,22 +57816,7 @@ components: minLength: 1 type: array Security_Endpoint_Management_API_UnisolateRouteRequestBody: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -36093,6 +58012,27 @@ components: required: - cleanup_successful - errors + Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse: + type: object + properties: + errors: + items: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + type: array + risk_engine_saved_object_configured: + example: false + type: boolean + required: + - risk_engine_saved_object_configured + - errors Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' @@ -36631,11 +58571,14 @@ components: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -36656,13 +58599,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' @@ -36681,31 +58627,42 @@ components: - updated_at - updated_by Security_Exceptions_API_ExceptionListDescription: + description: Describes the exception list. + example: This list tracks allowlisted values. type: string Security_Exceptions_API_ExceptionListHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - description: Human readable string identifier, e.g. `trusted-linux-processes` + description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. + example: simple_list + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list's identifier. + example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItem: type: object properties: _version: + description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: + description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - format: date-time - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: @@ -36723,13 +58680,16 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. type: string required: - id @@ -36752,6 +58712,7 @@ components: comment: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: + description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -36759,6 +58720,7 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: + description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -36769,10 +58731,15 @@ components: - created_at - created_by Security_Exceptions_API_ExceptionListItemCommentArray: + description: | + Array of comment fields: + + - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array Security_Exceptions_API_ExceptionListItemDescription: + description: Describes the exception list. type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -36914,22 +58881,40 @@ components: - excluded - included type: string + Security_Exceptions_API_ExceptionListItemExpireTime: + description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. + format: date-time + type: string Security_Exceptions_API_ExceptionListItemHumanId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + example: simple_list_item + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception's identifier. + example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Exceptions_API_ExceptionListItemName: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Exception list name. + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array Security_Exceptions_API_ExceptionListItemTags: items: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: String array containing words and phrases to help categorize exception items. + format: nonempty + minLength: 1 + type: string type: array Security_Exceptions_API_ExceptionListItemType: enum: @@ -36937,16 +58922,21 @@ components: type: string Security_Exceptions_API_ExceptionListMeta: additionalProperties: true + description: Placeholder for metadata about the list container. type: object Security_Exceptions_API_ExceptionListName: + description: The name of the exception list. + example: My exception list type: string Security_Exceptions_API_ExceptionListOsType: + description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Exceptions_API_ExceptionListOsTypeArray: + description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array @@ -36976,10 +58966,12 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: + description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Exceptions_API_ExceptionListType: + description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -36990,6 +58982,7 @@ components: - endpoint_blocklists type: string Security_Exceptions_API_ExceptionListVersion: + description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: @@ -37006,10 +58999,21 @@ components: Security_Exceptions_API_FindExceptionListItemsFilter: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_FindExceptionListsFilter: + example: exception-list.attributes.name:%Detection%20List type: string Security_Exceptions_API_ListId: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Value list's identifier. + example: 21b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Exceptions_API_ListType: + description: | + Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: + + - `keyword`: Many ECS fields are Elasticsearch keywords + - `ip`: IP addresses + - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -37083,30 +59087,44 @@ components: format: uuid type: string Security_Lists_API_FindListItemsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Returns the items that come after the last item returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all items are sorted and returned correctly. + example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d + format: nonempty + minLength: 1 + type: string Security_Lists_API_FindListItemsFilter: + example: value:127.0.0.1 type: string Security_Lists_API_FindListsCursor: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d + format: nonempty + minLength: 1 + type: string Security_Lists_API_FindListsFilter: + example: value:127.0.0.1 type: string Security_Lists_API_List: type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' '@timestamp': + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_at: + description: Autogenerated date of object creation. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_by: + description: Autogenerated value - user that created object. + example: elastic type: string description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' id: $ref: '#/components/schemas/Security_Lists_API_ListId' immutable: @@ -37116,19 +59134,24 @@ components: name: $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. + example: f5508188-b1e9-4e6e-9662-d039a7d89899 type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: + description: Autogenerated date of last object update. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. + example: elastic type: string version: - minimum: 1 - type: integer + $ref: '#/components/schemas/Security_Lists_API_ListVersion' required: - id - type @@ -37142,24 +59165,45 @@ components: - updated_at - updated_by Security_Lists_API_ListDescription: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Describes the value list. + format: nonempty + minLength: 1 + type: string + Security_Lists_API_ListDeserializer: + description: | + Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions: + + - `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`. + - `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + - `{{{gte}}},{{{lte}}}` - Date range values. + example: '{{value}}' + type: string Security_Lists_API_ListId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Value list's identifier. + example: 21b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListItem: type: object properties: _version: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListVersionId' '@timestamp': + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_at: + description: Autogenerated date of object creation. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_by: + description: Autogenerated value - user that created object. + example: elastic type: string deserializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: @@ -37167,15 +59211,21 @@ components: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' serializer: - type: string + $ref: '#/components/schemas/Security_Lists_API_ListSerializer' tie_breaker_id: + description: Field used in search to ensure all containers are sorted and returned correctly. + example: f5508188-b1e9-4e6e-9662-d039a7d89899 type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: + description: Autogenerated date of last object update. + example: '2025-01-08T04:47:34.273Z' format: date-time type: string updated_by: + description: Autogenerated value - user that last updated object. + example: elastic type: string value: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' @@ -37190,9 +59240,14 @@ components: - updated_at - updated_by Security_Lists_API_ListItemId: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Value list item's identifier. + example: 54b01cfb-058d-44b9-838c-282be16c91cd + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListItemMetadata: additionalProperties: true + description: Placeholder for metadata about the value list item. type: object Security_Lists_API_ListItemPrivileges: type: object @@ -37222,12 +59277,20 @@ components: - index - application Security_Lists_API_ListItemValue: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: The value used to evaluate exceptions. + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListMetadata: additionalProperties: true + description: Placeholder for metadata about the value list. type: object Security_Lists_API_ListName: - $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + description: Value list's name. + example: List of bad IPs + format: nonempty + minLength: 1 + type: string Security_Lists_API_ListPrivileges: type: object properties: @@ -37255,7 +59318,21 @@ components: - cluster - index - application + Security_Lists_API_ListSerializer: + description: | + Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups: + + - `(?.+)` - Single value item types, such as ip, long, date, keyword, and text. + - `(?.+)-(?.+)|(?.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. + example: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) + type: string Security_Lists_API_ListType: + description: | + Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: + + - `keyword`: Many ECS fields are Elasticsearch keywords + - `ip`: IP addresses + - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -37281,10 +59358,15 @@ components: - short - text type: string - Security_Lists_API_NonEmptyString: - description: A string that does not contain only whitespace characters - format: nonempty - minLength: 1 + Security_Lists_API_ListVersion: + description: The document version number. + example: 1 + minimum: 1 + type: integer + Security_Lists_API_ListVersionId: + description: | + The version id, normally returned by the API when the document is retrieved. Use it ensure updates are done against the latest version. + example: WzIsMV0= type: string Security_Lists_API_PlatformErrorResponse: type: object @@ -37782,16 +59864,10 @@ components: Security_Timeline_API_FavoriteTimelineResponse: type: object properties: - code: - nullable: true - type: number favorite: items: $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' type: array - message: - nullable: true - type: string savedObjectId: type: string templateTimelineId: @@ -37960,28 +60036,15 @@ components: - version Security_Timeline_API_PersistPinnedEventResponse: oneOf: - - allOf: - - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody' - - nullable: true - type: object - Security_Timeline_API_PersistTimelineResponse: - type: object - properties: - data: - type: object + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + - type: object properties: - persistTimeline: - type: object - properties: - timeline: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' - required: - - timeline + unpinned: + type: boolean required: - - persistTimeline - required: - - data + - unpinned + Security_Timeline_API_PersistTimelineResponse: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' Security_Timeline_API_PinnedEvent: allOf: - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' @@ -37994,15 +60057,6 @@ components: required: - pinnedEventId - version - Security_Timeline_API_PinnedEventBaseResponseBody: - type: object - properties: - code: - type: number - message: - type: string - required: - - code Security_Timeline_API_QueryMatchResult: type: object properties: @@ -38043,15 +60097,9 @@ components: Security_Timeline_API_ResponseNote: type: object properties: - code: - type: number - message: - type: string note: $ref: '#/components/schemas/Security_Timeline_API_Note' required: - - code - - message - note Security_Timeline_API_RowRendererId: enum: @@ -42358,4 +64406,4 @@ x-topics: If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier. - To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/8.x/xpack-spaces.html). + To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html). diff --git a/oas_docs/overlays/alerting.overlays.yaml b/oas_docs/overlays/alerting.overlays.yaml index 240ac36cf5674..71baea1637bf2 100644 --- a/oas_docs/overlays/alerting.overlays.yaml +++ b/oas_docs/overlays/alerting.overlays.yaml @@ -7,10 +7,10 @@ actions: # Add some alerting API examples - target: "$.paths['/api/alerting/rule/{id}']['post']" description: "Add examples to create rule API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: createEsQueryEsqlRuleRequest: $ref: "../examples/create_es_query_esql_rule_request.yaml" @@ -25,7 +25,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createEsQueryEsqlRuleResponse: $ref: "../examples/create_es_query_esql_rule_response.yaml" @@ -39,17 +39,17 @@ actions: $ref: "../examples/create_tracking_containment_rule_response.yaml" - target: "$.paths['/api/alerting/rule/{id}']['put']" description: "Add examples to update rule API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: updateRuleRequest: $ref: '../examples/update_rule_request.yaml' responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: updateRuleResponse: $ref: '../examples/update_rule_response.yaml' @@ -59,7 +59,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: findRulesResponse: $ref: '../examples/find_rules_response.yaml' @@ -77,10 +77,10 @@ actions: # Add some alerting rule parameters - target: "$.paths['/api/alerting/rule/{id}']['post']" description: "Add params to create rule API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: schema: properties: params: @@ -147,4 +147,3 @@ actions: # Threshold rule (siem.thresholdRule) # TLS certificate rule (xpack.uptime.alerts.tlsCertificate) # Transform health (transform_health) - \ No newline at end of file diff --git a/oas_docs/overlays/connectors.overlays.yaml b/oas_docs/overlays/connectors.overlays.yaml index 892422e577778..5622973106152 100644 --- a/oas_docs/overlays/connectors.overlays.yaml +++ b/oas_docs/overlays/connectors.overlays.yaml @@ -12,10 +12,10 @@ actions: # Add some connector API examples - target: "$.paths['/api/actions/connector/{id}']['post']" description: "Add examples to create connector API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: createEmailConnectorRequest: $ref: "../examples/create_email_connector_request.yaml" @@ -28,7 +28,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: createEmailConnectorResponse: $ref: "../examples/create_email_connector_response.yaml" @@ -40,10 +40,10 @@ actions: $ref: "../examples/get_connector_response.yaml" - target: "$.paths['/api/actions/connector/{id}/_execute']['post']" description: "Add examples to run connector API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: runIndexConnectorRequest: $ref: "../examples/run_index_connector_request.yaml" @@ -58,7 +58,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: runIndexConnectorResponse: $ref: "../examples/run_index_connector_response.yaml" @@ -78,7 +78,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorResponse: $ref: '../examples/get_connector_response.yaml' @@ -89,7 +89,7 @@ actions: 200: description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorTypesServerlessResponse: $ref: '../examples/get_connector_types_generativeai_response.yaml' @@ -100,16 +100,16 @@ actions: 200: description: Indicates a successful call. content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getConnectorsResponse: $ref: '../examples/get_connectors_response.yaml' - target: "$.paths['/api/actions/connector/{id}']['put']" description: "Add examples to update connector API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: updateIndexConnectorRequest: $ref: '../examples/update_index_connector_request.yaml' @@ -129,10 +129,10 @@ actions: # Add some connector configuration schemas - target: "$.paths['/api/actions/connector/{id}']['post']" description: "Add config and secrets to create connector API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: schema: properties: config: @@ -246,10 +246,10 @@ actions: - $ref: '../../x-pack/platform/plugins/shared/actions/docs/openapi/components/schemas/xmatters_secrets.yaml' - target: "$.paths['/api/actions/connector/{id}']['put']" description: "Add config and secrets to update connector API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: schema: properties: config: @@ -365,13 +365,13 @@ actions: - target: "$.paths['/api/actions/connector/{id}/_execute']['post'].requestBody.content.*.schema.properties.params" description: "Remove params in run connector API" remove: true - # Add some run connector params + # Add some run connector params - target: "$.paths['/api/actions/connector/{id}/_execute']['post']" description: "Add examples to run connector API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: schema: properties: params: diff --git a/oas_docs/overlays/kibana.overlays.shared.yaml b/oas_docs/overlays/kibana.overlays.shared.yaml index 5f16b6dfa6719..7b688c6a2e8a0 100644 --- a/oas_docs/overlays/kibana.overlays.shared.yaml +++ b/oas_docs/overlays/kibana.overlays.shared.yaml @@ -7,39 +7,39 @@ actions: # Add some spaces API examples - target: "$.paths['/api/spaces/space']['post']" description: "Add example to create space API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: createSpaceRequest: $ref: "../examples/create_space_request.yaml" - target: "$.paths['/api/spaces/space/{id}']['put']" description: "Add example to update space API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: updateSpaceRequest: $ref: "../examples/update_space_request.yaml" - target: "$.paths['/api/spaces/space/{id}']['get']" description: "Add example to get space API" - update: + update: responses: - 200: - content: - application/json; Elastic-Api-Version=2023-10-31: + 200: + content: + application/json: examples: getSpaceResponseExample: $ref: "../examples/get_space_response.yaml" - target: "$.paths['/api/spaces/space']['get']" description: "Add example to get all spaces API" - update: + update: responses: - 200: - content: - application/json; Elastic-Api-Version=2023-10-31: + 200: + content: + application/json: examples: getSpacesResponseExample1: $ref: "../examples/get_spaces_response1.yaml" diff --git a/oas_docs/overlays/kibana.overlays.yaml b/oas_docs/overlays/kibana.overlays.yaml index a2c0dddfe0023..30333dc50e21e 100644 --- a/oas_docs/overlays/kibana.overlays.yaml +++ b/oas_docs/overlays/kibana.overlays.yaml @@ -41,7 +41,7 @@ actions: update: description: > Alerting enables you to define rules, which detect complex conditions within your data. - When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. + When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations. externalDocs: description: Alerting documentation @@ -109,19 +109,19 @@ actions: # Examples that are not applicable to serverless - target: "$.paths['/api/spaces/_copy_saved_objects']['post']" description: "Add example to copy saved objects to space API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: copySavedObjectsRequestExample1: $ref: "../examples/copy_saved_objects_request1.yaml" copySavedObjectsRequestExample2: $ref: "../examples/copy_saved_objects_request2.yaml" responses: - 200: - content: - application/json; Elastic-Api-Version=2023-10-31: + 200: + content: + application/json: examples: copySavedObjectsResponseExample1: $ref: "../examples/copy_saved_objects_response1.yaml" @@ -133,19 +133,19 @@ actions: $ref: "../examples/copy_saved_objects_response4.yaml" - target: "$.paths['/api/spaces/_resolve_copy_saved_objects_errors']['post']" description: "Add example to resolve copy saved objects to space conflicts API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: resolveCopySavedObjectsRequestExample1: $ref: "../examples/resolve_copy_saved_objects_request1.yaml" resolveCopySavedObjectsRequestExample2: $ref: "../examples/resolve_copy_saved_objects_request2.yaml" responses: - 200: - content: - application/json; Elastic-Api-Version=2023-10-31: + 200: + content: + application/json: examples: resolveCopySavedObjectsResponseExample1: $ref: "../examples/copy_saved_objects_response1.yaml" @@ -153,35 +153,35 @@ actions: $ref: "../examples/copy_saved_objects_response2.yaml" - target: "$.paths['/api/spaces/_disable_legacy_url_aliases']['post']" description: "Add example to disable legacy URL aliases API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: disableLegacyURLRequestExample1: $ref: "../examples/disable_legacy_url_request1.yaml" - target: "$.paths['/api/spaces/_update_objects_spaces']['post']" description: "Add example to update saved object spaces API" - update: - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + update: + requestBody: + content: + application/json: examples: updateObjectSpacesRequestExample1: $ref: "../examples/update_saved_objects_spaces_request1.yaml" responses: - 200: - content: - application/json; Elastic-Api-Version=2023-10-31: + 200: + content: + application/json: examples: updateObjectSpacesResponseExample1: $ref: "../examples/update_saved_objects_spaces_response1.yaml" - target: "$.paths['/api/security/role/{name}']['put']" description: "Add examples to create role API" - update: + update: requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + content: + application/json: examples: createRoleRequest1: $ref: "../examples/create_role_request1.yaml" @@ -197,7 +197,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getRoleResponse1: $ref: '../examples/get_role_response1.yaml' @@ -207,7 +207,7 @@ actions: responses: 200: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: examples: getRolesResponse1: $ref: '../examples/get_roles_response1.yaml' diff --git a/packages/kbn-openapi-bundler/src/bundler/merge_documents/merge_documents.ts b/packages/kbn-openapi-bundler/src/bundler/merge_documents/merge_documents.ts index de2e5d7f874b6..ea9831125a7b9 100644 --- a/packages/kbn-openapi-bundler/src/bundler/merge_documents/merge_documents.ts +++ b/packages/kbn-openapi-bundler/src/bundler/merge_documents/merge_documents.ts @@ -17,7 +17,6 @@ import { mergeSecurityRequirements } from './merge_security_requirements'; import { mergeTags } from './merge_tags'; import { getOasVersion } from '../../utils/get_oas_version'; import { getOasDocumentVersion } from '../../utils/get_oas_document_version'; -import { enrichWithVersionMimeParam } from './enrich_with_version_mime_param'; import { MergeOptions } from './merge_options'; interface MergeDocumentsOptions extends MergeOptions { @@ -34,10 +33,6 @@ export async function mergeDocuments( : new Map([['', resolvedDocuments]]); const mergedByVersion = new Map(); - if (!options.splitDocumentsByVersion) { - enrichWithVersionMimeParam(resolvedDocuments); - } - for (const [apiVersion, documentsGroup] of documentsByVersion.entries()) { validateSameOasVersion(documentsGroup); diff --git a/packages/kbn-openapi-bundler/tests/merger/merge_multiple_specs.test.ts b/packages/kbn-openapi-bundler/tests/merger/merge_multiple_specs.test.ts index 5417a90a059e8..d2217c207ba0b 100644 --- a/packages/kbn-openapi-bundler/tests/merger/merge_multiple_specs.test.ts +++ b/packages/kbn-openapi-bundler/tests/merger/merge_multiple_specs.test.ts @@ -70,7 +70,9 @@ describe('OpenAPI Merger - merge paths', () => { }); }); - it('merges different versions of the same endpoint', async () => { + // We do not expect to merge different versions of the same endpoint for the foreseeable future. This might change + // so keeping this test around for now. + it.skip('merges different versions of the same endpoint', async () => { const spec1 = createOASDocument({ info: { version: '2023-10-31', diff --git a/packages/kbn-openapi-bundler/tests/merger/merging_specs_with_conflicting_components.test.ts b/packages/kbn-openapi-bundler/tests/merger/merging_specs_with_conflicting_components.test.ts index 99b0278532ff6..f321a582676bb 100644 --- a/packages/kbn-openapi-bundler/tests/merger/merging_specs_with_conflicting_components.test.ts +++ b/packages/kbn-openapi-bundler/tests/merger/merging_specs_with_conflicting_components.test.ts @@ -86,7 +86,7 @@ describe('OpenAPI Merger - merging specs with conflicting components', () => { expect(mergedSpec.paths['/api/some_api']?.get?.responses['200']).toMatchObject({ content: { - 'application/json; Elastic-Api-Version=2023-10-31': { + 'application/json': { schema: { $ref: '#/components/schemas/Spec1_SomeSchema', }, @@ -95,7 +95,7 @@ describe('OpenAPI Merger - merging specs with conflicting components', () => { }); expect(mergedSpec.paths['/api/some_api']?.post?.responses['200']).toMatchObject({ content: { - 'application/json; Elastic-Api-Version=2023-10-31': { + 'application/json': { schema: { $ref: '#/components/schemas/Spec2_SomeSchema', }, @@ -457,7 +457,7 @@ describe('OpenAPI Merger - merging specs with conflicting components', () => { expect(mergedSpec.paths['/api/some_api']?.post?.requestBody).toMatchObject({ content: { - 'application/json; Elastic-Api-Version=2023-10-31': { + 'application/json': { encoding: { something: { headers: { @@ -779,7 +779,7 @@ describe('OpenAPI Merger - merging specs with conflicting components', () => { expect(mergedSpec.paths['/api/some_api']?.get?.responses['200']).toMatchObject({ content: { - 'application/json; Elastic-Api-Version=2023-10-31': { + 'application/json': { schema: expect.objectContaining({ discriminator: expect.objectContaining({ mapping: { From 5846d916630f1f70412506c2dfb5d41086860944 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 12 Feb 2025 14:06:03 +0000 Subject: [PATCH 2/3] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.yaml | 27050 ++++------------------------------ 1 file changed, 2501 insertions(+), 24549 deletions(-) diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index e355846c365c6..73481125d7081 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -30,10 +30,8 @@ info: ## Documentation source and versions - This documentation is derived from the `main` branch of the [kibana](https://github.com/elastic/kibana) repository. + This documentation is derived from the `8.x` branch of the [kibana](https://github.com/elastic/kibana) repository. It is provided under license [Attribution-NonCommercial-NoDerivatives 4.0 International](https://creativecommons.org/licenses/by-nc-nd/4.0/). - - This documentation contains work-in-progress information for future Elastic Stack releases. title: Kibana APIs version: 1.0.2 x-doc-license: @@ -56,7 +54,7 @@ tags: Alerting enables you to define rules, which detect complex conditions within your data. When a condition is met, the rule tracks it as an alert and runs the actions that are defined in the rule. Actions typically involve the use of connectors to interact with Kibana services or third party integrations. externalDocs: description: Alerting documentation - url: https://www.elastic.co/guide/en/kibana/master/alerting-getting-started.html + url: https://www.elastic.co/guide/en/kibana/8.x/alerting-getting-started.html x-displayName: Alerting - description: | Adjust APM agent configuration without need to redeploy your application. @@ -76,35 +74,19 @@ tags: name: cases externalDocs: description: Cases documentation - url: https://www.elastic.co/guide/en/kibana/master/cases.html + url: https://www.elastic.co/guide/en/kibana/8.x/cases.html x-displayName: Cases - name: connectors description: | Connectors provide a central place to store connection information for services and integrations with Elastic or third party systems. Alerting rules can use connectors to run actions when rule conditions are met. externalDocs: description: Connector documentation - url: https://www.elastic.co/guide/en/kibana/current/action-types.html + url: https://www.elastic.co/guide/en/kibana/8.x/action-types.html x-displayName: Connectors - name: Dashboards - - name: Data streams - description: Data view APIs enable you to manage data views, formerly known as Kibana index patterns. name: data views x-displayName: Data views - - name: Elastic Agent actions - - name: Elastic Agent binary download sources - - name: Elastic Agent policies - - name: Elastic Agent status - - name: Elastic Agents - - name: Elastic Package Manager (EPM) - - name: Fleet enrollment API keys - - name: Fleet internals - - name: Fleet outputs - - name: Fleet package policies - - name: Fleet proxies - - name: Fleet Server hosts - - name: Fleet service tokens - - name: Fleet uninstall tokens - - name: Message Signing Service - description: Machine learning name: ml x-displayName: Machine learning @@ -113,7 +95,7 @@ tags: description: Manage the roles that grant Elasticsearch and Kibana privileges. externalDocs: description: Kibana role management - url: https://www.elastic.co/guide/en/kibana/master/kibana-role-management.html + url: https://www.elastic.co/guide/en/kibana/8.x/kibana-role-management.html - description: | Export sets of saved objects that you want to import into Kibana, resolve import errors, and rotate an encryption key for encrypted saved objects with the saved objects APIs. @@ -223,13 +205,331 @@ tags: x-displayName: Spaces description: Manage your Kibana spaces. externalDocs: - url: https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html + url: https://www.elastic.co/guide/en/kibana/8.x/xpack-spaces.html description: Space overview - name: system x-displayName: System description: | Get information about the system status, resource usage, and installed plugins. paths: + /api/actions: + get: + deprecated: true + operationId: get-actions + parameters: [] + responses: {} + summary: Get all connectors + tags: + - connectors + /api/actions/action: + post: + deprecated: true + operationId: post-actions-action + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + actionTypeId: + description: The connector type identifier. + type: string + config: + additionalProperties: {} + default: {} + type: object + name: + description: The display name for the connector. + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + - actionTypeId + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Create a connector + tags: + - connectors + /api/actions/action/{id}: + delete: + deprecated: true + description: 'WARNING: When you delete a connector, it cannot be recovered.' + operationId: delete-actions-action-id + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '204': + description: Indicates a successful call. + summary: Delete a connector + tags: + - connectors + get: + deprecated: true + operationId: get-actions-action-id + parameters: + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Get connector information + tags: + - connectors + put: + deprecated: true + operationId: put-actions-action-id + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + default: {} + type: object + name: + type: string + secrets: + additionalProperties: {} + default: {} + type: object + required: + - name + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Update a connector + tags: + - connectors + /api/actions/action/{id}/_execute: + post: + deprecated: true + operationId: post-actions-action-id-execute + parameters: + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - description: An identifier for the connector. + in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + params: + additionalProperties: {} + type: object + required: + - params + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + properties: + config: + additionalProperties: {} + type: object + connector_type_id: + description: The connector type identifier. + type: string + id: + description: The identifier for the connector. + type: string + is_deprecated: + description: Indicates whether the connector is deprecated. + type: boolean + is_missing_secrets: + description: Indicates whether the connector is missing secrets. + type: boolean + is_preconfigured: + description: 'Indicates whether the connector is preconfigured. If true, the `config` and `is_missing_secrets` properties are omitted from the response. ' + type: boolean + is_system_action: + description: Indicates whether the connector is used for system actions. + type: boolean + name: + description: ' The name of the rule.' + type: string + required: + - id + - name + - connector_type_id + - is_preconfigured + - is_deprecated + - is_system_action + description: Indicates a successful call. + summary: Run a connector + tags: + - connectors /api/actions/connector_types: get: description: You do not need any Kibana feature privileges to run this API. @@ -736,6 +1036,15 @@ paths: summary: Get all connectors tags: - connectors + /api/actions/list_action_types: + get: + deprecated: true + operationId: get-actions-list-action-types + parameters: [] + responses: {} + summary: Get connector types + tags: + - connectors /api/alerting/_health: get: description: | @@ -4577,431 +4886,728 @@ paths: summary: Get information about rules tags: - alerting - /api/apm/agent_keys: - post: - description: Create a new agent key for APM. - operationId: createAgentKey + /api/alerts/alert/{alertId}: + delete: + deprecated: true + description: | + Deprecated in 7.13.0. Use the delete rule API instead. WARNING: After you delete an alert, you cannot recover it. + operationId: legaryDeleteAlert parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_agent_keys_object' - required: true + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_agent_keys_response' - description: Agent key created successfully - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Delete an alert + tags: + - alerting + get: + deprecated: true + description: Deprecated in 7.13.0. Use the get rule API instead. + operationId: legacyGetAlert + parameters: + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string + responses: + '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '500': + $ref: '#/components/schemas/Alerting_alert_response_properties' + description: Indicates a successful call. + '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - summary: Create an APM agent key + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get an alert by identifier tags: - - APM agent keys - /api/apm/fleet/apm_server_schema: + - alerting post: - operationId: saveApmServerSchema + deprecated: true + description: Deprecated in 7.13.0. Use the create rule API instead. + operationId: legacyCreateAlert parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: An UUID v1 or v4 identifier for the alert. If this parameter is omitted, the identifier is randomly generated. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string requestBody: content: application/json: schema: + title: Legacy create alert request properties type: object properties: - schema: - additionalProperties: true - description: Schema object - example: - foo: bar + actions: + items: + type: object + properties: + actionTypeId: + description: The identifier for the action type. + type: string + group: + description: | + Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`. + type: string + id: + description: The ID of the action saved object. + type: string + params: + description: | + The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context. + type: object + required: + - actionTypeId + - group + - id + - params + type: array + alertTypeId: + description: The ID of the alert type that you want to call when the alert is scheduled to run. + type: string + consumer: + description: The name of the application that owns the alert. This name has to match the Kibana feature name, as that dictates the required role-based access control privileges. + type: string + enabled: + description: Indicates if you want to run the alert on an interval basis after it is created. + type: boolean + name: + description: A name to reference and search. + type: string + notifyWhen: + description: The condition for throttling the notification. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + params: + description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined. + type: object + schedule: + description: | + The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule. type: object + properties: + interval: + description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run. + example: 10s + type: string + tags: + description: A list of keywords to reference and search. + items: + type: string + type: array + throttle: + description: | + How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period. + type: string + required: + - alertTypeId + - consumer + - name + - notifyWhen + - params + - schedule required: true responses: '200': content: application/json: schema: - additionalProperties: false - type: object - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + $ref: '#/components/schemas/Alerting_alert_response_properties' + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '404': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Save APM server schema + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Create an alert tags: - - APM server schema - /api/apm/services/{serviceName}/annotation: - post: - description: Create a new annotation for a specific service. - operationId: createAnnotation + - alerting + put: + deprecated: true + description: Deprecated in 7.13.0. Use the update rule API instead. + operationId: legacyUpdateAlert parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - - description: The name of the service + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. in: path - name: serviceName + name: alertId required: true schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 type: string requestBody: content: application/json: schema: - $ref: '#/components/schemas/APM_UI_create_annotation_object' + title: Legacy update alert request properties + type: object + properties: + actions: + items: + type: object + properties: + actionTypeId: + description: The identifier for the action type. + type: string + group: + description: | + Grouping actions is recommended for escalations for different types of alert instances. If you don't need this functionality, set it to `default`. + type: string + id: + description: The ID of the action saved object. + type: string + params: + description: | + The map to the `params` that the action type will receive. `params` are handled as Mustache templates and passed a default set of context. + type: object + required: + - actionTypeId + - group + - id + - params + type: array + name: + description: A name to reference and search. + type: string + notifyWhen: + description: The condition for throttling the notification. + enum: + - onActionGroupChange + - onActiveAlert + - onThrottleInterval + type: string + params: + description: The parameters to pass to the alert type executor `params` value. This will also validate against the alert type params validator, if defined. + type: object + schedule: + description: | + The schedule specifying when this alert should be run. A schedule is structured such that the key specifies the format you wish to use and its value specifies the schedule. + type: object + properties: + interval: + description: The interval format specifies the interval in seconds, minutes, hours or days at which the alert should run. + example: 1d + type: string + tags: + description: A list of keywords to reference and search. + items: + type: string + type: array + throttle: + description: | + How often this alert should fire the same actions. This will prevent the alert from sending out the same notification over and over. For example, if an alert with a schedule of 1 minute stays in a triggered state for 90 minutes, setting a throttle of `10m` or `1h` will prevent it from sending 90 notifications during this period. + type: string + required: + - name + - notifyWhen + - params + - schedule required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_create_annotation_response' - description: Annotation created successfully - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + $ref: '#/components/schemas/Alerting_alert_response_properties' + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '404': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Create a service annotation + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Update an alert tags: - - APM annotations - /api/apm/services/{serviceName}/annotation/search: - get: - description: Search for annotations related to a specific service. - operationId: getAnnotation + - alerting + /api/alerts/alert/{alertId}/_disable: + post: + deprecated: true + description: Deprecated in 7.13.0. Use the disable rule API instead. + operationId: legacyDisableAlert parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: The name of the service + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. in: path - name: serviceName + name: alertId required: true schema: - type: string - - description: The environment to filter annotations by - in: query - name: environment - required: false - schema: - type: string - - description: The start date for the search - in: query - name: start - required: false - schema: - type: string - - description: The end date for the search - in: query - name: end - required: false - schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 type: string responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_annotation_search_response' - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '500': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - summary: Search for annotations + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Disable an alert tags: - - APM annotations - /api/apm/settings/agent-configuration: - delete: - operationId: deleteAgentConfiguration + - alerting + /api/alerts/alert/{alertId}/_enable: + post: + deprecated: true + description: Deprecated in 7.13.0. Use the enable rule API instead. + operationId: legacyEnableAlert parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_service_object' - required: true + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '404': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Delete agent configuration + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Enable an alert tags: - - APM agent configuration - get: - operationId: getAgentConfigurations + - alerting + /api/alerts/alert/{alertId}/_mute_all: + post: + deprecated: true + description: Deprecated in 7.13.0. Use the mute all alerts API instead. + operationId: legacyMuteAllAlertInstances parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_agent_configurations_response' - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get a list of agent configurations + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Mute all alert instances tags: - - APM agent configuration - put: - operationId: createUpdateAgentConfiguration + - alerting + /api/alerts/alert/{alertId}/_unmute_all: + post: + deprecated: true + description: Deprecated in 7.13.0. Use the unmute all alerts API instead. + operationId: legacyUnmuteAllAlertInstances parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - - description: If the config exists ?overwrite=true is required - in: query - name: overwrite + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: The identifier for the alert. + in: path + name: alertId + required: true schema: - type: boolean - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_agent_configuration_intake_object' - required: true + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '403': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_403_response' - description: Forbidden response - '404': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Create or update agent configuration + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Unmute all alert instances tags: - - APM agent configuration - /api/apm/settings/agent-configuration/agent_name: - get: - description: Retrieve `agentName` for a service. - operationId: getAgentNameForService + - alerting + /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_mute: + post: + deprecated: true + description: Deprecated in 7.13.0. Use the mute alert API instead. + operationId: legacyMuteAlertInstance parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: The name of the service - example: node - in: query - name: serviceName + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string + - description: An identifier for the alert instance. + in: path + name: alertInstanceId required: true schema: + example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 type: string responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_service_agent_name_response' - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get agent name for service + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Mute an alert instance tags: - - APM agent configuration - /api/apm/settings/agent-configuration/environments: - get: - operationId: getEnvironmentsForService + - alerting + /api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute: + post: + deprecated: true + description: Deprecated in 7.13.0. Use the unmute alert API instead. + operationId: legacyUnmuteAlertInstance parameters: - - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: The name of the service - in: query - name: serviceName + - $ref: '#/components/parameters/Alerting_kbn_xsrf' + - description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 41893910-6bca-11eb-9e0d-85d233e3ee35 + type: string + - description: An identifier for the alert instance. + in: path + name: alertInstanceId + required: true schema: + example: dceeb5d0-6b41-11eb-802b-85b0c1bc8ba2 type: string responses: - '200': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_service_environments_response' - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_400_response' - description: Bad Request response + '204': + description: Indicates a successful call. '401': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_401_response' - description: Unauthorized response - '404': + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Unmute an alert instance + tags: + - alerting + /api/alerts/alerts/_find: + get: + deprecated: true + description: | + Deprecated in 7.13.0. Use the find rules API instead. NOTE: Alert `params` are stored as a flattened field type and analyzed as keywords. As alerts change in Kibana, the results on each page of the response also change. Use the find API for traditional paginated results, but avoid using it to export large amounts of data. + operationId: legacyFindAlerts + parameters: + - description: The default operator to use for the `simple_query_string`. + example: OR + in: query + name: default_search_operator + schema: + default: OR + type: string + - description: The fields to return in the `attributes` key of the response. + in: query + name: fields + schema: + items: + type: string + type: array + - description: | + A KQL string that you filter with an attribute from your saved object. It should look like `savedObjectType.attributes.title: "myTitle"`. However, if you used a direct attribute of a saved object, such as `updatedAt`, you must define your filter, for example, `savedObjectType.updatedAt > 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: Filters the rules that have a relation with the reference objects with a specific type and identifier. + in: query + name: has_reference + schema: + type: object + properties: + id: + type: string + type: + type: string + - description: The page number to return. + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: The number of alerts to return per page. + example: 20 + in: query + name: per_page + schema: + default: 20 + type: integer + - description: An Elasticsearch `simple_query_string` query that filters the alerts in the response. + in: query + name: search + schema: + type: string + - description: The fields to perform the `simple_query_string` parsed query against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - items: + type: string + type: array + - description: | + Determines which field is used to sort the results. The field must exist in the `attributes` key of the response. + in: query + name: sort_field + schema: + type: string + - description: Determines the sort order. + example: asc + in: query + name: sort_order + schema: + default: desc + enum: + - asc + - desc + type: string + responses: + '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_404_response' - description: Not found response - summary: Get environments for service + type: object + properties: + data: + items: + $ref: '#/components/schemas/Alerting_alert_response_properties' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: Indicates a successful call. + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get a paginated set of alerts tags: - - APM agent configuration - /api/apm/settings/agent-configuration/search: + - alerting + /api/alerts/alerts/_health: + get: + deprecated: true + description: Deprecated in 7.13.0. Use the get alerting framework health API instead. + operationId: legacyGetAlertingHealth + responses: + '200': + content: + application/json: + schema: + type: object + properties: + alertingFrameworkHealth: + description: | + Three substates identify the health of the alerting framework: `decryptionHealth`, `executionHealth`, and `readHealth`. + type: object + properties: + decryptionHealth: + description: The timestamp and status of the alert decryption. + type: object + properties: + status: + enum: + - error + - ok + - warn + example: ok + type: string + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time + type: string + executionHealth: + description: The timestamp and status of the alert execution. + type: object + properties: + status: + enum: + - error + - ok + - warn + example: ok + type: string + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time + type: string + readHealth: + description: The timestamp and status of the alert reading events. + type: object + properties: + status: + enum: + - error + - ok + - warn + example: ok + type: string + timestamp: + example: '2023-01-13T01:28:00.280Z' + format: date-time + type: string + hasPermanentEncryptionKey: + description: If `false`, the encrypted saved object plugin does not have a permanent encryption key. + example: true + type: boolean + isSufficientlySecure: + description: If `false`, security is enabled but TLS is not. + example: true + type: boolean + description: Indicates a successful call. + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get the alerting framework health + tags: + - alerting + /api/alerts/alerts/list_alert_types: + get: + deprecated: true + description: Deprecated in 7.13.0. Use the get rule types API instead. + operationId: legacyGetAlertTypes + responses: + '200': + content: + application/json: + schema: + items: + type: object + properties: + actionGroups: + description: | + An explicit list of groups for which the alert type can schedule actions, each with the action group's unique ID and human readable name. Alert actions validation uses this configuration to ensure that groups are valid. + items: + type: object + properties: + id: + type: string + name: + type: string + type: array + actionVariables: + description: | + A list of action variables that the alert type makes available via context and state in action parameter templates, and a short human readable description. The Alert UI will use this information to prompt users for these variables in action parameter editors. + type: object + properties: + context: + items: + type: object + properties: + description: + type: string + name: + type: string + type: array + params: + items: + type: object + properties: + description: + type: string + name: + type: string + type: array + state: + items: + type: object + properties: + description: + type: string + name: + type: string + type: array + authorizedConsumers: + description: The list of the plugins IDs that have access to the alert type. + type: object + defaultActionGroupId: + description: The default identifier for the alert type group. + type: string + enabledInLicense: + description: Indicates whether the rule type is enabled based on the subscription. + type: boolean + id: + description: The unique identifier for the alert type. + type: string + isExportable: + description: Indicates whether the alert type is exportable in Saved Objects Management UI. + type: boolean + minimumLicenseRequired: + description: The subscriptions required to use the alert type. + type: string + name: + description: The descriptive name of the alert type. + type: string + producer: + description: An identifier for the application that produces this alert type. + type: string + recoveryActionGroup: + description: | + An action group to use when an alert instance goes from an active state to an inactive one. If it is not specified, the default recovered action group is used. + type: object + properties: + id: + type: string + name: + type: string + type: array + description: Indicates a successful call. + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Alerting_401_response' + description: Authorization information is missing or invalid. + summary: Get the alert types + tags: + - alerting + /api/apm/agent_keys: post: - description: | - This endpoint allows to search for single agent configuration and update 'applied_by_agent' field. - operationId: searchSingleConfiguration + description: Create a new agent key for APM. + operationId: createAgentKey parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - $ref: '#/components/parameters/APM_UI_kbn_xsrf' @@ -5009,14 +5615,68 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/APM_UI_search_agent_configuration_object' + $ref: '#/components/schemas/APM_UI_agent_keys_object' required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' + $ref: '#/components/schemas/APM_UI_agent_keys_response' + description: Agent key created successfully + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + summary: Create an APM agent key + tags: + - APM agent keys + /api/apm/fleet/apm_server_schema: + post: + operationId: saveApmServerSchema + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + requestBody: + content: + application/json: + schema: + type: object + properties: + schema: + additionalProperties: true + description: Schema object + example: + foo: bar + type: object + required: true + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object description: Successful response '400': content: @@ -5030,39 +5690,47 @@ paths: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response '404': content: application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response - summary: Lookup single agent configuration + summary: Save APM server schema tags: - - APM agent configuration - /api/apm/settings/agent-configuration/view: - get: - operationId: getSingleAgentConfiguration + - APM server schema + /api/apm/services/{serviceName}/annotation: + post: + description: Create a new annotation for a specific service. + operationId: createAnnotation parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: Service name - example: node - in: query - name: name - schema: - type: string - - description: Service environment - example: prod - in: query - name: environment + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + - description: The name of the service + in: path + name: serviceName + required: true schema: type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_create_annotation_object' + required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' - description: Successful response + $ref: '#/components/schemas/APM_UI_create_annotation_response' + description: Annotation created successfully '400': content: application/json: @@ -5075,37 +5743,57 @@ paths: schema: $ref: '#/components/schemas/APM_UI_401_response' description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response '404': content: application/json: schema: $ref: '#/components/schemas/APM_UI_404_response' description: Not found response - summary: Get single agent configuration + summary: Create a service annotation tags: - - APM agent configuration - /api/apm/sourcemaps: + - APM annotations + /api/apm/services/{serviceName}/annotation/search: get: - description: Returns an array of Fleet artifacts, including source map uploads. - operationId: getSourceMaps + description: Search for annotations related to a specific service. + operationId: getAnnotation parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - - description: Page number + - description: The name of the service + in: path + name: serviceName + required: true + schema: + type: string + - description: The environment to filter annotations by in: query - name: page + name: environment + required: false schema: - type: number - - description: Number of records per page + type: string + - description: The start date for the search in: query - name: perPage + name: start + required: false schema: - type: number + type: string + - description: The end date for the search + in: query + name: end + required: false + schema: + type: string responses: '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_source_maps_response' + $ref: '#/components/schemas/APM_UI_annotation_search_response' description: Successful response '400': content: @@ -5125,33 +5813,27 @@ paths: schema: $ref: '#/components/schemas/APM_UI_500_response' description: Internal Server Error response - '501': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_501_response' - description: Not Implemented response - summary: Get source maps + summary: Search for annotations tags: - - APM sourcemaps - post: - description: Upload a source map for a specific service and version. - operationId: uploadSourceMap + - APM annotations + /api/apm/settings/agent-configuration: + delete: + operationId: deleteAgentConfiguration parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - $ref: '#/components/parameters/APM_UI_kbn_xsrf' requestBody: content: - multipart/form-data: + application/json: schema: - $ref: '#/components/schemas/APM_UI_upload_source_map_object' + $ref: '#/components/schemas/APM_UI_service_object' required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_upload_source_maps_response' + $ref: '#/components/schemas/APM_UI_delete_agent_configurations_response' description: Successful response '400': content: @@ -5171,34 +5853,63 @@ paths: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response - '500': + '404': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - '501': + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Delete agent configuration + tags: + - APM agent configuration + get: + operationId: getAgentConfigurations + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + responses: + '200': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_501_response' - description: Not Implemented response - summary: Upload source map + $ref: '#/components/schemas/APM_UI_agent_configurations_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get a list of agent configurations tags: - - APM sourcemaps - /api/apm/sourcemaps/{id}: - delete: - description: Delete a previously uploaded source map. - operationId: deleteSourceMap + - APM agent configuration + put: + operationId: createUpdateAgentConfiguration parameters: - $ref: '#/components/parameters/APM_UI_elastic_api_version' - $ref: '#/components/parameters/APM_UI_kbn_xsrf' - - description: Source map identifier - in: path - name: id - required: true + - description: If the config exists ?overwrite=true is required + in: query + name: overwrite schema: - type: string + type: boolean + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_agent_configuration_intake_object' + required: true responses: '200': content: @@ -5225,35 +5936,351 @@ paths: schema: $ref: '#/components/schemas/APM_UI_403_response' description: Forbidden response - '500': - content: - application/json: - schema: - $ref: '#/components/schemas/APM_UI_500_response' - description: Internal Server Error response - '501': + '404': content: application/json: schema: - $ref: '#/components/schemas/APM_UI_501_response' - description: Not Implemented response - summary: Delete source map + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Create or update agent configuration tags: - - APM sourcemaps - /api/asset_criticality: - delete: - description: Delete the asset criticality record for a specific entity. - operationId: DeleteAssetCriticalityRecord + - APM agent configuration + /api/apm/settings/agent-configuration/agent_name: + get: + description: Retrieve `agentName` for a service. + operationId: getAgentNameForService parameters: - - description: The ID value of the asset. - example: my_host + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: The name of the service + example: node in: query - name: id_value + name: serviceName required: true schema: type: string - - description: The field representing the ID. - example: host.name + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_service_agent_name_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get agent name for service + tags: + - APM agent configuration + /api/apm/settings/agent-configuration/environments: + get: + operationId: getEnvironmentsForService + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: The name of the service + in: query + name: serviceName + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_service_environments_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get environments for service + tags: + - APM agent configuration + /api/apm/settings/agent-configuration/search: + post: + description: | + This endpoint allows to search for single agent configuration and update 'applied_by_agent' field. + operationId: searchSingleConfiguration + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_search_agent_configuration_object' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_search_agent_configuration_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Lookup single agent configuration + tags: + - APM agent configuration + /api/apm/settings/agent-configuration/view: + get: + operationId: getSingleAgentConfiguration + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: Service name + example: node + in: query + name: name + schema: + type: string + - description: Service environment + example: prod + in: query + name: environment + schema: + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_single_agent_configuration_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_404_response' + description: Not found response + summary: Get single agent configuration + tags: + - APM agent configuration + /api/apm/sourcemaps: + get: + description: Returns an array of Fleet artifacts, including source map uploads. + operationId: getSourceMaps + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - description: Page number + in: query + name: page + schema: + type: number + - description: Number of records per page + in: query + name: perPage + schema: + type: number + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_source_maps_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + '501': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_501_response' + description: Not Implemented response + summary: Get source maps + tags: + - APM sourcemaps + post: + description: Upload a source map for a specific service and version. + operationId: uploadSourceMap + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + requestBody: + content: + multipart/form-data: + schema: + $ref: '#/components/schemas/APM_UI_upload_source_map_object' + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_upload_source_maps_response' + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + '501': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_501_response' + description: Not Implemented response + summary: Upload source map + tags: + - APM sourcemaps + /api/apm/sourcemaps/{id}: + delete: + description: Delete a previously uploaded source map. + operationId: deleteSourceMap + parameters: + - $ref: '#/components/parameters/APM_UI_elastic_api_version' + - $ref: '#/components/parameters/APM_UI_kbn_xsrf' + - description: Source map identifier + in: path + name: id + required: true + schema: + type: string + responses: + '200': + content: + application/json: + schema: + additionalProperties: false + type: object + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_400_response' + description: Bad Request response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_401_response' + description: Unauthorized response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_403_response' + description: Forbidden response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_500_response' + description: Internal Server Error response + '501': + content: + application/json: + schema: + $ref: '#/components/schemas/APM_UI_501_response' + description: Not Implemented response + summary: Delete source map + tags: + - APM sourcemaps + /api/asset_criticality: + delete: + description: Delete the asset criticality record for a specific entity. + operationId: DeleteAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + example: my_host + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name in: query name: id_field required: true @@ -5671,6 +6698,7 @@ paths: operationId: getCaseDefaultSpace parameters: - $ref: '#/components/parameters/Cases_case_id' + - $ref: '#/components/parameters/Cases_includeComments' responses: '200': content: @@ -5741,6 +6769,29 @@ paths: summary: Delete all case comments and alerts tags: - cases + get: + deprecated: true + description: | + Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; instead, use the get case comment API, which requires a comment identifier in the path. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases with the comments you're seeking. + operationId: getAllCaseCommentsDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_case_response_properties' + description: Indicates a successful call. + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get all case comments + tags: + - cases patch: description: | You must have `all` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're updating. NOTE: You cannot change the comment type or the owner of a comment. @@ -5955,6 +7006,32 @@ paths: summary: Attach a file to a case tags: - cases + /api/cases/{caseId}/user_actions: + get: + deprecated: true + description: | + Returns all user activity for a case. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find user actions API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the case you're seeking. + operationId: getCaseActivityDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_case_id' + responses: + '200': + content: + application/json: + schema: + items: + $ref: '#/components/schemas/Cases_user_actions_response_properties' + type: array + description: Indicates a successful call. + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case activity + tags: + - cases /api/cases/{caseId}/user_actions/_find: get: description: | @@ -6635,6 +7712,37 @@ paths: summary: Get case creators tags: - cases + /api/cases/status: + get: + deprecated: true + description: | + Returns the number of cases that are open, closed, and in progress. Deprecated in 8.1.0. This API is deprecated and will be removed in a future release; use the find cases API instead. You must have `read` privileges for the **Cases** feature in the **Management**, **Observability**, or **Security** section of the Kibana feature privileges, depending on the owner of the cases you're seeking. + operationId: getCaseStatusDefaultSpace + parameters: + - $ref: '#/components/parameters/Cases_owner_filter' + responses: + '200': + content: + application/json: + schema: + type: object + properties: + count_closed_cases: + type: integer + count_in_progress_cases: + type: integer + count_open_cases: + type: integer + description: Indicates a successful call. + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Cases_4xx_response' + description: Authorization information is missing or invalid. + summary: Get case status summary + tags: + - cases /api/cases/tags: get: description: | @@ -10186,9 +11294,6 @@ paths: operationId: CreateRuleExceptionListItems parameters: - description: Detection rule's identifier - examples: - id: - value: 330bdd28-eedf-40e1-bed0-f10176c7f9e0 in: path name: id required: true @@ -10198,28 +11303,6 @@ paths: content: application/json: schema: - example: - items: - - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - type: simple type: object properties: items: @@ -10228,43 +11311,12 @@ paths: type: array required: - items - description: Rule exception items. + description: Rule exception list items required: true responses: '200': content: application/json: - examples: - ruleExceptionItems: - value: - - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic schema: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' @@ -10273,17 +11325,6 @@ paths: '400': content: application/json: - examples: - badPayload: - value: - error: Bad Request - message: Invalid request payload JSON format - statusCode: 400 - badRequest: - value: - error: Bad Request - message: '[request params]: id: Invalid uuid' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -10292,38 +11333,22 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - message: Unable to create exception-list - status_code: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response - summary: Create rule exception items + summary: Create rule exception list items tags: - Security Exceptions API /api/detection_engine/rules/prepackaged: @@ -11457,6 +12482,32 @@ paths: summary: Get response actions tags: - Security Endpoint Management API + /api/endpoint/action_log/{agent_id}: + get: + deprecated: true + description: Get an action request log for the specified agent ID. + operationId: EndpointGetActionLog + parameters: + - in: path + name: agent_id + required: true + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + - in: query + name: query + required: true + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery' + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + description: OK + summary: Get an action request log + tags: + - Security Endpoint Management API /api/endpoint/action_status: get: description: Get the status of response actions for the specified agent IDs. @@ -11764,6 +12815,53 @@ paths: summary: Upload a file tags: - Security Endpoint Management API + /api/endpoint/isolate: + post: + deprecated: true + description: | + Isolate an endpoint from the network. + > info + > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/isolate`. + operationId: EndpointIsolateRedirect + requestBody: + content: + application/json: + schema: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + description: OK + '308': + description: Permanent Redirect + headers: + Location: + description: Permanently redirects to "/api/endpoint/action/isolate" + schema: + example: /api/endpoint/action/isolate + type: string + summary: Isolate an endpoint + tags: + - Security Endpoint Management API /api/endpoint/metadata: get: operationId: GetEndpointMetadataList @@ -11802,6 +12900,20 @@ paths: summary: Get metadata tags: - Security Endpoint Management API + /api/endpoint/metadata/transforms: + get: + deprecated: true + operationId: GetEndpointMetadataTransform + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + description: OK + summary: Get metadata transforms + tags: + - Security Endpoint Management API /api/endpoint/policy_response: get: operationId: GetPolicyResponse @@ -11824,6 +12936,32 @@ paths: summary: Get a policy response tags: - Security Endpoint Management API + /api/endpoint/policy/summaries: + get: + deprecated: true + operationId: GetAgentPolicySummary + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + package_name: + type: string + policy_id: + nullable: true + type: string + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + description: OK + summary: Get an agent policy summary + tags: + - Security Endpoint Management API /api/endpoint/protection_updates_note/{package_policy_id}: get: operationId: GetProtectionUpdatesNote @@ -11870,6 +13008,90 @@ paths: summary: Create or update a protection updates note tags: - Security Endpoint Management API + /api/endpoint/suggestions/{suggestion_type}: + post: + deprecated: true + operationId: GetEndpointSuggestions + parameters: + - in: path + name: suggestion_type + required: true + schema: + enum: + - eventFilters + type: string + requestBody: + content: + application/json: + schema: + type: object + properties: + field: + type: string + fieldMeta: {} + filters: {} + query: + type: string + required: + - parameters + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + description: OK + summary: Get suggestions + tags: + - Security Endpoint Management API + /api/endpoint/unisolate: + post: + deprecated: true + description: | + Release an isolated endpoint, allowing it to rejoin a network. + > info + > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/unisolate`. + operationId: EndpointUnisolateRedirect + requestBody: + content: + application/json: + schema: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + required: true + responses: + '200': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + description: OK + '308': + description: Permanent Redirect + headers: + Location: + description: Permanently redirects to "/api/endpoint/action/unisolate" + schema: + example: /api/endpoint/action/unisolate + type: string + summary: Release an isolated endpoint + tags: + - Security Endpoint Management API /api/entity_store/enable: post: operationId: InitEntityStore @@ -12283,29 +13505,19 @@ paths: description: Delete an exception list using the `id` or `list_id` field. operationId: DeleteExceptionList parameters: - - description: Exception list's identifier. Either `id` or `list_id` must be specified. + - description: Either `id` or `list_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. - examples: - autogeneratedId: - value: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - list_id: - value: simple_list + - description: Either `id` or `list_id` must be specified in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query + - in: query name: namespace_type required: false schema: @@ -12315,39 +13527,12 @@ paths: '200': content: application/json: - examples: - detectionExceptionList: - value: - _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' - created_by: elastic - description: This is a sample detection type exception list. - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - immutable: false - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - type: detection - updated_at: '2025-01-07T19:34:27.942Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12356,46 +13541,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [DELETE /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'exception list list_id: "foo" does not exist' - status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12406,24 +13569,19 @@ paths: description: Get the details of an exception list using the `id` or `list_id` field. operationId: ReadExceptionList parameters: - - description: Exception list's identifier. Either `id` or `list_id` must be specified. + - description: Either `id` or `list_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Human readable exception list string identifier, e.g. `trusted-linux-processes`. Either `id` or `list_id` must be specified. + - description: Either `id` or `list_id` must be specified in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query + - in: query name: namespace_type required: false schema: @@ -12433,39 +13591,12 @@ paths: '200': content: application/json: - examples: - detectionType: - value: - _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' - created_by: elastic - description: This is a sample detection type exception list. - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - immutable: false - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - type: detection - updated_at: '2025-01-07T19:34:27.942Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12474,46 +13605,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/exception_lists?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12522,7 +13631,7 @@ paths: - Security Exceptions API post: description: | - An exception list groups exception items and can be associated with detection rules. You can assign exception lists to multiple detection rules. + An exception list groups exception items and can be associated with detection rules. You can assign detection rules with multiple exception lists. > info > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. operationId: CreateExceptionList @@ -12530,16 +13639,6 @@ paths: content: application/json: schema: - example: - description: This is a sample detection type exception list. - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - type: detection type: object properties: description: @@ -12573,98 +13672,12 @@ paths: '200': content: application/json: - examples: - autogeneratedListId: - value: - _version: WzMsMV0= - created_at: '2025-01-09T01:05:23.019Z' - created_by: elastic - description: This is a sample detection type exception with an autogenerated list_id. - id: 28243c2f-624a-4443-823d-c0b894880931 - immutable: false - list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 - name: Sample Detection Exception List - namespace_type: single - os_types: [] - tags: - - malware - tie_breaker_id: ad94de31-39f7-4ad7-b8e4-988bfa95f338 - type: detection - updated_at: '2025-01-09T01:05:23.020Z' - updated_by: elastic - version: 1 - namespaceAgnostic: - value: - _version: WzUsMV0= - created_at: '2025-01-09T01:10:36.369Z' - created_by: elastic - description: This is a sample agnostic endpoint type exception. - id: 1a744e77-22ca-4b6b-9085-54f55275ebe5 - immutable: false - list_id: b935eb55-7b21-4c1c-b235-faa1df23b3d6 - name: Sample Agnostic Endpoint Exception List - namespace_type: agnostic - os_types: - - linux - tags: - - malware - tie_breaker_id: 49ea0adc-a2b8-4d83-a8f3-2fb98301dea3 - type: endpoint - updated_at: '2025-01-09T01:10:36.369Z' - updated_by: elastic - version: 1 - typeDetection: - value: - _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' - created_by: elastic - description: This is a sample detection type exception list. - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - immutable: false - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - type: detection - updated_at: '2025-01-07T19:34:27.942Z' - updated_by: elastic - version: 1 - typeEndpoint: - value: - _version: WzQsMV0= - created_at: '2025-01-09T01:07:49.658Z' - created_by: elastic - description: This is a sample endpoint type exception list. - id: a79f4730-6e32-4278-abfc-349c0add7d54 - immutable: false - list_id: endpoint_list - name: Sample Endpoint Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 94a028af-8f47-427a-aca5-ffaf829e64ee - type: endpoint - updated_at: '2025-01-09T01:07:49.658Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: list_id: Expected string, received number' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12673,46 +13686,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json: - examples: - alreadyExists: - value: - message: 'exception list id: "simple_list" already exists' - status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list already exists response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12726,19 +13717,9 @@ paths: content: application/json: schema: - example: - description: Different description - list_id: simple_list - name: Updated exception list name - os_types: - - linux - tags: - - draft malware - type: detection type: object properties: _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -12772,38 +13753,12 @@ paths: '200': content: application/json: - examples: - simpleList: - value: - _version: WzExLDFd - created_at: '2025-01-07T20:43:55.264Z' - created_by: elastic - description: Different description - id: fa7f545f-191b-4d32-b1f0-c7cd62a79e55 - immutable: false - list_id: simple_list - name: Updated exception list name - namespace_type: single - os_types: [] - tags: - - draft malware - tie_breaker_id: 319fe983-acdd-4806-b6c4-3098eae9392f - type: detection - updated_at: '2025-01-07T21:32:03.726Z' - updated_by: elastic - version: 2 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: list_id: Expected string, received number' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12812,46 +13767,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [PUT /api/exception_lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12863,22 +13796,18 @@ paths: description: Duplicate an existing exception list. operationId: DuplicateExceptionList parameters: - - in: query + - description: Exception list's human identifier + in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query + - in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the duplicated list. Expiration date defined by `expire_time`. + - description: Determines whether to include expired exceptions in the exported list in: query name: include_expired_exceptions required: true @@ -12887,44 +13816,17 @@ paths: enum: - 'true' - 'false' - example: true type: string responses: '200': content: application/json: - examples: - detectionExceptionList: - value: - _version: WzExNDY1LDFd - created_at: '2025-01-09T16:19:50.280Z' - created_by: elastic - description: This is a sample detection type exception - id: b2f4a715-6ab1-444c-8b1e-3fa1b1049429 - immutable: false - list_id: d6390d60-bce3-4a48-9002-52db600f329c - name: Sample Detection Exception List [Duplicate] - namespace_type: single - os_types: [] - tags: - - malware - tie_breaker_id: 6fa670bd-666d-4c9c-9f1e-d1dbc516e985 - type: detection - updated_at: '2025-01-09T16:19:50.280Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type: Invalid enum value. Expected ''agnostic'' | ''single'', received ''foo''' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -12933,38 +13835,15 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/exception_lists/_duplicate] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response - '404': - content: - application/json: - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Exception list not found '405': content: application/json: @@ -12974,11 +13853,6 @@ paths: '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -12990,28 +13864,24 @@ paths: description: Export an exception list and its associated items to an NDJSON file. operationId: ExportExceptionList parameters: - - in: query + - description: Exception list's identifier + in: query name: id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - in: query + - description: Exception list's human identifier + in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query + - in: query name: namespace_type required: true schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - - description: Determines whether to include expired exceptions in the exported list. Expiration date defined by `expire_time`. - example: true + - description: Determines whether to include expired exceptions in the exported list in: query name: include_expired_exceptions required: true @@ -13025,12 +13895,6 @@ paths: '200': content: application/ndjson: - examples: - exportSavedObjectsResponse: - value: | - {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} - {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} - {"exported_exception_list_count":1,"exported_exception_list_item_count":1,"missing_exception_list_item_count":0,"missing_exception_list_items":[],"missing_exception_lists":[],"missing_exception_lists_count":0} schema: description: A `.ndjson` file containing specified exception list and its items format: binary @@ -13039,12 +13903,6 @@ paths: '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: list_id: Required, namespace_type: Required' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13053,46 +13911,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/exception_lists/_export] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13101,7 +13937,7 @@ paths: - Security Exceptions API /api/exception_lists/_find: get: - description: Get a list of all exception list containers. + description: Get a list of all exception lists. operationId: FindExceptionLists parameters: - description: | @@ -13119,11 +13955,6 @@ paths: - description: | Determines whether the returned containers are Kibana associated with a Kibana space or available in all spaces (`agnostic` or `single`) - examples: - agnostic: - value: agnostic - single: - value: single in: query name: namespace_type required: false @@ -13138,7 +13969,6 @@ paths: name: page required: false schema: - example: 1 minimum: 1 type: integer - description: The number of exception lists to return per page @@ -13146,17 +13976,15 @@ paths: name: per_page required: false schema: - example: 20 minimum: 1 type: integer - - description: Determines which field is used to sort the results. + - description: Determines which field is used to sort the results in: query name: sort_field required: false schema: - example: name type: string - - description: Determines the sort order, which can be `desc` or `asc`. + - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order required: false @@ -13164,36 +13992,11 @@ paths: enum: - desc - asc - example: desc type: string responses: '200': content: application/json: - examples: - simpleLists: - value: - data: - - _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' - created_by: elastic - description: This is a sample detection type exception list. - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - immutable: false - list_id: simple_list - name: Detection Exception List - namespace_type: single - os_types: [] - tags: - - malware - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - type: detection - updated_at: '2025-01-07T19:34:27.942Z' - updated_by: elastic - version: 1 - page: 1 - per_page: 20 - total: 1 schema: type: object properties: @@ -13219,12 +14022,6 @@ paths: '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13233,35 +14030,18 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/exception_lists/_find?namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13281,7 +14061,18 @@ paths: required: false schema: default: false - example: false + type: boolean + - in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_action_connectors + required: false + schema: + default: false type: boolean - description: | Determines whether the list being imported will have a new `list_id` generated. @@ -13292,7 +14083,6 @@ paths: required: false schema: default: false - example: false type: boolean requestBody: content: @@ -13302,9 +14092,6 @@ paths: properties: file: description: A `.ndjson` file containing the exception list - example: | - {"_version":"WzExNDU5LDFd","created_at":"2025-01-09T16:18:17.757Z","created_by":"elastic","description":"This is a sample detection type exception","id":"c86c2da0-2ab6-4343-b81c-216ef27e8d75","immutable":false,"list_id":"simple_list","name":"Sample Detection Exception List","namespace_type":"single","os_types":[],"tags":["user added string for a tag","malware"],"tie_breaker_id":"cf4a7b92-732d-47f0-a0d5-49a35a1736bf","type":"detection","updated_at":"2025-01-09T16:18:17.757Z","updated_by":"elastic","version":1} - {"_version":"WzExNDYxLDFd","comments":[],"created_at":"2025-01-09T16:18:42.308Z","created_by":"elastic","description":"This is a sample endpoint type exception","entries":[{"type":"exists","field":"actingProcess.file.signer","operator":"excluded"},{"type":"match_any","field":"host.name","value":["some host","another host"],"operator":"included"}],"id":"f37597ce-eaa7-4b64-9100-4301118f6806","item_id":"simple_list_item","list_id":"simple_list","name":"Sample Endpoint Exception List","namespace_type":"single","os_types":["linux"],"tags":["user added string for a tag","malware"],"tie_breaker_id":"4ca3ef3e-9721-42c0-8107-cf47e094d40f","type":"simple","updated_at":"2025-01-09T16:18:42.308Z","updated_by":"elastic"} format: binary type: string required: true @@ -13312,34 +14099,6 @@ paths: '200': content: application/json: - examples: - withErrors: - value: - errors: - - error: - message: 'Error found importing exception list: Invalid value \"4\" supplied to \"list_id\"' - status_code: 400 - list_id: (unknown list_id) - - error: - message: 'Found that item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" already exists. Import of item_id: \"f7fd00bb-dba8-4c93-9d59-6cbd427b6330\" skipped.' - status_code: 409 - item_id: f7fd00bb-dba8-4c93-9d59-6cbd427b6330 - list_id: 7d7cccb8-db72-4667-b1f3-648efad7c1ee - success: false, - success_count: 0, - success_count_exception_list_items: 0 - success_count_exception_lists: 0, - success_exception_list_items: false, - success_exception_lists: false, - withoutErrors: - value: - errors: [] - success: true - success_count: 2 - success_count_exception_list_items: 1 - success_count_exception_lists: 1 - success_exception_list_items: true - success_exception_lists: true, schema: type: object properties: @@ -13380,35 +14139,18 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/exception_lists/_import] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13420,24 +14162,19 @@ paths: description: Delete an exception list item using the `id` or `item_id` field. operationId: DeleteExceptionListItem parameters: - - description: Exception item's identifier. Either `id` or `item_id` must be specified + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified + - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query + - in: query name: namespace_type required: false schema: @@ -13447,37 +14184,6 @@ paths: '200': content: application/json: - examples: - simpleExceptionItem: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response @@ -13485,10 +14191,6 @@ paths: content: application/json: schema: - example: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' @@ -13496,46 +14198,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [DELETE /api/exception_lists/items?item_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'exception list item item_id: \"foo\" does not exist' - status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13546,24 +14226,19 @@ paths: description: Get the details of an exception list item using the `id` or `item_id` field. operationId: ReadExceptionListItem parameters: - - description: Exception list item's identifier. Either `id` or `item_id` must be specified. + - description: Either `id` or `item_id` must be specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' - - description: Human readable exception item string identifier, e.g. `trusted-linux-processes`. Either `id` or `item_id` must be specified. + - description: Either `id` or `item_id` must be specified in: query name: item_id required: false schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query + - in: query name: namespace_type required: false schema: @@ -13573,49 +14248,12 @@ paths: '200': content: application/json: - examples: - simpleListItem: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13624,46 +14262,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/exception_lists/items?item_id=&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'exception list item item_id: \"foo\" does not exist' - status_code: 404 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13680,27 +14296,6 @@ paths: content: application/json: schema: - example: - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - type: simple type: object properties: comments: @@ -13711,7 +14306,8 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' + format: date-time + type: string item_id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId' list_id: @@ -13743,200 +14339,12 @@ paths: '200': content: application/json: - examples: - autogeneratedItemId: - value: - _version: WzYsMV0= - comments: [] - created_at: '2025-01-09T01:16:23.322Z' - created_by: elastic - description: This is a sample exception that has no item_id so it is autogenerated. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - id: 323faa75-c657-4fa0-9084-8827612c207b - item_id: 80e6edf7-4b13-4414-858f-2fa74aa52b37 - list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 - name: Sample Autogenerated Exception List Item ID - namespace_type: single - os_types: [] - tags: - - malware - tie_breaker_id: d6799986-3a23-4213-bc6d-ed9463a32f23 - type: simple - updated_at: '2025-01-09T01:16:23.322Z' - updated_by: elastic - detectionExceptionListItem: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic - withExistEntry: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic - withMatchAnyEntry: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: host.name - operator: included - type: match_any - value: - - saturn - - jupiter - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic - withMatchEntry: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - field: actingProcess.file.signer - operator: included - type: match - value: Elastic N.V. - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic - withNestedEntry: - value: - _version: WzQsMV0= - comments: [] - created_at: '2025-01-07T20:07:33.119Z' - created_by: elastic - description: This is a sample detection type exception item. - entries: - - entries: - - field: signer - operator: included - type: match - value: Evil - - field: trusted - operator: included - type: match - value: true - field: file.signature - type: nested - id: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 09434836-9db9-4942-a234-5a9268e0b34c - type: simple - updated_at: '2025-01-07T20:07:33.119Z' - updated_by: elastic - withValueListEntry: - value: - _version: WzcsMV0= - comments: [] - created_at: '2025-01-09T01:31:12.614Z' - created_by: elastic - description: Don't signal when agent.name is rock01 and source.ip is in the goodguys.txt list - entries: - - field: source.ip - list: - id: goodguys.txt - type: ip - operator: excluded - type: list - id: deb26876-297d-4677-8a1f-35467d2f1c4f - item_id: 686b129e-9b8d-4c59-8d8d-c93a9ea82c71 - list_id: 8c1aae4c-1ef5-4bce-a2e3-16584b501783 - name: Filter out good guys ip and agent.name rock01 - namespace_type: single - os_types: [] - tags: - - malware - tie_breaker_id: 5e0288ce-6657-4c18-9dcc-00ec9e8cc6c8 - type: simple - updated_at: '2025-01-09T01:31:12.614Z' - updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request, - message: '[request body]: list_id: Expected string, received number' - statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -13945,46 +14353,24 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json: - examples: - alreadyExists: - value: - message: 'exception list item id: \"simple_list_item\" already exists' - status_code: 409 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Exception list item already exists response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' description: Internal server error response @@ -13997,24 +14383,10 @@ paths: requestBody: content: application/json: - example: - comments: [] - description: Updated description - entries: - - field: host.name - operator: included - type: match - value: rock01 - item_id: simple_list_item - name: Updated name - namespace_type: single - tags: [] - type: simple schema: type: object properties: _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray' @@ -14024,7 +14396,8 @@ paths: entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' + format: date-time + type: string id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' description: Either `id` or `item_id` must be specified @@ -14058,376 +14431,12 @@ paths: '200': content: application/json: - examples: - simpleListItem: - value: - _version: WzEyLDFd - comments: [] - created_at: '2025-01-07T21:12:25.512Z' - created_by: elastic - description: Updated description - entries: - - field: host.name - operator: included - type: match - value: rock01 - id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da - item_id: simple_list_item - list_id: simple_list - name: Updated name - namespace_type: single - os_types: [] - tags: [] - tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 - type: simple - updated_at: '2025-01-07T21:34:50.233Z' - updated_by: elastic schema: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: item_id: Expected string, received number' - statusCode: 400 - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [PUT /api/exception_lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json: - examples: - notFound: - value: - message: 'exception list item item_id: \"foo\" does not exist' - status_code: 404 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list item not found response - '500': - content: - application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Update an exception list item - tags: - - Security Exceptions API - /api/exception_lists/items/_find: - get: - description: Get a list of all exception list items in the specified list. - operationId: FindExceptionListItems - parameters: - - description: The `list_id`s of the items to fetch. - in: query - name: list_id - required: true - schema: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - type: array - - description: | - Filters the returned results according to the value of the specified field, - using the `:` syntax. - examples: - singleFilter: - value: - - exception-list.attributes.name:%My%20item - in: query - name: filter - required: false - schema: - default: [] - items: - $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter' - type: array - - description: | - Determines whether the returned containers are Kibana associated with a Kibana space - or available in all spaces (`agnostic` or `single`) - examples: - single: - value: - - single - in: query - name: namespace_type - required: false - schema: - default: - - single - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - type: array - - in: query - name: search - required: false - schema: - example: host.name - type: string - - description: The page number to return - in: query - name: page - required: false - schema: - example: 1 - minimum: 0 - type: integer - - description: The number of exception list items to return per page - in: query - name: per_page - required: false - schema: - example: 20 - minimum: 0 - type: integer - - description: Determines which field is used to sort the results. - example: name - in: query - name: sort_field - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' - - description: Determines the sort order, which can be `desc` or `asc`. - in: query - name: sort_order - required: false - schema: - enum: - - desc - - asc - example: desc - type: string - responses: - '200': - content: - application/json: - examples: - simpleListItems: - value: - data: - - _version: WzgsMV0= - comments: [] - created_at: '2025-01-07T21:12:25.512Z' - created_by: elastic - description: This is a sample exception item. - entries: - - field: actingProcess.file.signer - operator: excluded - type: exists - - field: host.name - operator: included - type: match_any - value: - - jupiter - - saturn - id: 459c5e7e-f8b2-4f0b-b136-c1fc702f72da - item_id: simple_list_item - list_id: simple_list - name: Sample Exception List Item - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: ad0754ff-7b19-49ca-b73e-e6aff6bfa2d0 - type: simple - updated_at: '2025-01-07T21:12:25.512Z' - updated_by: elastic - page: 1 - per_page: 20 - total: 1 - schema: - type: object - properties: - data: - items: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' - type: array - page: - minimum: 1 - type: integer - per_page: - minimum: 1 - type: integer - pit: - type: string - total: - minimum: 0 - type: integer - required: - - data - - page - - per_page - - total - description: Successful response - '400': - content: - application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/exception_lists/items/_find?list_id=simple_list&namespace_type=single] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json: - examples: - notFound: - value: - message: 'exception list list_id: "foo" does not exist' - status_code: 404 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get exception list items - tags: - - Security Exceptions API - /api/exception_lists/summary: - get: - description: Get a summary of the specified exception list. - operationId: ReadExceptionListSummary - parameters: - - description: Exception list's identifier generated upon creation. - in: query - name: id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' - - description: Exception list's human readable identifier. - in: query - name: list_id - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - - examples: - agnostic: - value: agnostic - single: - value: single - in: query - name: namespace_type - required: false - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' - default: single - - description: Search filter clause - in: query - name: filter - required: false - schema: - example: exception-list-agnostic.attributes.tags:"policy:policy-1" OR exception-list-agnostic.attributes.tags:"policy:all" - type: string - responses: - '200': - content: - application/json: - examples: - summary: - value: - linux: 0 - macos: 0 - total: 0 - windows: 0 - schema: - type: object - properties: - linux: - minimum: 0 - type: integer - macos: - minimum: 0 - type: integer - total: - minimum: 0 - type: integer - windows: - minimum: 0 - type: integer - description: Successful response - '400': - content: - application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: namespace_type.0: Invalid enum value. Expected ''agnostic'' | ''single'', received ''blob''' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' @@ -14436,21603 +14445,346 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/exception_lists/summary?list_id=simple_list&namespace_type=agnostic] is unauthorized for user, this action is granted by the Kibana privileges [lists-summary] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' description: Not enough privileges response '404': - content: - application/json: - examples: - notFound: - value: - message": 'exception list id: "foo" does not exist' - status_code": 404 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list not found response - '500': - content: - application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Get an exception list summary - tags: - - Security Exceptions API - /api/exceptions/shared: - post: - description: | - An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. - > info - > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. - operationId: CreateSharedExceptionList - requestBody: - content: - application/json: - schema: - example: - description: This is a sample detection type exception list. - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - type: object - properties: - description: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' - name: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' - required: - - name - - description - required: true - responses: - '200': - content: - application/json: - examples: - sharedList: - value: - _version: WzIsMV0= - created_at: '2025-01-07T19:34:27.942Z' - created_by: elastic - description: This is a sample detection type exception list. - id: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - immutable: false - list_id: simple_list - name: Sample Detection Exception List - namespace_type: single - os_types: - - linux - tags: - - malware - tie_breaker_id: 78f1aca1-f8ee-4eb5-9ceb-f5c3ee656cb3 - type: detection - updated_at: '2025-01-07T19:34:27.942Z' - updated_by: elastic - version: 1 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' - description: Successful response - '400': - content: - application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: list_id: Expected string, received number' - statusCode: 400 - schema: - oneOf: - - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Invalid input data response - '401': - content: - application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" - statusCode: 401 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Unsuccessful authentication response - '403': - content: - application/json: - examples: - forbidden: - value: - message: Unable to create exception-list - status_code: 403 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' - description: Not enough privileges response - '409': - content: - application/json: - examples: - alreadyExists: - value: - message: 'exception list id: "simple_list" already exists' - status_code: 409 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Exception list already exists response - '500': - content: - application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 - schema: - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' - description: Internal server error response - summary: Create a shared exception list - tags: - - Security Exceptions API - /api/fleet/agent_download_sources: - get: - description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].' - operationId: get-fleet-agent-download-sources - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agent binary download sources - tags: - - Elastic Agent binary download sources - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: post-fleet-agent-download-sources - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - required: - - name - - host - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create an agent binary download source - tags: - - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: - delete: - description: 'Delete an agent binary download source by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: delete-fleet-agent-download-sources-sourceid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete an agent binary download source - tags: - - Elastic Agent binary download sources - get: - description: 'Get an agent binary download source by ID.

[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].' - operationId: get-fleet-agent-download-sources-sourceid - parameters: - - in: path - name: sourceId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an agent binary download source - tags: - - Elastic Agent binary download sources - put: - description: 'Update an agent binary download source by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: put-fleet-agent-download-sources-sourceid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: sourceId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - required: - - name - - host - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host: - format: uri - type: string - id: - type: string - is_default: - default: false - type: boolean - name: - type: string - proxy_id: - description: The ID of the proxy to use for this download source. See the proxies API for more information. - nullable: true - type: string - required: - - id - - name - - host - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update an agent binary download source - tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: - get: - description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' - operationId: get-fleet-agent-policies - parameters: - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - description: use withAgentCount instead - in: query - name: noAgentCount - required: false - schema: - deprecated: true - type: boolean - - description: get policies with agent count - in: query - name: withAgentCount - required: false - schema: - type: boolean - - description: get full policies with package policies populated - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agent policies - tags: - - Elastic Agent policies - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' - operationId: post-fleet-agent-policies - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: sys_monitoring - required: false - schema: - type: boolean - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create an agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' - operationId: post-fleet-agent-policies-bulk-get - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk get agent policies - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: - get: - description: 'Get an agent policy by ID.

[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].' - operationId: get-fleet-agent-policies-agentpolicyid - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an agent policy - tags: - - Elastic Agent policies - put: - description: 'Update an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' - operationId: put-fleet-agent-policies-agentpolicyid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - type: boolean - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_protected: - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - space_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - required: - - name - - namespace - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update an agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: - post: - description: 'Copy an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' - operationId: post-fleet-agent-policies-agentpolicyid-copy - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - description: - type: string - name: - minLength: 1 - type: string - required: - - name - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - advanced_settings: - additionalProperties: false - type: object - properties: - agent_download_target_directory: - nullable: true - agent_download_timeout: - nullable: true - agent_limits_go_max_procs: - nullable: true - agent_logging_files_interval: - nullable: true - agent_logging_files_keepfiles: - nullable: true - agent_logging_files_rotateeverybytes: - nullable: true - agent_logging_level: - nullable: true - agent_logging_metrics_period: - nullable: true - agent_logging_to_files: - nullable: true - agent_features: - items: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - agentless: - additionalProperties: false - type: object - properties: - resources: - additionalProperties: false - type: object - properties: - requests: - additionalProperties: false - type: object - properties: - cpu: - type: string - memory: - type: string - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: - description: User defined data tags that are added to all of the inputs. The values can be strings or numbers. - items: - additionalProperties: false - type: object - properties: - name: - type: string - value: - anyOf: - - type: string - - type: number - required: - - name - - value - type: array - has_fleet_server: - type: boolean - id: - type: string - inactivity_timeout: - default: 1209600 - minimum: 0 - type: number - is_default: - type: boolean - is_default_fleet_server: - type: boolean - is_managed: - type: boolean - is_preconfigured: - type: boolean - is_protected: - description: Indicates whether the agent policy has tamper protection enabled. Default false. - type: boolean - keep_monitoring_alive: - default: false - description: When set to true, monitoring will be enabled but logs/metrics collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - additionalProperties: false - type: object - properties: - limit: - additionalProperties: false - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - additionalProperties: false - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - logs - - metrics - - traces - type: string - type: array - monitoring_http: - additionalProperties: false - type: object - properties: - buffer: - additionalProperties: false - type: object - properties: - enabled: - default: false - type: boolean - enabled: - type: boolean - host: - type: string - port: - maximum: 65353 - minimum: 0 - type: number - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - minLength: 1 - type: string - namespace: - minLength: 1 - type: string - overrides: - additionalProperties: {} - description: Override settings that are defined in the agent policy. Input settings cannot be overridden. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - anyOf: - - items: - type: string - type: array - - description: This field is present only when retrieving a single agent policy, or when retrieving a list of agent policies with the ?full=true parameter - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required_versions: - items: - additionalProperties: false - type: object - properties: - percentage: - description: Target percentage of agents to auto upgrade - maximum: 100 - minimum: 0 - type: number - version: - description: Target version for automatic agent upgrade - type: string - required: - - version - - percentage - nullable: true - type: array - revision: - type: number - schema_version: - type: string - space_ids: - items: - type: string - type: array - status: - enum: - - active - - inactive - type: string - supports_agentless: - default: false - description: Indicates whether the agent policy supports agentless integrations. - nullable: true - type: boolean - unenroll_timeout: - minimum: 0 - type: number - unprivileged_agents: - type: number - updated_at: - type: string - updated_by: - type: string - version: - type: string - required: - - id - - name - - namespace - - is_managed - - is_protected - - status - - updated_at - - updated_by - - revision - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Copy an agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: - get: - description: 'Download an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' - operationId: get-fleet-agent-policies-agentpolicyid-download - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - type: string - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Download an agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - description: 'Get a full agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].' - operationId: get-fleet-agent-policies-agentpolicyid-full - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: standalone - required: false - schema: - type: boolean - - in: query - name: kubernetes - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - download: - additionalProperties: false - type: object - properties: - sourceURI: - type: string - required: - - sourceURI - features: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - required: - - enabled - type: object - limits: - additionalProperties: false - type: object - properties: - go_max_procs: - type: number - logging: - additionalProperties: false - type: object - properties: - files: - additionalProperties: false - type: object - properties: - interval: - type: string - keepfiles: - type: number - rotateeverybytes: - type: number - level: - type: string - to_files: - type: boolean - monitoring: - additionalProperties: false - type: object - properties: - apm: {} - enabled: - type: boolean - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - - apm - protection: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - signing_key: - type: string - uninstall_token_hash: - type: string - required: - - enabled - - uninstall_token_hash - - signing_key - required: - - monitoring - - download - - features - fleet: - anyOf: - - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - additionalProperties: false - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - required: - - hosts - - proxy_headers - - additionalProperties: false - type: object - properties: - kibana: - additionalProperties: false - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - required: - - hosts - - protocol - required: - - kibana - id: - type: string - inputs: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - namespaces: - items: - type: string - type: array - output_permissions: - additionalProperties: - additionalProperties: {} - type: object - type: object - outputs: - additionalProperties: - additionalProperties: true - type: object - properties: - ca_sha256: - nullable: true - type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - type: - type: string - required: - - type - - proxy_headers - type: object - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - signed: - additionalProperties: false - type: object - properties: - data: - type: string - signature: - type: string - required: - - data - - signature - required: - - id - - outputs - - inputs - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a full agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/outputs: - get: - description: 'Get a list of outputs associated with agent policy by policy id.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].' - operationId: get-fleet-agent-policies-agentpolicyid-outputs - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get outputs for an agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/delete: - post: - description: 'Delete an agent policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].' - operationId: post-fleet-agent-policies-delete - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - force: - description: bypass validation checks that can prevent agent policy deletion - type: boolean - required: - - agentPolicyId - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete an agent policy - tags: - - Elastic Agent policies - /api/fleet/agent_policies/outputs: - post: - description: 'Get a list of outputs associated with agent policies.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].' - operationId: post-fleet-agent-policies-outputs - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - required: - - ids - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agentPolicyId: - type: string - data: - additionalProperties: false - type: object - properties: - integrations: - items: - additionalProperties: false - type: object - properties: - id: - type: string - integrationPolicyName: - type: string - name: - type: string - pkgName: - type: string - type: array - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - monitoring: - additionalProperties: false - type: object - properties: - output: - additionalProperties: false - type: object - properties: - id: - type: string - name: - type: string - required: - - id - - name - required: - - output - required: - - monitoring - - data - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get outputs for agent policies - tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - operationId: get-fleet-agent-status - parameters: - - in: query - name: policyId - required: false - schema: - type: string - - in: query - name: policyIds - required: false - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - results: - additionalProperties: false - type: object - properties: - active: - type: number - all: - type: number - error: - type: number - events: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - orphaned: - type: number - other: - type: number - unenrolled: - type: number - uninstalled: - type: number - updating: - type: number - required: - - events - - online - - error - - offline - - other - - updating - - inactive - - unenrolled - - all - - active - required: - - results - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an agent status summary - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agent-status-data - parameters: - - in: query - name: agentsIds - required: true - schema: - anyOf: - - items: - type: string - type: array - - type: string - - in: query - name: pkgName - required: false - schema: - type: string - - in: query - name: pkgVersion - required: false - schema: - type: string - - in: query - name: previewData - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - dataPreview: - items: {} - type: array - items: - items: - additionalProperties: - additionalProperties: false - type: object - properties: - data: - type: boolean - required: - - data - type: object - type: array - required: - - items - - dataPreview - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get incoming agent data - tags: - - Elastic Agents - /api/fleet/agents: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents - parameters: - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - - in: query - name: showUpgradeable - required: false - schema: - default: false - type: boolean - - in: query - name: getStatusSummary - required: false - schema: - default: false - type: boolean - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - type: array - page: - type: number - perPage: - type: number - statusSummary: - additionalProperties: - type: number - type: object - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agents - tags: - - Elastic Agents - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: post-fleet-agents - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionIds: - items: - type: string - type: array - required: - - actionIds - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agents by action ids - tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - description: 'Delete an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: delete-fleet-agents-agentid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete an agent - tags: - - Elastic Agents - get: - description: 'Get an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents-agentid - parameters: - - in: path - name: agentId - required: true - schema: - type: string - - in: query - name: withMetrics - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an agent - tags: - - Elastic Agents - put: - description: 'Update an agent by ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: put-fleet-agents-agentid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - tags: - items: - type: string - type: array - user_provided_metadata: - additionalProperties: {} - type: object - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - agent: - additionalProperties: true - type: object - properties: - id: - type: string - version: - type: string - required: - - id - - version - audit_unenrolled_reason: - type: string - components: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - type: string - units: - items: - additionalProperties: false - type: object - properties: - id: - type: string - message: - type: string - payload: - additionalProperties: {} - type: object - status: - enum: - - STARTING - - CONFIGURING - - HEALTHY - - DEGRADED - - FAILED - - STOPPING - - STOPPED - type: string - type: - enum: - - input - - output - type: string - required: - - id - - type - - status - - message - type: array - required: - - id - - type - - status - - message - type: array - default_api_key: - type: string - default_api_key_history: - items: - additionalProperties: false - deprecated: true - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - default_api_key_id: - type: string - enrolled_at: - type: string - id: - type: string - last_checkin: - type: string - last_checkin_message: - type: string - last_checkin_status: - enum: - - error - - online - - degraded - - updating - - starting - type: string - local_metadata: - additionalProperties: {} - type: object - metrics: - additionalProperties: false - type: object - properties: - cpu_avg: - type: number - memory_size_byte_avg: - type: number - namespaces: - items: - type: string - type: array - outputs: - additionalProperties: - additionalProperties: false - type: object - properties: - api_key_id: - type: string - to_retire_api_key_ids: - items: - additionalProperties: false - type: object - properties: - id: - type: string - retired_at: - type: string - required: - - id - - retired_at - type: array - type: - type: string - required: - - api_key_id - - type - type: object - packages: - items: - type: string - type: array - policy_id: - type: string - policy_revision: - nullable: true - type: number - sort: - items: - anyOf: - - type: number - - type: string - - enum: [] - nullable: true - type: array - status: - enum: - - offline - - error - - online - - inactive - - enrolling - - unenrolling - - unenrolled - - updating - - degraded - - uninstalled - - orphaned - type: string - tags: - items: - type: string - type: array - type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - type: string - unenrolled_at: - type: string - unenrollment_started_at: - type: string - unhealthy_reason: - items: - enum: - - input - - output - - other - type: string - nullable: true - type: array - upgrade_details: - additionalProperties: false - nullable: true - type: object - properties: - action_id: - type: string - metadata: - additionalProperties: false - type: object - properties: - download_percent: - type: number - download_rate: - type: number - error_msg: - type: string - failed_state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - retry_error_msg: - type: string - retry_until: - type: string - scheduled_at: - type: string - state: - enum: - - UPG_REQUESTED - - UPG_SCHEDULED - - UPG_DOWNLOADING - - UPG_EXTRACTING - - UPG_REPLACING - - UPG_RESTARTING - - UPG_FAILED - - UPG_WATCHING - - UPG_ROLLBACK - type: string - target_version: - type: string - required: - - target_version - - action_id - - state - upgrade_started_at: - nullable: true - type: string - upgraded_at: - nullable: true - type: string - user_provided_metadata: - additionalProperties: {} - type: object - required: - - id - - packages - - type - - active - - enrolled_at - - local_metadata - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update an agent - tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-agentid-actions - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - action: - anyOf: - - additionalProperties: false - type: object - properties: - ack_data: {} - data: {} - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - required: - - type - - data - - ack_data - - additionalProperties: false - type: object - properties: - data: - additionalProperties: false - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - required: - - log_level - type: - enum: - - SETTINGS - type: string - required: - - type - - data - required: - - action - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create an agent action - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-agentid-reassign - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - policy_id: - type: string - required: - - policy_id - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Reassign an agent - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/request_diagnostics: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: post-fleet-agents-agentid-request-diagnostics - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - nullable: true - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Request agent diagnostics - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/unenroll: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-agentid-unenroll - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - type: boolean - revoke: - type: boolean - responses: {} - summary: Unenroll an agent - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/upgrade: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-agentid-upgrade - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: agentId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - skipRateLimitCheck: - type: boolean - source_uri: - type: string - version: - type: string - required: - - version - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: {} - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Upgrade an agent - tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/uploads: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents-agentid-uploads - parameters: - - in: path - name: agentId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - createTime: - type: string - error: - type: string - filePath: - type: string - id: - type: string - name: - type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - EXPIRED - - IN_PROGRESS - - FAILED - type: string - required: - - id - - name - - filePath - - createTime - - status - - actionId - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agent uploads - tags: - - Elastic Agents - /api/fleet/agents/action_status: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents-action-status - parameters: - - in: query - name: page - required: false - schema: - default: 0 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: date - required: false - schema: - type: string - - in: query - name: latest - required: false - schema: - type: number - - in: query - name: errorSize - required: false - schema: - default: 5 - type: number - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - hasRolloutPeriod: - type: boolean - latestErrors: - items: - additionalProperties: false - description: latest errors that happened when the agents executed the action - type: object - properties: - agentId: - type: string - error: - type: string - hostname: - type: string - timestamp: - type: string - required: - - agentId - - error - - timestamp - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: number - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - UPGRADE - - UNENROLL - - SETTINGS - - POLICY_REASSIGN - - CANCEL - - FORCE_UNENROLL - - REQUEST_DIAGNOSTICS - - UPDATE_TAGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - type - - nbAgentsActioned - - status - - creationTime - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an agent action status - tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-actions-actionid-cancel - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: actionId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - ack_data: {} - agents: - items: - type: string - type: array - created_at: - type: string - data: {} - expiration: - type: string - id: - type: string - minimum_execution_duration: - type: number - namespaces: - items: - type: string - type: array - rollout_duration_seconds: - type: number - sent_at: - type: string - source_uri: - type: string - start_time: - type: string - total: - type: number - type: - type: string - required: - - id - - type - - data - - created_at - - ack_data - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Cancel an agent action - tags: - - Elastic Agent actions - /api/fleet/agents/available_versions: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents-available-versions - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get available agent versions - tags: - - Elastic Agents - /api/fleet/agents/bulk_reassign: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-bulk-reassign - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - policy_id: - type: string - required: - - policy_id - - agents - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk reassign agents - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_request_diagnostics: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: post-fleet-agents-bulk-request-diagnostics - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - additional_metrics: - items: - enum: - - CPU - type: string - type: array - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - required: - - agents - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk request diagnostics from agents - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_unenroll: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-bulk-unenroll - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - description: KQL query string, leave empty to action all agents - type: string - type: array - - description: list of agent IDs - type: string - batchSize: - type: number - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: When passing agents by KQL query, unenrolls inactive agents too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk unenroll agents - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_update_agent_tags: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-bulk-update-agent-tags - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - includeInactive: - default: false - type: boolean - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk update agent tags - tags: - - Elastic Agent actions - /api/fleet/agents/bulk_upgrade: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-agents-bulk-upgrade - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - agents: - anyOf: - - items: - type: string - type: array - - type: string - batchSize: - type: number - force: - type: boolean - includeInactive: - default: false - type: boolean - rollout_duration_seconds: - minimum: 600 - type: number - skipRateLimitCheck: - type: boolean - source_uri: - type: string - start_time: - type: string - version: - type: string - required: - - agents - - version - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - actionId: - type: string - required: - - actionId - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk upgrade agents - tags: - - Elastic Agent actions - /api/fleet/agents/files/{fileId}: - delete: - description: 'Delete a file uploaded by an agent.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: delete-fleet-agents-files-fileid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: fileId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - deleted: - type: boolean - id: - type: string - required: - - id - - deleted - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete an uploaded file - tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}/{fileName}: - get: - description: 'Get a file uploaded by an agent.

[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents-files-fileid-filename - parameters: - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - type: object - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an uploaded file - tags: - - Elastic Agents - /api/fleet/agents/setup: - get: - description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' - operationId: get-fleet-agents-setup - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - description: A summary of the agent setup status. `isReady` indicates whether the setup is ready. If the setup is not ready, `missing_requirements` lists which requirements are missing. - type: object - properties: - is_secrets_storage_enabled: - type: boolean - is_space_awareness_enabled: - type: boolean - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - security_required - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agent setup info - tags: - - Elastic Agents - post: - description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' - operationId: post-fleet-agents-setup - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Initiate agent setup - tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].' - operationId: get-fleet-agents-tags - parameters: - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: showInactive - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get agent tags - tags: - - Elastic Agents - /api/fleet/check-permissions: - get: - operationId: get-fleet-check-permissions - parameters: - - in: query - name: fleetServerSetup - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - error: - enum: - - MISSING_SECURITY - - MISSING_PRIVILEGES - - MISSING_FLEET_SERVER_SETUP_PRIVILEGES - type: string - success: - type: boolean - required: - - success - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Check permissions - tags: - - Fleet internals - /api/fleet/data_streams: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].' - operationId: get-fleet-data-streams - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - data_streams: - items: - additionalProperties: false - type: object - properties: - dashboards: - items: - additionalProperties: false - type: object - properties: - id: - type: string - title: - type: string - required: - - id - - title - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: - type: string - package_version: - type: string - serviceDetails: - additionalProperties: false - nullable: true - type: object - properties: - environment: - type: string - serviceName: - type: string - required: - - environment - - serviceName - size_in_bytes: - type: number - size_in_bytes_formatted: - anyOf: - - type: number - - type: string - type: - type: string - required: - - index - - dataset - - namespace - - type - - package - - package_version - - last_activity_ms - - size_in_bytes - - size_in_bytes_formatted - - dashboards - - serviceDetails - type: array - required: - - data_streams - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get data streams - tags: - - Data streams - /api/fleet/enrollment_api_keys: - get: - description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].' - operationId: get-fleet-enrollment-api-keys - parameters: - - in: query - name: page - required: false - schema: - default: 1 - type: number - - in: query - name: perPage - required: false - schema: - default: 20 - type: number - - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - list: - deprecated: true - items: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - - list - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get enrollment API keys - tags: - - Fleet enrollment API keys - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-enrollment-api-keys - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - expiration: - type: string - name: - type: string - policy_id: - type: string - required: - - policy_id - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - created - type: string - item: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - - action - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create an enrollment API key - tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - description: 'Revoke an enrollment API key by ID by marking it as inactive.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: delete-fleet-enrollment-api-keys-keyid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Revoke an enrollment API key - tags: - - Fleet enrollment API keys - get: - description: 'Get an enrollment API key by ID.

[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].' - operationId: get-fleet-enrollment-api-keys-keyid - parameters: - - in: path - name: keyId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - active: - description: When false, the enrollment API key is revoked and cannot be used for enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string - id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an enrollment API key - tags: - - Fleet enrollment API keys - /api/fleet/epm/bulk_assets: - post: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: post-fleet-epm-bulk-assets - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - assetIds: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - id - - type - type: array - required: - - assetIds - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - appLink: - type: string - attributes: - additionalProperties: false - type: object - properties: - description: - type: string - service: - type: string - title: - type: string - id: - type: string - type: - type: string - updatedAt: - type: string - required: - - id - - type - - attributes - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk get assets - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-categories - parameters: - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: include_policy_templates - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - count: - type: number - id: - type: string - parent_id: - type: string - parent_title: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get package categories - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/custom_integrations: - post: - description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' - operationId: post-fleet-epm-custom-integrations - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - datasets: - items: - additionalProperties: false - type: object - properties: - name: - type: string - type: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - required: - - name - - type - type: array - force: - type: boolean - integrationName: - type: string - required: - - integrationName - - datasets - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create a custom integration - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/data_streams: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-data-streams - parameters: - - in: query - name: type - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: datasetQuery - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - default: asc - enum: - - asc - - desc - type: string - - in: query - name: uncategorisedOnly - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - name: - type: string - required: - - name - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get data streams - tags: - - Data streams - /api/fleet/epm/packages: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-packages - parameters: - - in: query - name: category - required: false - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: excludeInstallStatus - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: true - type: object - properties: - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - id: - type: string - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - integration: - type: string - internal: - type: boolean - latestVersion: - type: string - name: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - name - - version - - title - - id - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get packages - tags: - - Elastic Package Manager (EPM) - post: - description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' - operationId: post-fleet-epm-packages - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/gzip; application/zip: - schema: - format: binary - type: string - responses: - '200': - content: - application/gzip; application/zip: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/gzip; application/zip: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Install a package by upload - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: - post: - description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' - operationId: post-fleet-epm-packages-bulk - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - force: - default: false - type: boolean - packages: - items: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - name: - type: string - prerelease: - type: boolean - version: - type: string - required: - - name - - version - minItems: 1 - type: array - required: - - packages - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - name: - type: string - result: - additionalProperties: false - type: object - properties: - assets: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - error: {} - installSource: - type: string - installType: - type: string - status: - enum: - - installed - - already_installed - type: string - required: - - error - - installType - version: - type: string - required: - - name - - version - - result - - additionalProperties: false - type: object - properties: - error: - anyOf: - - type: string - - {} - name: - type: string - statusCode: - type: number - required: - - name - - statusCode - - error - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk install packages - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' - operationId: delete-fleet-epm-packages-pkgname-pkgversion - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: false - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete a package - tags: - - Elastic Package Manager (EPM) - get: - operationId: get-fleet-epm-packages-pkgname-pkgversion - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: false - schema: - type: string - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: full - required: false - schema: - type: boolean - - in: query - name: withMetadata - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - name - - version - - title - - assets - metadata: - additionalProperties: false - type: object - properties: - has_policies: - type: boolean - required: - - has_policies - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a package - tags: - - Elastic Package Manager (EPM) - post: - description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' - operationId: post-fleet-epm-packages-pkgname-pkgversion - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: false - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreMappingUpdateErrors - required: false - schema: - default: false - type: boolean - - in: query - name: skipDataStreamRollover - required: false - schema: - default: false - type: boolean - requestBody: - content: - application/json: - schema: - additionalProperties: false - nullable: true - type: object - properties: - force: - default: false - type: boolean - ignore_constraints: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - _meta: - additionalProperties: false - type: object - properties: - install_source: - type: string - required: - - install_source - items: - items: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - - additionalProperties: false - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - required: - - items - - _meta - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Install a package from the registry - tags: - - Elastic Package Manager (EPM) - put: - description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].' - operationId: put-fleet-epm-packages-pkgname-pkgversion - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: false - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - keepPoliciesUpToDate: - type: boolean - required: - - keepPoliciesUpToDate - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: true - type: object - properties: - agent: - additionalProperties: false - type: object - properties: - privileges: - additionalProperties: false - type: object - properties: - root: - type: boolean - asset_tags: - items: - additionalProperties: false - type: object - properties: - asset_ids: - items: - type: string - type: array - asset_types: - items: - type: string - type: array - text: - type: string - required: - - text - type: array - assets: - additionalProperties: {} - type: object - categories: - items: - type: string - type: array - conditions: - additionalProperties: true - type: object - properties: - elastic: - additionalProperties: true - type: object - properties: - capabilities: - items: - type: string - type: array - subscription: - type: string - kibana: - additionalProperties: true - type: object - properties: - version: - type: string - data_streams: - items: - additionalProperties: {} - type: object - type: array - description: - type: string - discovery: - additionalProperties: true - type: object - properties: - fields: - items: - additionalProperties: true - type: object - properties: - name: - type: string - required: - - name - type: array - download: - type: string - elasticsearch: - additionalProperties: {} - type: object - format_version: - type: string - icons: - items: - additionalProperties: true - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - installationInfo: - additionalProperties: true - type: object - properties: - additional_spaces_installed_kibana: - additionalProperties: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - type: object - created_at: - type: string - experimental_data_stream_features: - items: - additionalProperties: true - type: object - properties: - data_stream: - type: string - features: - additionalProperties: true - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - install_format_schema_version: - type: string - install_source: - enum: - - registry - - upload - - bundled - - custom - type: string - install_status: - enum: - - installed - - installing - - install_failed - type: string - installed_es: - items: - additionalProperties: true - type: object - properties: - deferred: - type: boolean - id: - type: string - type: - enum: - - index - - index_template - - component_template - - ingest_pipeline - - ilm_policy - - data_stream_ilm_policy - - transform - - ml_model - type: string - version: - type: string - required: - - id - - type - type: array - installed_kibana: - items: - additionalProperties: true - type: object - properties: - id: - type: string - originId: - type: string - type: - enum: - - dashboard - - lens - - visualization - - search - - index-pattern - - map - - ml-module - - security-rule - - csp-rule-template - - osquery-pack-asset - - osquery-saved-query - - tag - type: string - required: - - id - - type - type: array - installed_kibana_space_id: - type: string - latest_executed_state: - additionalProperties: true - type: object - properties: - error: - type: string - name: - type: string - started_at: - type: string - required: - - name - - started_at - latest_install_failed_attempts: - items: - additionalProperties: true - type: object - properties: - created_at: - type: string - error: - additionalProperties: true - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - required: - - name - - message - target_version: - type: string - required: - - created_at - - target_version - - error - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - unverified - - verified - - unknown - type: string - version: - type: string - required: - - type - - installed_kibana - - installed_es - - name - - version - - install_status - - install_source - - verification_status - internal: - type: boolean - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - license: - type: string - licensePath: - type: string - name: - type: string - notice: - type: string - owner: - additionalProperties: true - type: object - properties: - github: - type: string - type: - enum: - - elastic - - partner - - community - type: string - path: - type: string - policy_templates: - items: - additionalProperties: {} - type: object - type: array - readme: - type: string - release: - enum: - - ga - - beta - - experimental - type: string - screenshots: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - signature_path: - type: string - source: - additionalProperties: true - type: object - properties: - license: - type: string - required: - - license - status: - type: string - title: - type: string - type: - enum: - - integration - - input - - content - type: string - vars: - items: - additionalProperties: {} - type: object - type: array - version: - type: string - required: - - name - - version - - title - - assets - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update package settings - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: {} - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a package file - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: - post: - operationId: post-fleet-epm-packages-pkgname-pkgversion-transforms-authorize - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - transforms: - items: - additionalProperties: false - type: object - properties: - transformId: - type: string - required: - - transformId - type: array - required: - - transforms - responses: - '200': - content: - application/json: - schema: - items: - additionalProperties: false - type: object - properties: - error: - nullable: true - success: - type: boolean - transformId: - type: string - required: - - transformId - - success - - error - type: array - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Authorize transforms - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-packages-pkgname-stats - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - response: - additionalProperties: false - type: object - properties: - agent_policy_count: - type: number - required: - - agent_policy_count - required: - - response - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get package stats - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/installed: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-packages-installed - parameters: - - in: query - name: dataStreamType - required: false - schema: - enum: - - logs - - metrics - - traces - - synthetics - - profiling - type: string - - in: query - name: showOnlyActiveDataStreams - required: false - schema: - type: boolean - - in: query - name: nameQuery - required: false - schema: - type: string - - in: query - name: searchAfter - required: false - schema: - items: - anyOf: - - type: string - - type: number - type: array - - in: query - name: perPage - required: false - schema: - default: 15 - type: number - - in: query - name: sortOrder - required: false - schema: - default: asc - enum: - - asc - - desc - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - dataStreams: - items: - additionalProperties: false - type: object - properties: - name: - type: string - title: - type: string - required: - - name - - title - type: array - description: - type: string - icons: - items: - additionalProperties: false - type: object - properties: - dark_mode: - type: boolean - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - type: array - name: - type: string - status: - type: string - title: - type: string - version: - type: string - required: - - name - - version - - status - - dataStreams - type: array - searchAfter: - items: - anyOf: - - type: string - - type: number - - type: boolean - - enum: [] - nullable: true - - {} - type: array - total: - type: number - required: - - items - - total - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get installed packages - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/limited: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-packages-limited - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - type: string - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a limited package list - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - default: json - enum: - - json - - yml - - yaml - type: string - - in: query - name: prerelease - required: false - schema: - type: boolean - - in: query - name: ignoreUnverified - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - anyOf: - - type: string - - additionalProperties: false - type: object - properties: - inputs: - items: - additionalProperties: false - type: object - properties: - id: - type: string - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - required: - - id - - type - type: array - required: - - inputs - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get an inputs template - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/verification_key_id: - get: - description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].' - operationId: get-fleet-epm-verification-key-id - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - nullable: true - type: string - required: - - id - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a package signature verification key ID - tags: - - Elastic Package Manager (EPM) - /api/fleet/fleet_server_hosts: - get: - description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].' - operationId: get-fleet-fleet-server-hosts - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get Fleet Server hosts - tags: - - Fleet Server hosts - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: post-fleet-fleet-server-hosts - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - name - - host_urls - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create a Fleet Server host - tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: - delete: - description: 'Delete a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: delete-fleet-fleet-server-hosts-itemid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete a Fleet Server host - tags: - - Fleet Server hosts - get: - description: 'Get a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-read].' - operationId: get-fleet-fleet-server-hosts-itemid - parameters: - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a Fleet Server host - tags: - - Fleet Server hosts - put: - description: 'Update a Fleet Server host by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: put-fleet-fleet-server-hosts-itemid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - proxy_id - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - host_urls: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - required: - - id - - name - - host_urls - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update a Fleet Server host - tags: - - Fleet Server hosts - /api/fleet/health_check: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: post-fleet-health-check - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - host_id: - type: string - name: - type: string - status: - type: string - required: - - status - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Check Fleet Server health - tags: - - Fleet internals - /api/fleet/kubernetes: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' - operationId: get-fleet-kubernetes - parameters: - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - type: string - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a full K8s agent manifest - tags: - - Elastic Agent policies - /api/fleet/kubernetes/download: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].' - operationId: get-fleet-kubernetes-download - parameters: - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string - responses: - '200': - content: - application/json: - schema: - type: string - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Download an agent manifest - tags: - - Elastic Agent policies - /api/fleet/logstash_api_keys: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: post-fleet-logstash-api-keys - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - api_key: - type: string - required: - - api_key - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Generate a Logstash API key - tags: - - Fleet outputs - /api/fleet/message_signing_service/rotate_key_pair: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].' - operationId: post-fleet-message-signing-service-rotate-key-pair - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: acknowledge - required: false - schema: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '500': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Rotate a Fleet message signing key pair - tags: - - Message Signing Service - /api/fleet/outputs: - get: - description: '[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].' - operationId: get-fleet-outputs - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get outputs - tags: - - Fleet outputs - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: post-fleet-outputs - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create output - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - description: 'Delete output by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: delete-fleet-outputs-outputid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete output - tags: - - Fleet outputs - get: - description: 'Get output by ID.

[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].' - operationId: get-fleet-outputs-outputid - parameters: - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get output - tags: - - Fleet outputs - put: - description: 'Update output by ID.

[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].' - operationId: put-fleet-outputs-outputid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: outputId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - service_token: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: false - type: object - properties: - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - - additionalProperties: false - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: false - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: false - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: false - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: false - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: false - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: false - type: object - properties: - password: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: false - type: object - properties: - key: - anyOf: - - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: false - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: false - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - compression_level - - connection_type - - username - - password - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - anyOf: - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - format: uri - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - service_token: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - service_token: - nullable: true - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - remote_elasticsearch - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - config_yaml: - nullable: true - type: string - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - name: - type: string - proxy_id: - nullable: true - type: string - secrets: - additionalProperties: true - type: object - properties: - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - type: - enum: - - logstash - type: string - required: - - name - - type - - hosts - - additionalProperties: true - type: object - properties: - allow_edit: - items: - type: string - type: array - auth_type: - enum: - - none - - user_pass - - ssl - - kerberos - type: string - broker_timeout: - type: number - ca_sha256: - nullable: true - type: string - ca_trusted_fingerprint: - nullable: true - type: string - client_id: - type: string - compression: - enum: - - gzip - - snappy - - lz4 - - none - type: string - compression_level: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: number - - not: {} - config_yaml: - nullable: true - type: string - connection_type: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - plaintext - - encryption - type: string - - not: {} - hash: - additionalProperties: true - type: object - properties: - hash: - type: string - random: - type: boolean - headers: - items: - additionalProperties: true - type: object - properties: - key: - type: string - value: - type: string - required: - - key - - value - type: array - hosts: - items: - type: string - minItems: 1 - type: array - id: - type: string - is_default: - default: false - type: boolean - is_default_monitoring: - default: false - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean - key: - type: string - name: - type: string - partition: - enum: - - random - - round_robin - - hash - type: string - password: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - not: {} - - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - proxy_id: - nullable: true - type: string - random: - additionalProperties: true - type: object - properties: - group_events: - type: number - required_acks: - enum: - - 1 - - 0 - - -1 - type: integer - round_robin: - additionalProperties: true - type: object - properties: - group_events: - type: number - sasl: - additionalProperties: true - nullable: true - type: object - properties: - mechanism: - enum: - - PLAIN - - SCRAM-SHA-256 - - SCRAM-SHA-512 - type: string - secrets: - additionalProperties: true - type: object - properties: - password: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - ssl: - additionalProperties: true - type: object - properties: - key: - anyOf: - - additionalProperties: true - type: object - properties: - id: - type: string - required: - - id - - type: string - required: - - key - shipper: - additionalProperties: true - nullable: true - type: object - properties: - compression_level: - nullable: true - type: number - disk_queue_compression_enabled: - nullable: true - type: boolean - disk_queue_enabled: - default: false - nullable: true - type: boolean - disk_queue_encryption_enabled: - nullable: true - type: boolean - disk_queue_max_size: - nullable: true - type: number - disk_queue_path: - nullable: true - type: string - loadbalance: - nullable: true - type: boolean - max_batch_bytes: - nullable: true - type: number - mem_queue_events: - nullable: true - type: number - queue_flush_timeout: - nullable: true - type: number - required: - - disk_queue_path - - disk_queue_max_size - - disk_queue_encryption_enabled - - disk_queue_compression_enabled - - compression_level - - loadbalance - - mem_queue_events - - queue_flush_timeout - - max_batch_bytes - ssl: - additionalProperties: true - nullable: true - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - full - - none - - certificate - - strict - type: string - timeout: - type: number - topic: - type: string - type: - enum: - - kafka - type: string - username: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - type: string - - not: {} - version: - type: string - required: - - name - - type - - hosts - - compression_level - - auth_type - - connection_type - - username - - password - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update output - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' - operationId: get-fleet-outputs-outputid-health - parameters: - - in: path - name: outputId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - required: - - state - - message - - timestamp - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get the latest output health - tags: - - Fleet outputs - /api/fleet/package_policies: - get: - operationId: get-fleet-package-policies - parameters: - - in: query - name: page - required: false - schema: - type: number - - in: query - name: perPage - required: false - schema: - type: number - - in: query - name: sortField - required: false - schema: - type: string - - in: query - name: sortOrder - required: false - schema: - enum: - - desc - - asc - type: string - - in: query - name: showUpgradeable - required: false - schema: - type: boolean - - in: query - name: kuery - required: false - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - - in: query - name: withAgentCount - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get package policies - tags: - - Fleet package policies - post: - operationId: post-fleet-package-policies - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - description: Force package policy creation even if package is not verified, or if the agent policy is managed. - type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - name - - inputs - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - required: - - name - - package - description: You should use inputs as an object and not use the deprecated inputs array. - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '409': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create a package policy - tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: - post: - operationId: post-fleet-package-policies-bulk-get - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - type: array - required: - - items - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: Bulk get package policies - tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - description: 'Delete a package policy by ID.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' - operationId: delete-fleet-package-policies-packagepolicyid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: force - required: false - schema: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete a package policy - tags: - - Fleet package policies - get: - description: Get a package policy by ID. - operationId: get-fleet-package-policies-packagepolicyid - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: Get a package policy - tags: - - Fleet package policies - put: - description: Update a package policy by ID. - operationId: put-fleet-package-policies-packagepolicyid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: packagePolicyId - required: true - schema: - type: string - - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - requestBody: - content: - application/json: - schema: - anyOf: - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - force: - type: boolean - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - type: array - is_managed: - type: boolean - name: - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - version: - type: string - - additionalProperties: false - type: object - properties: - description: - type: string - force: - type: boolean - id: - type: string - inputs: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - name: - type: string - namespace: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - nullable: true - type: string - policy_ids: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - required: - - name - - package - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - id - - revision - - updated_at - - updated_by - - created_at - - created_by - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '403': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update a package policy - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' - operationId: post-fleet-package-policies-delete - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - output_id: - nullable: true - type: string - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Use `policy_ids` instead - nullable: true - type: string - policy_ids: - items: - type: string - type: array - statusCode: - type: number - success: - type: boolean - required: - - id - - success - - policy_ids - - package - type: array - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Bulk delete package policies - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - description: 'Upgrade a package policy to a newer package version.

[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].' - operationId: post-fleet-package-policies-upgrade - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': - content: - application/json: - schema: - items: - additionalProperties: false - type: object - properties: - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - id: - type: string - name: - type: string - statusCode: - type: number - success: - type: boolean - required: - - id - - success - type: array - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Upgrade a package policy - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].' - operationId: post-fleet-package-policies-upgrade-dryrun - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: - type: string - required: - - packagePolicyIds - responses: - '200': - content: - application/json: - schema: - items: - additionalProperties: false - type: object - properties: - agent_diff: - items: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - namespace: - type: string - required: - - namespace - id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - additionalProperties: true - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - required: - - package - name: - type: string - package_policy_id: - type: string - processors: - items: - additionalProperties: true - type: object - properties: - add_fields: - additionalProperties: true - type: object - properties: - fields: - additionalProperties: - anyOf: - - type: string - - type: number - type: object - target: - type: string - required: - - target - - fields - required: - - add_fields - type: array - revision: - type: number - streams: - items: - additionalProperties: true - type: object - properties: - data_stream: - additionalProperties: true - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - id: - type: string - required: - - id - - data_stream - type: array - type: - type: string - use_output: - type: string - required: - - id - - name - - revision - - type - - data_stream - - use_output - - package_policy_id - type: array - type: array - body: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - diff: - items: - anyOf: - - additionalProperties: false - type: object - properties: - agents: - type: number - created_at: - type: string - created_by: - type: string - description: - description: Package policy description - type: string - elasticsearch: - additionalProperties: true - type: object - properties: - privileges: - additionalProperties: true - type: object - properties: - cluster: - items: - type: string - type: array - enabled: - type: boolean - id: - type: string - inputs: - anyOf: - - items: - additionalProperties: false - type: object - properties: - compiled_input: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - - compiled_input - type: array - - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - additionalProperties: false - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Input streams (see integration documentation to know what streams are available) - type: object - vars: - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - description: Package policy inputs (see integration documentation to know what inputs are available) - type: object - x-oas-optional: true - is_managed: - type: boolean - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - revision: - type: number - secret_references: - items: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - type: array - spaceIds: - items: - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - updated_at: - type: string - updated_by: - type: string - vars: - anyOf: - - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - - additionalProperties: - anyOf: - - type: boolean - - type: string - - type: number - - items: - type: string - type: array - - items: - type: number - type: array - - additionalProperties: false - type: object - properties: - id: - type: string - isSecretRef: - type: boolean - required: - - id - - isSecretRef - nullable: true - description: Input/stream level variable (see integration documentation for more information) - type: object - x-oas-optional: true - version: - type: string - required: - - name - - enabled - - inputs - - revision - - updated_at - - updated_by - - created_at - - created_by - - additionalProperties: false - type: object - properties: - description: - description: Package policy description - type: string - enabled: - type: boolean - errors: - items: - additionalProperties: false - type: object - properties: - key: - type: string - message: - type: string - required: - - message - type: array - force: - type: boolean - id: - type: string - inputs: - items: - additionalProperties: false - type: object - properties: - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - policy_template: - type: string - streams: - items: - additionalProperties: false - type: object - properties: - compiled_stream: {} - config: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - data_stream: - additionalProperties: false - type: object - properties: - dataset: - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - dynamic_dataset: - type: boolean - dynamic_namespace: - type: boolean - privileges: - additionalProperties: false - type: object - properties: - indices: - items: - type: string - type: array - type: - type: string - required: - - dataset - - type - enabled: - type: boolean - id: - type: string - keep_enabled: - type: boolean - release: - enum: - - ga - - beta - - experimental - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - enabled - - data_stream - - compiled_stream - type: array - type: - type: string - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - type - - enabled - - streams - type: array - is_managed: - type: boolean - missingVars: - items: - type: string - type: array - name: - description: Package policy name (should be unique) - type: string - namespace: - description: The package policy namespace. Leave blank to inherit the agent policy's namespace. - type: string - output_id: - nullable: true - type: string - overrides: - additionalProperties: false - description: Override settings that are defined in the package policy. The override option should be used only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - properties: - inputs: - additionalProperties: {} - type: object - package: - additionalProperties: false - type: object - properties: - experimental_data_stream_features: - items: - additionalProperties: false - type: object - properties: - data_stream: - type: string - features: - additionalProperties: false - type: object - properties: - doc_value_only_numeric: - type: boolean - doc_value_only_other: - type: boolean - synthetic_source: - type: boolean - tsdb: - type: boolean - required: - - data_stream - - features - type: array - name: - description: Package name - type: string - requires_root: - type: boolean - title: - type: string - version: - description: Package version - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - nullable: true - type: string - policy_ids: - items: - description: Agent policy IDs where that package policy will be added - type: string - type: array - supports_agentless: - default: false - description: Indicates whether the package policy belongs to an agentless agent policy. - nullable: true - type: boolean - vars: - additionalProperties: - additionalProperties: false - type: object - properties: - frozen: - type: boolean - type: - type: string - value: {} - required: - - value - description: Package variable (see integration documentation for more information) - type: object - required: - - name - - enabled - - inputs - type: array - hasErrors: - type: boolean - name: - type: string - statusCode: - type: number - required: - - hasErrors - type: array - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Dry run a package policy upgrade - tags: - - Fleet package policies - /api/fleet/proxies: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' - operationId: get-fleet-proxies - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - items: - items: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get proxies - tags: - - Fleet proxies - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: post-fleet-proxies - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - url - - name - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create a proxy - tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: - delete: - description: 'Delete a proxy by ID

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: delete-fleet-proxies-itemid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - id: - type: string - required: - - id - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Delete a proxy - tags: - - Fleet proxies - get: - description: 'Get a proxy by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-read].' - operationId: get-fleet-proxies-itemid - parameters: - - in: path - name: itemId - required: true - schema: - type: string - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a proxy - tags: - - Fleet proxies - put: - description: 'Update a proxy by ID.

[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: put-fleet-proxies-itemid - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: itemId - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - proxy_headers - - certificate_authorities - - certificate - - certificate_key - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - certificate: - nullable: true - type: string - certificate_authorities: - nullable: true - type: string - certificate_key: - nullable: true - type: string - id: - type: string - is_preconfigured: - default: false - type: boolean - name: - type: string - proxy_headers: - additionalProperties: - anyOf: - - type: string - - type: boolean - - type: number - nullable: true - type: object - url: - type: string - required: - - id - - url - - name - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Update a proxy - tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: post-fleet-service-tokens - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - nullable: true - type: object - properties: - remote: - default: false - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - name: - type: string - value: - type: string - required: - - name - - value - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Create a service token - tags: - - Fleet service tokens - /api/fleet/settings: - get: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].' - operationId: get-fleet-settings - parameters: [] - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - nullable: true - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: Get settings - tags: - - Fleet internals - put: - description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].' - operationId: put-fleet-settings - parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - requestBody: - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - additional_yaml_config: - type: string - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - kibana_ca_sha256: - type: string - kibana_urls: - items: - format: uri - type: string - type: array - prerelease_integrations_enabled: - type: boolean - responses: - '200': - content: - application/json: - schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - delete_unenrolled_agents: - additionalProperties: false - type: object - properties: - enabled: - type: boolean - is_preconfigured: - type: boolean - required: - - enabled - - is_preconfigured - has_seen_add_data_notice: - type: boolean - id: - type: string - output_secret_storage_requirements_met: - type: boolean - preconfigured_fields: - items: - enum: - - fleet_server_hosts - type: string - type: array - prerelease_integrations_enabled: - type: boolean - secret_storage_requirements_met: - type: boolean - use_space_awareness_migration_started_at: - nullable: true - type: string - use_space_awareness_migration_status: - enum: - - pending - - success - - error - type: string - version: - type: string - required: - - id - required: - - item - '400': - content: - application/json: - schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - '404': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': content: application/json: schema: - additionalProperties: false - type: object - properties: - message: - type: string - required: - - message - summary: Update settings + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list item tags: - - Fleet internals - /api/fleet/setup: - post: - description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].' - operationId: post-fleet-setup + - Security Exceptions API + /api/exception_lists/items/_find: + get: + description: Get a list of all exception list items in the specified list. + operationId: FindExceptionListItems parameters: - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf + - description: List's id + in: query + name: list_id required: true schema: - example: 'true' + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + type: array + - description: | + Filters the returned results according to the value of the specified field, + using the `:` syntax. + in: query + name: filter + required: false + schema: + default: [] + items: + $ref: '#/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter' + type: array + - description: | + Determines whether the returned containers are Kibana associated with a Kibana space + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type + required: false + schema: + default: + - single + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + type: array + - in: query + name: search + required: false + schema: + type: string + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc type: string responses: '200': content: application/json: schema: - additionalProperties: false - description: A summary of the result of Fleet's `setup` lifecycle. If `isInitialized` is true, Fleet is ready to accept agent enrollment. `nonFatalErrors` may include useful insight into non-blocking issues with Fleet setup. type: object properties: - isInitialized: - type: boolean - nonFatalErrors: + data: items: - additionalProperties: false - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer required: - - isInitialized - - nonFatalErrors + - data + - page + - per_page + - total + description: Successful response '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response '500': content: application/json: schema: - additionalProperties: false - description: Internal Server Error - type: object - properties: - message: - type: string - required: - - message - summary: Initiate Fleet setup + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list items tags: - - Fleet internals - /api/fleet/uninstall_tokens: + - Security Exceptions API + /api/exception_lists/summary: get: - description: 'List the metadata for the latest uninstall tokens per agent policy.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: get-fleet-uninstall-tokens + description: Get a summary of the specified exception list. + operationId: ReadExceptionListSummary parameters: - - description: Partial match filtering for policy IDs + - description: Exception list's identifier generated upon creation in: query - name: policyId - required: false - schema: - maxLength: 50 - type: string - - in: query - name: search + name: id required: false schema: - maxLength: 50 - type: string - - description: The number of items to return + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human readable identifier in: query - name: perPage + name: list_id required: false schema: - minimum: 5 - type: number + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query - name: page + name: namespace_type required: false schema: - minimum: 1 - type: number + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + - description: Search filter clause + in: query + name: filter + required: false + schema: + type: string responses: '200': content: application/json: schema: - additionalProperties: false type: object properties: - items: - items: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer total: - type: number - required: - - items - - total - - page - - perPage + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + description: Successful response '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get metadata for latest uninstall tokens + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list summary tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: - get: - description: 'Get one decrypted uninstall token by its ID.

[Required authorization] Route required privileges: ALL of [fleet-agents-all].' - operationId: get-fleet-uninstall-tokens-uninstalltokenid - parameters: - - in: path - name: uninstallTokenId - required: true - schema: - type: string + - Security Exceptions API + /api/exceptions/shared: + post: + description: | + An exception list groups exception items and can be associated with detection rules. A shared exception list can apply to multiple detection rules. + > info + > All exception items added to the same list are evaluated using `OR` logic. That is, if any of the items in a list evaluate to `true`, the exception prevents the rule from generating an alert. Likewise, `OR` logic is used for evaluating exceptions when more than one exception list is assigned to a rule. To use the `AND` operator, you can define multiple clauses (`entries`) in a single exception item. + operationId: CreateSharedExceptionList + requestBody: + content: + application/json: + schema: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + required: + - name + - description + required: true responses: '200': content: application/json: schema: - additionalProperties: false - type: object - properties: - item: - additionalProperties: false - type: object - properties: - created_at: - type: string - id: - type: string - namespaces: - items: - type: string - type: array - policy_id: - type: string - policy_name: - nullable: true - type: string - token: - type: string - required: - - id - - policy_id - - created_at - - token - required: - - item + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': content: application/json: schema: - additionalProperties: false - description: Generic Error - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - required: - - message - summary: Get a decrypted uninstall token + oneOf: + - $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + - $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create a shared exception list tags: - - Fleet uninstall tokens + - Security Exceptions API /api/lists: delete: description: | - Delete a value list using the list ID. + Delete a list using the list ID. > info > When you delete a list, all of its list items are also deleted. operationId: DeleteList parameters: - - in: query + - description: List's `id` value + in: query name: id required: true schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Determines whether exception items referencing this value list should be deleted. - in: query + - in: query name: deleteReferences required: false schema: default: false - example: false type: boolean - - description: Determines whether to delete value list without performing any additional checks of where this list may be utilized. - in: query + - in: query name: ignoreReferences required: false schema: default: false - example: false type: boolean responses: '200': content: application/json: - examples: - ipList: - value: - _version: WzIsMV0= - '@timestamp': '2025-01-08T04:47:34.273Z' - created_at: '2025-01-08T04:47:34.273Z' - created_by: elastic - description: List of bad internet ips. - id: 21b01cfb-058d-44b9-838c-282be16c91cd - immutable: false - name: Bad ips - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: '2025-01-08T05:39:39.292Z' - updated_by: elastic - version: 3 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: id: Required' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -36041,57 +14793,36 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [DELETE /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list id: \"ip_list\" was not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete a value list + summary: Delete a list tags: - Security Lists API get: - description: Get the details of a value list using the list ID. + description: Get the details of a list using the list ID. operationId: ReadList parameters: - - in: query + - description: List's `id` value + in: query name: id required: true schema: @@ -36100,34 +14831,12 @@ paths: '200': content: application/json: - examples: - ip: - value: - _version: WzEsMV0= - '@timestamp': '2025-01-08T04:47:34.273Z' - created_at: '2025-01-08T04:47:34.273Z' - created_by: elastic - description: This list describes bad internet ip - id: ip_list - immutable: false - name: My bad ips - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: '2025-01-08T05:21:53.843Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: id: Required' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -36136,66 +14845,41 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: "[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]" - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/lists?id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list id: \"foo\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get value list details + summary: Get list details tags: - Security Lists API patch: - description: Update specific fields of an existing list using the list `id`. + description: Update specific fields of an existing list using the list ID. operationId: PatchList requestBody: content: application/json: schema: - example: - id: ip_list - name: Bad ips list - UPDATED type: object properties: _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + type: string description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: @@ -36205,43 +14889,22 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' + minimum: 1 + type: integer required: - id - description: Value list's properties + description: List's properties required: true responses: '200': content: application/json: - examples: - ip: - value: - _version: WzEsMV0= - '@timestamp': '2025-01-08T04:47:34.273Z' - created_at: '2025-01-08T04:47:34.273Z' - created_by: elastic - description: This list describes bad internet ips - id: ip_list - immutable: false - name: Bad ips list - UPDATED - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: '2025-01-08T05:21:53.843Z' - updated_by: elastic - version: 2 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: name: Expected string, received number' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -36250,92 +14913,43 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [PATCH /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list id: \"foo\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Patch a value list + summary: Patch a list tags: - Security Lists API post: - description: Create a new value list. + description: Create a new list. operationId: CreateList requestBody: content: application/json: - examples: - ip: - value: - description: This list describes bad internet ips - id: ip_list - name: Simple list with ips - type: ip - ip_range: - value: - description: This list has ip ranges - id: ip_range_list - name: Simple list with ip ranges - type: ip_range - keyword: - value: - description: This list describes bad host names - id: keyword_list - name: Simple list with a keyword - type: keyword - keyword_custom_format: - value: - description: This parses the first found ipv4 only - deserializer: '{{value}}' - id: keyword_custom_format_list - name: Simple list with a keyword using a custom format - serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) - type: keyword schema: type: object properties: description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: - $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' + type: string id: $ref: '#/components/schemas/Security_Lists_API_ListId' meta: @@ -36343,7 +14957,7 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: - $ref: '#/components/schemas/Security_Lists_API_ListSerializer' + type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' version: @@ -36354,86 +14968,18 @@ paths: - name - description - type - description: Value list's properties + description: List's properties required: true responses: '200': content: application/json: - examples: - ip: - value: - _version: WzAsMV0= - '@timestamp': '2025-01-08T04:47:34.273Z' - created_at: '2025-01-08T04:47:34.273Z' - created_by: elastic - description: This list describes bad internet ips - id: ip_list - immutable: false - name: Simple list with ips - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: '2025-01-08T04:47:34.273Z' - updated_by: elastic - version: 1 - ip_range: - value: - _version: WzAsMV0= - '@timestamp': '2025-01-09T18:23:52.241Z' - created_at: '2025-01-09T18:23:52.241Z' - created_by: elastic - description: This list has ip ranges - id: ip_range_list - immutable: false - name: Simple list with ip ranges - tie_breaker_id: 74aebdaf-601f-4940-b351-155728ff7003 - type: ip_range - updated_at: '2025-01-09T18:23:52.241Z' - updated_by: elastic - version: 1 - keyword: - value: - _version: WzEsMV0= - '@timestamp': '2025-01-09T18:24:55.786Z' - created_at: '2025-01-09T18:24:55.786Z' - created_by: elastic - description: This list describes bad host names - id: keyword_list - immutable: false - name: Simple list with a keyword - tie_breaker_id: f7e7dbaa-daf7-4c9a-a3dc-56643923ef68 - type: keyword - updated_at: '2025-01-09T18:24:55.786Z' - updated_by: elastic - version: 1 - keyword_custom_format: - value: - _version: WzIsMV0= - '@timestamp': '2025-01-09T18:25:39.604Z' - created_at: '2025-01-09T18:25:39.604Z' - created_by: elastic - description: This parses the first found ipv4 only - deserializer: '{{value}}' - id: keyword_custom_format_list - immutable: false - name: Simple list with a keyword using a custom format - serializer: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) - tie_breaker_id: 8247ae63-b780-47b8-9a89-948b643e9ec2 - type: keyword - updated_at: '2025-01-09T18:25:39.604Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: application/json: - examples: - notFound: - value: - message: To create a list, the data stream must exist first. Data stream \".lists-default\" does not exist - status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -36442,55 +14988,33 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json: - examples: - alreadyExists: - value: - message: 'list id: "keyword_custom_format_list" already exists' - status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List already exists response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Create a value list + summary: Create a list tags: - Security Lists API put: description: | - Update a value list using the list `id`. The original list is replaced, and all unspecified fields are deleted. + Update a list using the list ID. The original list is replaced, and all unspecified fields are deleted. > info > You cannot modify the `id` value. operationId: UpdateList @@ -36498,14 +15022,10 @@ paths: content: application/json: schema: - example: - description: Latest list of bad ips - id: ip_list - name: Bad ips - updated type: object properties: _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + type: string description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' id: @@ -36515,45 +15035,24 @@ paths: name: $ref: '#/components/schemas/Security_Lists_API_ListName' version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' + minimum: 1 + type: integer required: - id - name - description - description: Value list's properties + description: List's properties required: true responses: '200': content: application/json: - examples: - ip: - value: - _version: WzIsMV0= - '@timestamp': '2025-01-08T04:47:34.273Z' - created_at: '2025-01-08T04:47:34.273Z' - created_by: elastic - description: Latest list of bad ips - id: ip_list - immutable: false - name: Bad ips - updated - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: '2025-01-08T05:39:39.292Z' - updated_by: elastic - version: 3 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: id: Expected string, received number' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -36562,80 +15061,53 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [PUT /api/lists] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list id: \"foo\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Update a value list + summary: Update a list tags: - Security Lists API /api/lists/_find: get: - description: Get a paginated subset of value lists. By default, the first page is returned, with 20 results per page. + description: Get a paginated subset of lists. By default, the first page is returned, with 20 results per page. operationId: FindLists parameters: - - description: The page number to return. + - description: The page number to return in: query name: page required: false schema: - example: 1 type: integer - - description: The number of value lists to return per page. + - description: The number of lists to return per page in: query name: per_page required: false schema: - example: 20 type: integer - - description: Determines which field is used to sort the results. + - description: Determines which field is used to sort the results in: query name: sort_field required: false schema: - example: name - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -36644,9 +15116,11 @@ paths: enum: - desc - asc - example: asc type: string - - description: Returns the lists that come after the last lists returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. + - description: | + Returns the list that come after the last list returned in the previous call + (use the cursor value returned in the previous call). This parameter uses + the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. in: query name: cursor required: false @@ -36664,30 +15138,6 @@ paths: '200': content: application/json: - examples: - ipList: - value: - cursor: WzIwLFsiZjU1MDgxODgtYjFlOS00ZTZlLTk2NjItZDAzOWE3ZDg5ODk5Il1d - data: - - _version: WzAsMV0= - '@timestamp': | - 2025-01-08T04:47:34.273Z - created_at: | - 2025-01-08T04:47:34.273Z - created_by: elastic - description: This list describes bad internet ip - id: ip_list - immutable: false - name: Simple list with an ip - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: | - 2025-01-08T04:47:34.273Z - updated_by: elastic - version: 1 - page: 1 - per_page: 20 - total: 1 schema: type: object properties: @@ -36716,12 +15166,6 @@ paths: '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request query]: page: Expected number, received nan' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -36730,39 +15174,22 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/lists/_find?page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get value lists + summary: Get lists tags: - Security Lists API /api/lists/index: @@ -36792,12 +15219,6 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -36816,15 +15237,10 @@ paths: '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete value list data streams + summary: Delete list data streams tags: - Security Lists API get: @@ -36856,12 +15272,6 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -36880,15 +15290,10 @@ paths: '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get status of value list data streams + summary: Get status of list data streams tags: - Security Lists API post: @@ -36917,13 +15322,6 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: | - [security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate] - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response @@ -36936,22 +15334,12 @@ paths: '409': content: application/json: - examples: - alreadyExists: - value: - message: 'data stream: \".lists-default\" and \".items-default\" already exists' - status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List data stream exists response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response @@ -36960,29 +15348,28 @@ paths: - Security Lists API /api/lists/items: delete: - description: Delete a value list item using its `id`, or its `list_id` and `value` fields. + description: Delete a list item using its `id`, or its `list_id` and `value` fields. operationId: DeleteListItem parameters: - - description: Value list item's identifier. Required if `list_id` and `value` are not specified. + - description: Required if `list_id` and `value` are not specified in: query name: id required: false schema: - $ref: '#/components/schemas/Security_Lists_API_ListItemId' - - description: Value list's identifier. Required if `id` is not specified. + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The value used to evaluate exceptions. Required if `id` is not specified. + - description: Required if `id` is not specified in: query name: value required: false schema: - example: 255.255.255.255 type: string - - description: Determines when changes made by the request are made visible to search. + - description: Determines when changes made by the request are made visible to search in: query name: refresh required: false @@ -36992,26 +15379,11 @@ paths: - 'true' - 'false' - wait_for - example: false type: string responses: '200': content: application/json: - examples: - ip: - value: - _version: WzIwLDFd - '@timestamp': '2025-01-08T05:15:05.159Z' - created_at: '2025-01-08T05:15:05.159Z' - created_by: elastic - id: pd1WRJQBs4HAK3VQeHFI - list_id: ip_list - tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 - type: ip - updated_at: '2025-01-08T05:44:14.009Z' - updated_by: elastic - value: 255.255.255.255 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -37022,11 +15394,6 @@ paths: '400': content: application/json: - examples: - badRequest: - value: - message: Either \"list_id\" or \"id\" needs to be defined in the request - status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37035,93 +15402,56 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [DELETE /api/lists/items?id=pd1WRJQBs4HAK3VQeHFI] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list item with id: \"pd1WRJQBs4HAK3VQeHFI\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Delete a value list item + summary: Delete a list item tags: - Security Lists API get: - description: Get the details of a value list item. + description: Get the details of a list item. operationId: ReadListItem parameters: - - description: Value list item identifier. Required if `list_id` and `value` are not specified. + - description: Required if `list_id` and `value` are not specified in: query name: id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: Value list item list's `id` identfier. Required if `id` is not specified. + - description: Required if `id` is not specified in: query name: list_id required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The value used to evaluate exceptions. Required if `id` is not specified. + - description: Required if `id` is not specified in: query name: value required: false schema: - example: 127.0.0.2 type: string responses: '200': content: application/json: - examples: - ip: - value: - _version: WzExLDFd - '@timestamp': '2025-01-08T05:16:25.882Z' - created_at: '2025-01-08T05:16:25.882Z' - created_by: elastic - id: qN1XRJQBs4HAK3VQs3Gc - list_id: ip_list - tie_breaker_id: a9a34c02-a385-436e-86a0-02a3942f3537 - type: ip - updated_at: '2025-01-08T05:16:25.882Z' - updated_by: elastic - value: 127.0.0.2 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_ListItem' @@ -37132,11 +15462,6 @@ paths: '400': content: application/json: - examples: - badRequest: - value: - message: Either \"list_id\" or \"id\" needs to be defined in the request - status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37145,72 +15470,47 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/lists/items?id=qN1XRJQBs4HAK3VQs3Gc] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list item id: \"foo\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get a value list item + summary: Get a list item tags: - Security Lists API patch: - description: Update specific fields of an existing value list item using the item `id`. + description: Update specific fields of an existing list item using the list item ID. operationId: PatchListItem requestBody: content: application/json: schema: - example: - id: pd1WRJQBs4HAK3VQeHFI - value: 255.255.255.255 type: object properties: _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + type: string id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: Determines when changes made by the request are made visible to search. + description: Determines when changes made by the request are made visible to search enum: - 'true' - 'false' @@ -37220,37 +15520,18 @@ paths: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - id - description: Value list item's properties + description: List item's properties required: true responses: '200': content: application/json: - examples: - ipItem: - value: - _version: WzE5LDFd - '@timestamp': '2025-01-08T05:15:05.159Z' - created_at: '2025-01-08T05:15:05.159Z' - created_by: elastic - id: pd1WRJQBs4HAK3VQeHFI - list_id: ip_list - tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 - type: ip - updated_at: '2025-01-08T05:23:37.602Z' - updated_by: elastic - value: 255.255.255.255 schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - message: '{"took":15,"timed_out":false,"total":1,"updated":0,"deleted":0,"batches":1,"version_conflicts":0,"noops":0,"retries":{"bulk":0,"search":0},"throttled_millis":0,"requests_per_second":-1,"throttled_until_millis":0,"failures":[{"index":".ds-.items-default-2025.01.09-000001","id":"ip_item","cause":{"type":"document_parsing_exception","reason":"[1:107] failed to parse field [ip] of type [ip] in document with id ip_item. Preview of fields value: 2","caused_by":{"type":"illegal_argument_exception","reason":"2 is not an IP string literal."}},"status":400}]}' - status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37259,76 +15540,41 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list item id: \"foo\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Patch a value list item + summary: Patch a list item tags: - Security Lists API post: description: | - Create a value list item and associate it with the specified value list. + Create a list item and associate it with the specified list. - All value list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. + All list items in the same list must be the same type. For example, each list item in an `ip` list must define a specific IP address. > info > Before creating a list item, you must create a list. operationId: CreateListItem requestBody: content: application/json: - examples: - ip: - value: - list_id: ip_list - value: 127.0.0.1 - ip_range: - value: - list_id: ip_range_list - value: 192.168.0.0/16 - keyword: - value: - list_id: keyword_list - value: zeek schema: type: object properties: @@ -37339,76 +15585,29 @@ paths: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' refresh: - description: Determines when changes made by the request are made visible to search. + description: Determines when changes made by the request are made visible to search enum: - 'true' - 'false' - wait_for - example: wait_for type: string value: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' required: - list_id - value - description: Value list item's properties + description: List item's properties required: true responses: '200': content: application/json: - examples: - ip: - value: - _version: WzAsMV0= - '@timestamp': '2025-01-08T04:59:06.154Z' - created_at: '2025-01-08T04:59:06.154Z' - created_by: elastic - id: 21b01cfb-058d-44b9-838c-282be16c91cc - list_id: ip_list - tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a - type: ip - updated_at: '2025-01-08T04:59:06.154Z' - updated_by: elastic - value: 127.0.0.1 - ip_range: - value: - _version: WzEsMV0= - '@timestamp': '2025-01-09T18:33:08.202Z' - created_at: '2025-01-09T18:33:08.202Z' - created_by: elastic - id: ip_range_item - list_id: ip_range_list - tie_breaker_id: ea1b4189-efda-4637-b8f9-74655a5ebb61 - type: ip_range - updated_at: '2025-01-09T18:33:08.202Z' - updated_by: elastic - value: 192.168.0.0/16 - keyword: - value: - _version: WzIsMV0= - '@timestamp': '2025-01-09T18:34:29.422Z' - created_at: '2025-01-09T18:34:29.422Z' - created_by: elastic - id: 7f24737d-1da8-4626-a568-33070591bb4e - list_id: keyword_list - tie_breaker_id: 2108ced2-5e5d-401e-a88e-4dd69fc5fa27 - type: keyword - updated_at: '2025-01-09T18:34:29.422Z' - updated_by: elastic - value: zeek schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: uri [/api/lists/items] with method [post] exists but is not available with the current configuration - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37417,80 +15616,44 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 - schema: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' - description: Not enough privileges response - '404': - content: - application/json: - examples: - listNotFound: - value: - message: 'list id: \"ip_list\" does not exist' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '409': content: application/json: - examples: - alreadyExists: - value: - message: 'list item id: \"ip_item\" already exists' - status_code: 409 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item already exists response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Create a value list item + summary: Create a list item tags: - Security Lists API put: description: | - Update a value list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. + Update a list item using the list item ID. The original list item is replaced, and all unspecified fields are deleted. > info > You cannot modify the `id` value. operationId: UpdateListItem requestBody: content: application/json: - example: - id: ip_item - value: 255.255.255.255 schema: type: object properties: _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + type: string id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' meta: @@ -37500,38 +15663,18 @@ paths: required: - id - value - description: Value list item's properties + description: List item's properties required: true responses: '200': content: application/json: - examples: - ip: - value: - _version: WzIwLDFd - '@timestamp': '2025-01-08T05:15:05.159Z' - created_at: '2025-01-08T05:15:05.159Z' - created_by: elastic - id: pd1WRJQBs4HAK3VQeHFI - list_id: ip_list - tie_breaker_id: eee41dc7-1666-4876-982f-8b0f7b59eca3 - type: ip - updated_at: '2025-01-08T05:44:14.009Z' - updated_by: elastic - value: 255.255.255.255 schema: $ref: '#/components/schemas/Security_Lists_API_ListItem' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request - message: '[request body]: id: Expected string, received number' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37540,58 +15683,36 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [PATCH /api/lists/items] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '404': content: application/json: - examples: - notFound: - value: - message: 'list item id: \"foo\" not found' - status_code: 404 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: List item not found response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Update a value list item + summary: Update a list item tags: - Security Lists API /api/lists/items/_export: post: - description: Export list item values from the specified value list. + description: Export list item values from the specified list. operationId: ExportListItems parameters: - - description: Value list's `id` to export. + - description: List's id to export in: query name: list_id required: true @@ -37603,27 +15724,12 @@ paths: application/ndjson: schema: description: A `.txt` file containing list items from the specified list - example: | - 127.0.0.1 - 127.0.0.2 - 127.0.0.3 - 127.0.0.4 - 127.0.0.5 - 127.0.0.6 - 127.0.0.7 - 127.0.0.8 - 127.0.0.9 format: binary type: string description: Successful response '400': content: application/json: - examples: - badRequest: - value: - error: 'Bad Request","message":"[request query]: list_id: Required' - statusCode: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37632,24 +15738,12 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/lists/items/_export?list_id=ips.txt] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response @@ -37662,50 +15756,41 @@ paths: '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Export value list items + summary: Export list items tags: - Security Lists API /api/lists/items/_find: get: - description: Get all value list items in the specified list. + description: Get all list items in the specified list. operationId: FindListItems parameters: - - in: query + - description: List's id + in: query name: list_id required: true schema: $ref: '#/components/schemas/Security_Lists_API_ListId' - - description: The page number to return. + - description: The page number to return in: query name: page required: false schema: - example: 1 type: integer - - description: The number of list items to return per page. + - description: The number of list items to return per page in: query name: per_page required: false schema: - example: 20 type: integer - - description: Determines which field is used to sort the results. + - description: Determines which field is used to sort the results in: query name: sort_field required: false schema: - example: value - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' - description: Determines the sort order, which can be `desc` or `asc` in: query name: sort_order @@ -37714,9 +15799,12 @@ paths: enum: - desc - asc - example: asc type: string - - in: query + - description: | + Returns the list that come after the last list returned in the previous call + (use the cursor value returned in the previous call). This parameter uses + the `tie_breaker_id` field to ensure all lists are sorted and returned correctly. + in: query name: cursor required: false schema: @@ -37733,25 +15821,6 @@ paths: '200': content: application/json: - examples: - ip: - value: - cursor: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d - data: - - _version: WzAsMV0= - '@timestamp': '2025-01-08T04:59:06.154Z' - created_at: '2025-01-08T04:59:06.154Z' - created_by: elastic - id: 21b01cfb-058d-44b9-838c-282be16c91cc - list_id: ip_list - tie_breaker_id: b57c762c-3036-465c-9bfb-7bfb5e6e515a - type: ip - updated_at: '2025-01-08T04:59:06.154Z' - updated_by: elastic - value: 127.0.0.1 - page: 1 - per_page: 20 - total: 1 schema: type: object properties: @@ -37780,12 +15849,6 @@ paths: '400': content: application/json: - examples: - badRequest: - value: - error: Bad Request, - message: '[request query]: list_id: Required' - statusCode: 400, schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37794,45 +15857,28 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/lists/items/_find?list_id=ip_list&page=1&per_page=20] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get value list items + summary: Get list items tags: - Security Lists API /api/lists/items/_import: post: description: | - Import value list items from a TXT or CSV file. The maximum file size is 9 million bytes. + Import list items from a TXT or CSV file. The maximum file size is 9 million bytes. You can import items to a new or existing list. operationId: ImportListItems @@ -37849,39 +15895,23 @@ paths: - description: | Type of the importing list. - Required when importing a new list whose list `id` is not specified. - examples: - ip: - value: ip + Required when importing a new list that is `list_id` is not specified. in: query name: type required: false schema: $ref: '#/components/schemas/Security_Lists_API_ListType' - - description: | - Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups: - - - `(?.+)` - Single value item types, such as ip, long, date, keyword, and text. - - `(?.+)-(?.+)|(?.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. - in: query + - in: query name: serializer required: false schema: - example: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) type: string - - description: | - Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions: - - - `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`. - - `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. - - `{{{gte}}},{{{lte}}}` - Date range values. - in: query + - in: query name: deserializer required: false schema: - example: '{{value}}' type: string - - description: Determines when changes made by the request are made visible to search. + - description: Determines when changes made by the request are made visible to search in: query name: refresh required: false @@ -37890,7 +15920,6 @@ paths: - 'true' - 'false' - wait_for - example: true type: string requestBody: content: @@ -37899,17 +15928,7 @@ paths: type: object properties: file: - description: A `.txt` or `.csv` file containing newline separated list items. - example: | - 127.0.0.1 - 127.0.0.2 - 127.0.0.3 - 127.0.0.4 - 127.0.0.5 - 127.0.0.6 - 127.0.0.7 - 127.0.0.8 - 127.0.0.9 + description: A `.txt` or `.csv` file containing newline separated list items format: binary type: string required: true @@ -37917,33 +15936,12 @@ paths: '200': content: application/json: - examples: - ip: - value: - _version: WzAsMV0= - '@timestamp': '2025-01-08T04:47:34.273Z' - created_at: '2025-01-08T04:47:34.273Z' - created_by: elastic - description: This list describes bad internet ip - id: ip_list - immutable: false - name: Simple list with an ip - tie_breaker_id: f5508188-b1e9-4e6e-9662-d039a7d89899 - type: ip - updated_at: '2025-01-08T04:47:34.273Z' - updated_by: elastic - version: 1 schema: $ref: '#/components/schemas/Security_Lists_API_List' description: Successful response '400': content: application/json: - examples: - badRequest: - value: - message: Either type or list_id need to be defined in the query - status_code: 400 schema: oneOf: - $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' @@ -37952,24 +15950,12 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [POST /api/lists/items/_import?list_id=ip_list] is unauthorized for user, this action is granted by the Kibana privileges [lists-all] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response @@ -37982,15 +15968,10 @@ paths: '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Import value list items + summary: Import list items tags: - Security Lists API /api/lists/privileges: @@ -38000,74 +15981,6 @@ paths: '200': content: application/json: - examples: - privileges: - value: - is_authenticated: true - listItems: - application: {} - cluster: - all: true - manage: true - manage_api_key: true - manage_index_templates: true - manage_ml: true - manage_own_api_key: true - manage_pipeline: true - manage_security: true - manage_transform: true - monitor: true - monitor_ml: true - monitor_transform: true - has_all_requested: true - index: - .items-default: - all: true - create: true - create_doc: true - create_index: true - delete: true - delete_index: true - index: true - maintenance: true - manage: true - monitor: true - read: true - view_index_metadata: true - write: true - username: elastic - lists: - application: {} - cluster: - all: true - manage: true - manage_api_key: true - manage_index_templates: true - manage_ml: true - manage_own_api_key: true - manage_pipeline: true - manage_security: true - manage_transform: true - monitor: true - monitor_ml: true - monitor_transform: true - has_all_requested: true - index: - .lists-default: - all: true - create: true - create_doc: true - create_index: true - delete: true - delete_index: true - index: true - maintenance: true - manage: true - monitor: true - read: true - view_index_metadata: true - write: true - username: elastic schema: type: object properties: @@ -38093,39 +16006,22 @@ paths: '401': content: application/json: - examples: - unauthorized: - value: - error: Unauthorized - message: '[security_exception\n\tRoot causes:\n\t\tsecurity_exception: unable to authenticate user [elastic] for REST request [/_security/_authenticate]]: unable to authenticate user [elastic] for REST request [/_security/_authenticate]' - statusCode: 401 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Unsuccessful authentication response '403': content: application/json: - examples: - forbidden: - value: - error: Forbidden - message: API [GET /api/lists/privileges] is unauthorized for user, this action is granted by the Kibana privileges [lists-read] - statusCode: 403 schema: $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' description: Not enough privileges response '500': content: application/json: - examples: - serverError: - value: - message: Internal Server Error - status_code: 500 schema: $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' description: Internal server error response - summary: Get value list privileges + summary: Get list privileges tags: - Security Lists API /api/ml/saved_objects/sync: @@ -38184,6 +16080,13 @@ paths: required: true responses: '200': + content: + application/json: + schema: + type: object + properties: + data: + type: object description: Indicates the note was successfully deleted. summary: Delete a note tags: @@ -38244,7 +16147,9 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object description: Indicates the requested notes were returned. summary: Get notes tags: @@ -38287,7 +16192,17 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' + type: object + properties: + data: + type: object + properties: + persistNote: + $ref: '#/components/schemas/Security_Timeline_API_ResponseNote' + required: + - persistNote + required: + - data description: Indicates the note was successfully created. summary: Add or update a note tags: @@ -38625,7 +16540,17 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' + type: object + properties: + data: + type: object + properties: + persistPinnedEventOnTimeline: + $ref: '#/components/schemas/Security_Timeline_API_PersistPinnedEventResponse' + required: + - persistPinnedEventOnTimeline + required: + - data description: Indicates the event was successfully pinned to the Timeline. summary: Pin an event tags: @@ -38659,57 +16584,6 @@ paths: summary: Cleanup the Risk Engine tags: - Security Entity Analytics API - /api/risk_score/engine/saved_object/configure: - patch: - description: Configuring the Risk Engine Saved Object - operationId: ConfigureRiskEngineSavedObject - requestBody: - content: - application/json: - schema: - type: object - properties: - exclude_alert_statuses: - items: - type: string - type: array - exclude_alert_tags: - items: - type: string - type: array - range: - type: object - properties: - end: - type: string - start: - type: string - required: true - responses: - '200': - content: - application/json: - schema: - type: object - properties: - risk_engine_saved_object_configured: - type: boolean - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' - description: Task manager is unavailable - default: - content: - application/json: - schema: - $ref: '#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse' - description: Unexpected error - summary: Configure the Risk Engine Saved Object - tags: - - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: description: Schedule the risk scoring engine to run as soon as possible. You can use this to recalculate entity risk scores after updating their asset criticality. @@ -41465,6 +19339,20 @@ paths: required: true responses: '200': + content: + application/json: + schema: + type: object + properties: + data: + type: object + properties: + deleteTimeline: + type: boolean + required: + - deleteTimeline + required: + - data description: Indicates the Timeline was successfully deleted. summary: Delete Timelines or Timeline templates tags: @@ -41488,7 +19376,20 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + oneOf: + - type: object + properties: + data: + type: object + properties: + getOneTimeline: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + required: + - getOneTimeline + required: + - data + - additionalProperties: false + type: object description: Indicates that the (template) Timeline was found and returned. summary: Get Timeline or Timeline template details tags: @@ -41792,7 +19693,17 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' + type: object + properties: + data: + type: object + properties: + persistFavorite: + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResponse' + required: + - persistFavorite + required: + - data description: Indicates the favorite status was successfully updated. '403': content: @@ -41946,7 +19857,15 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' + oneOf: + - type: object + properties: + data: + $ref: '#/components/schemas/Security_Timeline_API_ResolvedTimeline' + required: + - data + - additionalProperties: false + type: object description: The (template) Timeline has been found '400': description: The request is missing parameters @@ -46817,6 +24736,13 @@ components: disabledFeatures: [] imageUrl: '' parameters: + Alerting_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string APM_UI_elastic_api_version: description: The version of the API to use in: header @@ -46922,6 +24848,14 @@ components: minItems: 1 type: string type: array + Cases_includeComments: + deprecated: true + description: Deprecated in 8.1.0. This parameter is deprecated and will be removed in a future release. It determines whether case comments are returned. + in: query + name: includeComments + schema: + default: true + type: boolean Cases_kbn_xsrf: description: Cross-site request forgery protection in: header @@ -47162,6 +25096,89 @@ components: type: integer title: Unsuccessful rule API response type: object + Alerting_alert_response_properties: + title: Legacy alert response properties + type: object + properties: + actions: + items: + type: object + type: array + alertTypeId: + example: .index-threshold + type: string + apiKeyOwner: + example: elastic + nullable: true + type: string + createdAt: + description: The date and time that the alert was created. + example: '2022-12-05T23:36:58.284Z' + format: date-time + type: string + createdBy: + description: The identifier for the user that created the alert. + example: elastic + type: string + enabled: + description: Indicates whether the alert is currently enabled. + example: true + type: boolean + executionStatus: + type: object + properties: + lastExecutionDate: + example: '2022-12-06T00:13:43.890Z' + format: date-time + type: string + status: + example: ok + type: string + id: + description: The identifier for the alert. + example: b530fed0-74f5-11ed-9801-35303b735aef + type: string + muteAll: + example: false + type: boolean + mutedInstanceIds: + items: + type: string + nullable: true + type: array + name: + description: The name of the alert. + example: my alert + type: string + notifyWhen: + example: onActionGroupChange + type: string + params: + additionalProperties: true + type: object + schedule: + type: object + properties: + interval: + type: string + scheduledTaskId: + example: b530fed0-74f5-11ed-9801-35303b735aef + type: string + tags: + items: + type: string + type: array + throttle: + nullable: true + type: string + updatedAt: + example: '2022-12-05T23:36:58.284Z' + type: string + updatedBy: + description: The identifier for the user that updated this alert most recently. + example: elastic + nullable: true + type: string Alerting_fieldmap_properties: title: Field map objects in the get rule types response type: object @@ -47677,6 +25694,23 @@ components: type: integer title: Unsuccessful cases API response type: object + Cases_action_types: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + type: string Cases_actions: enum: - add @@ -49427,6 +27461,76 @@ components: - payload - type - version + Cases_user_actions_response_properties: + type: object + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + case_id: + example: 22df07d0-03b1-11ed-920c-974bfa104448 + type: string + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owner' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type Cases_user_comment_response_properties: title: Case response properties for user comments type: object @@ -56858,14 +34962,11 @@ components: type: object properties: _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: - description: Autogenerated date of object creation. format: date-time type: string created_by: - description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription' @@ -56886,16 +34987,13 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags' tie_breaker_id: - description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType' updated_at: - description: Autogenerated date of last object update. format: date-time type: string updated_by: - description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion' @@ -56914,42 +35012,31 @@ components: - updated_at - updated_by Security_Endpoint_Exceptions_API_ExceptionListDescription: - description: Describes the exception list. - example: This list tracks allowlisted values. type: string Security_Endpoint_Exceptions_API_ExceptionListHumanId: - description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. - example: simple_list - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` Security_Endpoint_Exceptions_API_ExceptionListId: - description: Exception list's identifier. - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray' created_at: - description: Autogenerated date of object creation. format: date-time type: string created_by: - description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray' expire_time: - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime' + format: date-time + type: string id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId' item_id: @@ -56967,16 +35054,13 @@ components: tags: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags' tie_breaker_id: - description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType' updated_at: - description: Autogenerated date of last object update. format: date-time type: string updated_by: - description: Autogenerated value - user that last updated object. type: string required: - id @@ -56999,7 +35083,6 @@ components: comment: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' created_at: - description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -57007,7 +35090,6 @@ components: id: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' updated_at: - description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -57018,15 +35100,10 @@ components: - created_at - created_by Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: - description: | - Array of comment fields: - - - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment' type: array Security_Endpoint_Exceptions_API_ExceptionListItemDescription: - description: Describes the exception list. type: string Security_Endpoint_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -57168,40 +35245,22 @@ components: - excluded - included type: string - Security_Endpoint_Exceptions_API_ExceptionListItemExpireTime: - description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. - format: date-time - type: string Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: - description: Human readable string identifier, e.g. `trusted-linux-processes` - example: simple_list_item - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItemId: - description: Exception's identifier. - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Endpoint_Exceptions_API_ExceptionListItemName: - description: Exception list name. - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListItemTags: items: - description: String array containing words and phrases to help categorize exception items. - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' type: array Security_Endpoint_Exceptions_API_ExceptionListItemType: enum: @@ -57209,31 +35268,24 @@ components: type: string Security_Endpoint_Exceptions_API_ExceptionListMeta: additionalProperties: true - description: Placeholder for metadata about the list container. type: object Security_Endpoint_Exceptions_API_ExceptionListName: - description: The name of the exception list. - example: My exception list type: string Security_Endpoint_Exceptions_API_ExceptionListOsType: - description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: - description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType' type: array Security_Endpoint_Exceptions_API_ExceptionListTags: - description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Endpoint_Exceptions_API_ExceptionListType: - description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -57244,7 +35296,6 @@ components: - endpoint_blocklists type: string Security_Endpoint_Exceptions_API_ExceptionListVersion: - description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Endpoint_Exceptions_API_ExceptionNamespaceType: @@ -57261,18 +35312,8 @@ components: Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ListId: - description: Value list's identifier. - example: 21b01cfb-058d-44b9-838c-282be16c91cd - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' Security_Endpoint_Exceptions_API_ListType: - description: | - Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: - - - `keyword`: Many ECS fields are Elasticsearch keywords - - `ip`: IP addresses - - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -57326,6 +35367,17 @@ components: required: - status_code - message + Security_Endpoint_Management_API_ActionLogRequestQuery: + type: object + properties: + end_date: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' + page: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + page_size: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' + start_date: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' Security_Endpoint_Management_API_ActionStateSuccessResponse: type: object properties: @@ -57538,7 +35590,22 @@ components: required: - parameters Security_Endpoint_Management_API_GetProcessesRouteRequestBody: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids Security_Endpoint_Management_API_HostPathScriptParameters: type: object properties: @@ -57557,7 +35624,22 @@ components: required: - hostPath Security_Endpoint_Management_API_IsolateRouteRequestBody: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -57642,33 +35724,17 @@ components: format: nonempty minLength: 1 type: string - Security_Endpoint_Management_API_NoParametersRequestSchema: - type: object - properties: - body: - type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids - required: - - body Security_Endpoint_Management_API_Page: default: 1 description: Page number minimum: 1 type: integer + Security_Endpoint_Management_API_PageSize: + default: 10 + description: Number of items per page + maximum: 100 + minimum: 1 + type: integer Security_Endpoint_Management_API_Parameters: description: Optional parameters object type: object @@ -57816,7 +35882,22 @@ components: minLength: 1 type: array Security_Endpoint_Management_API_UnisolateRouteRequestBody: - $ref: '#/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -58012,27 +36093,6 @@ components: required: - cleanup_successful - errors - Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse: - type: object - properties: - errors: - items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error - type: array - risk_engine_saved_object_configured: - example: false - type: boolean - required: - - risk_engine_saved_object_configured - - errors Security_Entity_Analytics_API_CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts' @@ -58571,14 +36631,11 @@ components: type: object properties: _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string created_at: - description: Autogenerated date of object creation. format: date-time type: string created_by: - description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListDescription' @@ -58599,16 +36656,13 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' tie_breaker_id: - description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' updated_at: - description: Autogenerated date of last object update. format: date-time type: string updated_by: - description: Autogenerated value - user that last updated object. type: string version: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' @@ -58627,42 +36681,31 @@ components: - updated_at - updated_by Security_Exceptions_API_ExceptionListDescription: - description: Describes the exception list. - example: This list tracks allowlisted values. type: string Security_Exceptions_API_ExceptionListHumanId: - description: Exception list's human readable string identifier, e.g. `trusted-linux-processes`. - example: simple_list - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` Security_Exceptions_API_ExceptionListId: - description: Exception list's identifier. - example: 9e5fc75a-a3da-46c5-96e3-a2ec59c6bb85 - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItem: type: object properties: _version: - description: The version id, normally returned by the API when the item was retrieved. Use it ensure updates are done against the latest version. type: string comments: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray' created_at: - description: Autogenerated date of object creation. format: date-time type: string created_by: - description: Autogenerated value - user that created object. type: string description: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemDescription' entries: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray' expire_time: - $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemExpireTime' + format: date-time + type: string id: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' item_id: @@ -58680,16 +36723,13 @@ components: tags: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' tie_breaker_id: - description: Field used in search to ensure all containers are sorted and returned correctly. type: string type: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' updated_at: - description: Autogenerated date of last object update. format: date-time type: string updated_by: - description: Autogenerated value - user that last updated object. type: string required: - id @@ -58712,7 +36752,6 @@ components: comment: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' created_at: - description: Autogenerated date of object creation. format: date-time type: string created_by: @@ -58720,7 +36759,6 @@ components: id: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' updated_at: - description: Autogenerated date of last object update. format: date-time type: string updated_by: @@ -58731,15 +36769,10 @@ components: - created_at - created_by Security_Exceptions_API_ExceptionListItemCommentArray: - description: | - Array of comment fields: - - - comment (string): Comments about the exception item. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array Security_Exceptions_API_ExceptionListItemDescription: - description: Describes the exception list. type: string Security_Exceptions_API_ExceptionListItemEntry: anyOf: @@ -58881,40 +36914,22 @@ components: - excluded - included type: string - Security_Exceptions_API_ExceptionListItemExpireTime: - description: The exception item’s expiration date, in ISO format. This field is only available for regular exception items, not endpoint exceptions. - format: date-time - type: string Security_Exceptions_API_ExceptionListItemHumanId: - description: Human readable string identifier, e.g. `trusted-linux-processes` - example: simple_list_item - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItemId: - description: Exception's identifier. - example: 71a9f4b2-c85c-49b4-866f-c71eb9e67da2 - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItemMeta: additionalProperties: true type: object Security_Exceptions_API_ExceptionListItemName: - description: Exception list name. - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ExceptionListItemOsTypeArray: items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array Security_Exceptions_API_ExceptionListItemTags: items: - description: String array containing words and phrases to help categorize exception items. - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' type: array Security_Exceptions_API_ExceptionListItemType: enum: @@ -58922,21 +36937,16 @@ components: type: string Security_Exceptions_API_ExceptionListMeta: additionalProperties: true - description: Placeholder for metadata about the list container. type: object Security_Exceptions_API_ExceptionListName: - description: The name of the exception list. - example: My exception list type: string Security_Exceptions_API_ExceptionListOsType: - description: Use this field to specify the operating system. enum: - linux - macos - windows type: string Security_Exceptions_API_ExceptionListOsTypeArray: - description: Use this field to specify the operating system. Only enter one value. items: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' type: array @@ -58966,12 +36976,10 @@ components: $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError' type: array Security_Exceptions_API_ExceptionListTags: - description: String array containing words and phrases to help categorize exception containers. items: type: string type: array Security_Exceptions_API_ExceptionListType: - description: The type of exception list to be created. Different list types may denote where they can be utilized. enum: - detection - rule_default @@ -58982,7 +36990,6 @@ components: - endpoint_blocklists type: string Security_Exceptions_API_ExceptionListVersion: - description: The document version, automatically increasd on updates. minimum: 1 type: integer Security_Exceptions_API_ExceptionNamespaceType: @@ -58999,21 +37006,10 @@ components: Security_Exceptions_API_FindExceptionListItemsFilter: $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_FindExceptionListsFilter: - example: exception-list.attributes.name:%Detection%20List type: string Security_Exceptions_API_ListId: - description: Value list's identifier. - example: 21b01cfb-058d-44b9-838c-282be16c91cd - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' Security_Exceptions_API_ListType: - description: | - Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: - - - `keyword`: Many ECS fields are Elasticsearch keywords - - `ip`: IP addresses - - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -59087,44 +37083,30 @@ components: format: uuid type: string Security_Lists_API_FindListItemsCursor: - description: Returns the items that come after the last item returned in the previous call (use the `cursor` value returned in the previous call). This parameter uses the `tie_breaker_id` field to ensure all items are sorted and returned correctly. - example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_FindListItemsFilter: - example: value:127.0.0.1 type: string Security_Lists_API_FindListsCursor: - example: WzIwLFsiYjU3Yzc2MmMtMzAzNi00NjVjLTliZmItN2JmYjVlNmU1MTVhIl1d - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_FindListsFilter: - example: value:127.0.0.1 type: string Security_Lists_API_List: type: object properties: _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + type: string '@timestamp': - example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_at: - description: Autogenerated date of object creation. - example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_by: - description: Autogenerated value - user that created object. - example: elastic type: string description: $ref: '#/components/schemas/Security_Lists_API_ListDescription' deserializer: - $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' + type: string id: $ref: '#/components/schemas/Security_Lists_API_ListId' immutable: @@ -59134,24 +37116,19 @@ components: name: $ref: '#/components/schemas/Security_Lists_API_ListName' serializer: - $ref: '#/components/schemas/Security_Lists_API_ListSerializer' + type: string tie_breaker_id: - description: Field used in search to ensure all containers are sorted and returned correctly. - example: f5508188-b1e9-4e6e-9662-d039a7d89899 type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: - description: Autogenerated date of last object update. - example: '2025-01-08T04:47:34.273Z' format: date-time type: string updated_by: - description: Autogenerated value - user that last updated object. - example: elastic type: string version: - $ref: '#/components/schemas/Security_Lists_API_ListVersion' + minimum: 1 + type: integer required: - id - type @@ -59165,45 +37142,24 @@ components: - updated_at - updated_by Security_Lists_API_ListDescription: - description: Describes the value list. - format: nonempty - minLength: 1 - type: string - Security_Lists_API_ListDeserializer: - description: | - Determines how retrieved list item values are presented. By default list items are presented using these Handelbar expressions: - - - `{{{value}}}` - Single value item types, such as `ip`, `long`, `date`, `keyword`, and `text`. - - `{{{gte}}}-{{{lte}}}` - Range value item types, such as `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. - - `{{{gte}}},{{{lte}}}` - Date range values. - example: '{{value}}' - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_ListId: - description: Value list's identifier. - example: 21b01cfb-058d-44b9-838c-282be16c91cd - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_ListItem: type: object properties: _version: - $ref: '#/components/schemas/Security_Lists_API_ListVersionId' + type: string '@timestamp': - example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_at: - description: Autogenerated date of object creation. - example: '2025-01-08T04:47:34.273Z' format: date-time type: string created_by: - description: Autogenerated value - user that created object. - example: elastic type: string deserializer: - $ref: '#/components/schemas/Security_Lists_API_ListDeserializer' + type: string id: $ref: '#/components/schemas/Security_Lists_API_ListItemId' list_id: @@ -59211,21 +37167,15 @@ components: meta: $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' serializer: - $ref: '#/components/schemas/Security_Lists_API_ListSerializer' + type: string tie_breaker_id: - description: Field used in search to ensure all containers are sorted and returned correctly. - example: f5508188-b1e9-4e6e-9662-d039a7d89899 type: string type: $ref: '#/components/schemas/Security_Lists_API_ListType' updated_at: - description: Autogenerated date of last object update. - example: '2025-01-08T04:47:34.273Z' format: date-time type: string updated_by: - description: Autogenerated value - user that last updated object. - example: elastic type: string value: $ref: '#/components/schemas/Security_Lists_API_ListItemValue' @@ -59240,14 +37190,9 @@ components: - updated_at - updated_by Security_Lists_API_ListItemId: - description: Value list item's identifier. - example: 54b01cfb-058d-44b9-838c-282be16c91cd - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_ListItemMetadata: additionalProperties: true - description: Placeholder for metadata about the value list item. type: object Security_Lists_API_ListItemPrivileges: type: object @@ -59277,20 +37222,12 @@ components: - index - application Security_Lists_API_ListItemValue: - description: The value used to evaluate exceptions. - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_ListMetadata: additionalProperties: true - description: Placeholder for metadata about the value list. type: object Security_Lists_API_ListName: - description: Value list's name. - example: List of bad IPs - format: nonempty - minLength: 1 - type: string + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' Security_Lists_API_ListPrivileges: type: object properties: @@ -59318,21 +37255,7 @@ components: - cluster - index - application - Security_Lists_API_ListSerializer: - description: | - Determines how uploaded list item values are parsed. By default, list items are parsed using these named regex groups: - - - `(?.+)` - Single value item types, such as ip, long, date, keyword, and text. - - `(?.+)-(?.+)|(?.+)` - Range value item types, such as `date_range`, `ip_range`, `double_range`, `float_range`, `integer_range`, and `long_range`. - example: (?((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?).){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)) - type: string Security_Lists_API_ListType: - description: | - Specifies the Elasticsearch data type of excludes the list container holds. Some common examples: - - - `keyword`: Many ECS fields are Elasticsearch keywords - - `ip`: IP addresses - - `ip_range`: Range of IP addresses (supports IPv4, IPv6, and CIDR notation) enum: - binary - boolean @@ -59358,15 +37281,10 @@ components: - short - text type: string - Security_Lists_API_ListVersion: - description: The document version number. - example: 1 - minimum: 1 - type: integer - Security_Lists_API_ListVersionId: - description: | - The version id, normally returned by the API when the document is retrieved. Use it ensure updates are done against the latest version. - example: WzIsMV0= + Security_Lists_API_NonEmptyString: + description: A string that does not contain only whitespace characters + format: nonempty + minLength: 1 type: string Security_Lists_API_PlatformErrorResponse: type: object @@ -59864,10 +37782,16 @@ components: Security_Timeline_API_FavoriteTimelineResponse: type: object properties: + code: + nullable: true + type: number favorite: items: $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' type: array + message: + nullable: true + type: string savedObjectId: type: string templateTimelineId: @@ -60036,15 +37960,28 @@ components: - version Security_Timeline_API_PersistPinnedEventResponse: oneOf: - - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' - - type: object + - allOf: + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody' + - nullable: true + type: object + Security_Timeline_API_PersistTimelineResponse: + type: object + properties: + data: + type: object properties: - unpinned: - type: boolean + persistTimeline: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + required: + - timeline required: - - unpinned - Security_Timeline_API_PersistTimelineResponse: - $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + - persistTimeline + required: + - data Security_Timeline_API_PinnedEvent: allOf: - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' @@ -60057,6 +37994,15 @@ components: required: - pinnedEventId - version + Security_Timeline_API_PinnedEventBaseResponseBody: + type: object + properties: + code: + type: number + message: + type: string + required: + - code Security_Timeline_API_QueryMatchResult: type: object properties: @@ -60097,9 +38043,15 @@ components: Security_Timeline_API_ResponseNote: type: object properties: + code: + type: number + message: + type: string note: $ref: '#/components/schemas/Security_Timeline_API_Note' required: + - code + - message - note Security_Timeline_API_RowRendererId: enum: @@ -64406,4 +42358,4 @@ x-topics: If you use the Kibana console to send API requests, it automatically adds the appropriate space identifier. - To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/master/xpack-spaces.html). + To learn more, check out [Spaces](https://www.elastic.co/guide/en/kibana/8.x/xpack-spaces.html). From 7df2d533e0051a926f0060a39e83391ba9790744 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:16:22 +0000 Subject: [PATCH 3/3] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index a2396e7e679a4..1cb2690fecc45 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -16689,7 +16689,7 @@ paths: operationId: ConfigureRiskEngineSavedObject requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -16712,7 +16712,7 @@ paths: responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: type: object properties: @@ -16721,13 +16721,13 @@ paths: description: Successful response '400': content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse' description: Task manager is unavailable default: content: - application/json; Elastic-Api-Version=2023-10-31: + application/json: schema: $ref: '#/components/schemas/Security_Entity_Analytics_API_ConfigureRiskEngineSavedObjectErrorResponse' description: Unexpected error