From c84c7881b3904805f8c7d68436d093f4a3ee2420 Mon Sep 17 00:00:00 2001 From: Konrad Szwarc Date: Fri, 28 Feb 2025 17:44:00 +0100 Subject: [PATCH 1/5] merge --- oas_docs/output/kibana.serverless.yaml | 663 ++++++++++++++--- oas_docs/output/kibana.yaml | 671 +++++++++++++++--- .../endpoint/actions/details/details.gen.ts | 5 +- .../actions/details/details.schema.yaml | 36 +- .../api/endpoint/actions/list/list.gen.ts | 41 +- .../endpoint/actions/list/list.schema.yaml | 137 +++- .../response_actions/execute/execute.gen.ts | 12 +- .../execute/execute.schema.yaml | 37 +- .../response_actions/get_file/get_file.gen.ts | 7 +- .../get_file/get_file.schema.yaml | 35 +- .../response_actions/isolate/isolate.gen.ts | 12 +- .../isolate/isolate.schema.yaml | 56 +- .../kill_process/kill_process.gen.ts | 23 +- .../kill_process/kill_process.schema.yaml | 52 +- .../running_procs/running_procs.gen.ts | 9 +- .../running_procs/running_procs.schema.yaml | 29 +- .../actions/response_actions/scan/scan.gen.ts | 10 +- .../response_actions/scan/scan.schema.yaml | 39 +- .../suspend_process/suspend_process.gen.ts | 22 +- .../suspend_process.schema.yaml | 49 +- .../unisolate/unisolate.gen.ts | 12 +- .../unisolate/unisolate.schema.yaml | 56 +- .../response_actions/upload/upload.gen.ts | 15 +- .../upload/upload.schema.yaml | 42 +- .../api/endpoint/model/schema/common.gen.ts | 26 +- .../endpoint/model/schema/common.schema.yaml | 45 +- .../common/api/quickstart_client.gen.ts | 9 +- ...agement_api_2023_10_31.bundled.schema.yaml | 671 +++++++++++++++--- ...agement_api_2023_10_31.bundled.schema.yaml | 671 +++++++++++++++--- .../services/security_solution_api.gen.ts | 13 +- 30 files changed, 2941 insertions(+), 564 deletions(-) diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index 377e0e8c0e1b9..81668b68e07db 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -7063,16 +7063,61 @@ paths: operationId: EndpointGetActionsList parameters: - in: query - name: query - required: true + name: page + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + - in: query + name: pageSize + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' + - in: query + name: commands + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' + - in: query + name: agentIds + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' + - in: query + name: userIds + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' + - in: query + name: startDate + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + - in: query + name: endDate + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' + - in: query + name: agentTypes + required: false schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery' + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + - in: query + name: withOutputs + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + - in: query + name: types + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListResponse' description: OK summary: Get response actions tags: @@ -7111,13 +7156,15 @@ paths: name: action_id required: true schema: + description: The ID of the action to retrieve. + example: fr518850-681a-4y60-aa98-e22640cae2b8 type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionResponse' description: OK summary: Get action details tags: @@ -7190,7 +7237,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteResponse' description: OK summary: Run a command tags: @@ -7211,7 +7258,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteResponse' description: OK summary: Get a file tags: @@ -7224,15 +7271,53 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + multiple_endpoints: + summary: Isolates several hosts; includes a comment + value: + comment: Locked down, pending further investigation + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + single_endpoint: + summary: Isolates a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + with_case_id: + summary: Isolates a single host with a case_id value of 1234 + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Isolating as initial response + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteResponse' description: OK summary: Isolate an endpoint tags: @@ -7253,7 +7338,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteResponse' description: OK summary: Terminate a process tags: @@ -7274,7 +7359,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteResponse' description: OK summary: Get running processes tags: @@ -7316,7 +7401,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteResponse' description: OK summary: Scan a file or directory tags: @@ -7352,7 +7437,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteResponse' description: OK summary: Suspend a process tags: @@ -7365,15 +7450,53 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + multipleHosts: + summary: 'Releases several hosts; includes a comment:' + value: + comment: Benign process identified, releasing group + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + singleHost: + summary: Releases a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + withCaseId: + summary: Releases hosts with an associated case; includes a comment. + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Remediation complete, restoring network + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteResponse' description: OK summary: Release an isolated endpoint tags: @@ -7385,7 +7508,7 @@ paths: operationId: EndpointUploadAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true @@ -7394,7 +7517,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteResponse' description: OK summary: Upload a file tags: @@ -47225,6 +47348,10 @@ components: description: Agent ID type: string Security_Endpoint_Management_API_AgentIds: + description: A list of agent IDs. Max of 50. + example: + - agent-id-1 + - agent-id-2 minLength: 1 oneOf: - items: @@ -47236,12 +47363,13 @@ components: - minLength: 1 type: string Security_Endpoint_Management_API_AgentTypes: - description: The host agent type (optional). Defaults to endpoint. + description: List of agent types to retrieve. Defaults to `endpoint`. enum: - endpoint - sentinel_one - crowdstrike - microsoft_defender_endpoint + example: endpoint type: string Security_Endpoint_Management_API_AlertIds: description: A list of alerts ids. @@ -47251,6 +47379,9 @@ components: type: array Security_Endpoint_Management_API_CaseIds: description: Case IDs to be updated (cannot contain empty strings) + example: + - case-id-1 + - case-id-2 items: minLength: 1 type: string @@ -47288,17 +47419,26 @@ components: minLength: 1 type: string Security_Endpoint_Management_API_Commands: + description: A list of response action command names. + example: + - isolate + - unisolate items: $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' type: array Security_Endpoint_Management_API_Comment: description: Optional comment + example: This is a comment type: string Security_Endpoint_Management_API_EndDate: - description: End date + description: An end date in ISO format or Date Math format. + example: '2023-10-31T23:59:59.999Z' type: string Security_Endpoint_Management_API_EndpointIds: description: List of endpoint IDs (cannot contain empty strings) + example: + - endpoint-id-1 + - endpoint-id-2 items: minLength: 1 type: string @@ -47390,12 +47530,6 @@ components: revision: 2 type: object properties: {} - Security_Endpoint_Management_API_EntityId: - type: object - properties: - entity_id: - minLength: 1 - type: string Security_Endpoint_Management_API_ExecuteRouteRequestBody: allOf: - type: object @@ -47427,33 +47561,128 @@ components: - command required: - parameters - Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: + example: + comment: Get list of all files + endpoint_ids: + - b3d6de74-36b0-4fa8-be46-c375bf1771bf + parameters: + command: ls -al + timeout: 600 + Security_Endpoint_Management_API_ExecuteRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: execute + comment: Get list of all files + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 9f934028-2300-4927-b531-b26376793dc4 + isCompleted: false + isExpired: false + outputs: {} + parameters: + command: ls -al + timeout: 600 + startedAt: '2023-07-28T18:43:27.362Z' + status: pending + wasSuccessful: false type: object - properties: - agentIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - agentTypes: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - commands: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' - endDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' - types: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' - userIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' - withOutputs: - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + properties: {} + Security_Endpoint_Management_API_GetEndpointActionListResponse: + example: + data: + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: isolate + completedAt: '2022-08-08T10:41:57.352Z' + createdBy: elastic + id: 43b4098b-8752-4fbb-a7a7-6df7c74d0ee3 + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:23:37.359Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: kill-process + comment: bad process - taking up too much cpu + completedAt: '2022-08-08T09:44:50.952Z' + createdBy: elastic + id: 5bc92c86-b8e6-42dd-837f-12ad29e09caa + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:44.125Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: unisolate + comment: Not a threat to the network + completedAt: '2022-08-08T09:40:47.398Z' + createdBy: elastic + id: 790d54e0-3aa3-4e5b-8255-3ce9d851246a + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:15.391Z' + wasSuccessful: true + elasticAgentIds: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + endDate: now + page: 1 + pageSize: 10 + startDate: now-24h/h + total: 4 + type: object + properties: {} + Security_Endpoint_Management_API_GetEndpointActionResponse: + example: + data: + agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + outputs: + afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0: + content: + entries: + - command: /opt/cmd1 + entity_id: fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt + pid: '822' + user: Dexter + - command: /opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3 + entity_id: pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt + pid: '984' + user: Jada + type: json + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_GetFileRouteRequestBody: allOf: - type: object @@ -47483,7 +47712,42 @@ components: - path required: - parameters + example: + comment: Get my file + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + Security_Endpoint_Management_API_GetFileRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: get-file + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} Security_Endpoint_Management_API_GetProcessesRouteRequestBody: + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 type: object properties: agent_type: @@ -47500,6 +47764,30 @@ components: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids + Security_Endpoint_Management_API_GetProcessesRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: running-processes + comment: '' + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: {} + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_HostPathScriptParameters: type: object properties: @@ -47531,23 +47819,32 @@ components: - unenrolled type: string type: array - Security_Endpoint_Management_API_IsolateRouteRequestBody: + Security_Endpoint_Management_API_IsolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + properties: {} Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -47570,16 +47867,60 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + example: abc123 + minLength: 1 + type: string - type: object properties: process_name: - description: Valid for SentinelOne agent type only + description: The name of the process to terminate. Valid for SentinelOne agent type only. + example: Elastic minLength: 1 type: string required: - parameters + example: + comment: terminate the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + Security_Endpoint_Management_API_KillProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: kill-process + comment: terminate the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_Kuery: description: A KQL string. example: 'united.endpoint.host.os.name : ''Windows''' @@ -47800,12 +48141,6 @@ components: $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - additionalProperties: true type: object - Security_Endpoint_Management_API_Pid: - type: object - properties: - pid: - minimum: 1 - type: integer Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: type: object properties: @@ -47863,11 +48198,45 @@ components: type: object properties: path: + description: The folder or file’s full path (including the file name). + example: /usr/my-file.txt type: string required: - path required: - parameters + example: + comment: Scan the file for malware + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + Security_Endpoint_Management_API_ScanRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: scan + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} Security_Endpoint_Management_API_SortDirection: description: Determines the sort order. enum: @@ -47890,7 +48259,8 @@ components: example: enrolled_at type: string Security_Endpoint_Management_API_StartDate: - description: Start date + description: A start date in ISO 8601 format or Date Math format. + example: '2023-10-31T00:00:00.000Z' type: string Security_Endpoint_Management_API_SuccessResponse: type: object @@ -47917,10 +48287,53 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to suspend. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to suspend. + example: abc123 + minLength: 1 + type: string required: - parameters + example: + comment: suspend the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + Security_Endpoint_Management_API_SuspendProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_Timeout: description: The maximum timeout value in milliseconds (optional) minimum: 1 @@ -47933,28 +48346,40 @@ components: type: string Security_Endpoint_Management_API_Types: description: List of types of response actions + example: + - automated + - manual items: $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' maxLength: 2 minLength: 1 type: array - Security_Endpoint_Management_API_UnisolateRouteRequestBody: + Security_Endpoint_Management_API_UnisolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + properties: {} Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -47976,6 +48401,8 @@ components: - type: object properties: file: + description: The binary content of the file. + example: RWxhc3RpYw== format: binary type: string parameters: @@ -47983,12 +48410,51 @@ components: properties: overwrite: default: false + description: Overwrite the file on the host if it already exists. + example: false type: boolean required: - parameters - file + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + file: RWxhc3RpYw== + parameters: {} + Security_Endpoint_Management_API_UploadRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: upload + createdBy: elastic + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: Host-5i6cuc8kdv + id: 9ff6aebc-2cb6-481e-8869-9b30036c9731 + isCompleted: false + isExpired: false + outputs: {} + parameters: + file_id: 10e4ce3d-4abb-4f93-a0cd-eaf63a489280 + file_name: fix-malware.sh + file_sha256: a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a + file_size: 69 + startedAt: '2023-07-03T15:07:22.837Z' + status: pending + wasSuccessful: false + type: object + properties: {} Security_Endpoint_Management_API_UserIds: - description: User IDs + description: A list of user IDs. + example: + - user-id-1 + - user-id-2 oneOf: - items: minLength: 1 @@ -47998,7 +48464,10 @@ components: - minLength: 1 type: string Security_Endpoint_Management_API_WithOutputs: - description: Shows detailed outputs for an action response + description: A list of action IDs that should include the complete output of the action. + example: + - action-id-1 + - action-id-2 oneOf: - items: minLength: 1 diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index e6c4ad33ec2d5..f3351bf42a52a 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -12468,16 +12468,61 @@ paths: operationId: EndpointGetActionsList parameters: - in: query - name: query - required: true + name: page + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + - in: query + name: pageSize + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' + - in: query + name: commands + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' + - in: query + name: agentIds + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' + - in: query + name: userIds + required: false schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery' + $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' + - in: query + name: startDate + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + - in: query + name: endDate + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' + - in: query + name: agentTypes + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + - in: query + name: withOutputs + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + - in: query + name: types + required: false + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListResponse' description: OK summary: Get response actions tags: @@ -12540,13 +12585,15 @@ paths: name: action_id required: true schema: + description: The ID of the action to retrieve. + example: fr518850-681a-4y60-aa98-e22640cae2b8 type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetEndpointActionResponse' description: OK summary: Get action details tags: @@ -12616,7 +12663,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_ExecuteRouteResponse' description: OK summary: Run a command tags: @@ -12636,7 +12683,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetFileRouteResponse' description: OK summary: Get a file tags: @@ -12648,15 +12695,53 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + multiple_endpoints: + summary: Isolates several hosts; includes a comment + value: + comment: Locked down, pending further investigation + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + single_endpoint: + summary: Isolates a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + with_case_id: + summary: Isolates a single host with a case_id value of 1234 + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Isolating as initial response + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_IsolateRouteResponse' description: OK summary: Isolate an endpoint tags: @@ -12676,7 +12761,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_KillProcessRouteResponse' description: OK summary: Terminate a process tags: @@ -12696,7 +12781,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteResponse' description: OK summary: Get running processes tags: @@ -12736,7 +12821,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_ScanRouteResponse' description: OK summary: Scan a file or directory tags: @@ -12770,7 +12855,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteResponse' description: OK summary: Suspend a process tags: @@ -12782,15 +12867,53 @@ paths: requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + examples: + multipleHosts: + summary: 'Releases several hosts; includes a comment:' + value: + comment: Benign process identified, releasing group + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + singleHost: + summary: Releases a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + withCaseId: + summary: Releases hosts with an associated case; includes a comment. + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Remediation complete, restoring network + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_UnisolateRouteResponse' description: OK summary: Release an isolated endpoint tags: @@ -12801,7 +12924,7 @@ paths: operationId: EndpointUploadAction requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true @@ -12810,7 +12933,7 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Security_Endpoint_Management_API_SuccessResponse' + $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteResponse' description: OK summary: Upload a file tags: @@ -16890,7 +17013,7 @@ paths: schema: type: object description: | - Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -16922,7 +17045,7 @@ paths: schema: type: object description: | - Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -25367,7 +25490,7 @@ components: type: boolean scaling_factor: description: | - The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. + The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. type: integer type: description: Specifies the data type for the field. @@ -35609,6 +35732,10 @@ components: description: Agent ID type: string Security_Endpoint_Management_API_AgentIds: + description: A list of agent IDs. Max of 50. + example: + - agent-id-1 + - agent-id-2 minLength: 1 oneOf: - items: @@ -35620,12 +35747,13 @@ components: - minLength: 1 type: string Security_Endpoint_Management_API_AgentTypes: - description: The host agent type (optional). Defaults to endpoint. + description: List of agent types to retrieve. Defaults to `endpoint`. enum: - endpoint - sentinel_one - crowdstrike - microsoft_defender_endpoint + example: endpoint type: string Security_Endpoint_Management_API_AlertIds: description: A list of alerts ids. @@ -35635,6 +35763,9 @@ components: type: array Security_Endpoint_Management_API_CaseIds: description: Case IDs to be updated (cannot contain empty strings) + example: + - case-id-1 + - case-id-2 items: minLength: 1 type: string @@ -35672,17 +35803,26 @@ components: minLength: 1 type: string Security_Endpoint_Management_API_Commands: + description: A list of response action command names. + example: + - isolate + - unisolate items: $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' type: array Security_Endpoint_Management_API_Comment: description: Optional comment + example: This is a comment type: string Security_Endpoint_Management_API_EndDate: - description: End date + description: An end date in ISO format or Date Math format. + example: '2023-10-31T23:59:59.999Z' type: string Security_Endpoint_Management_API_EndpointIds: description: List of endpoint IDs (cannot contain empty strings) + example: + - endpoint-id-1 + - endpoint-id-2 items: minLength: 1 type: string @@ -35774,12 +35914,6 @@ components: revision: 2 type: object properties: {} - Security_Endpoint_Management_API_EntityId: - type: object - properties: - entity_id: - minLength: 1 - type: string Security_Endpoint_Management_API_ExecuteRouteRequestBody: allOf: - type: object @@ -35811,33 +35945,128 @@ components: - command required: - parameters - Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: + example: + comment: Get list of all files + endpoint_ids: + - b3d6de74-36b0-4fa8-be46-c375bf1771bf + parameters: + command: ls -al + timeout: 600 + Security_Endpoint_Management_API_ExecuteRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: execute + comment: Get list of all files + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 9f934028-2300-4927-b531-b26376793dc4 + isCompleted: false + isExpired: false + outputs: {} + parameters: + command: ls -al + timeout: 600 + startedAt: '2023-07-28T18:43:27.362Z' + status: pending + wasSuccessful: false type: object - properties: - agentIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' - agentTypes: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - commands: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' - endDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' - page: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' - types: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' - userIds: - $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' - withOutputs: - $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + properties: {} + Security_Endpoint_Management_API_GetEndpointActionListResponse: + example: + data: + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: isolate + completedAt: '2022-08-08T10:41:57.352Z' + createdBy: elastic + id: 43b4098b-8752-4fbb-a7a7-6df7c74d0ee3 + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:23:37.359Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: kill-process + comment: bad process - taking up too much cpu + completedAt: '2022-08-08T09:44:50.952Z' + createdBy: elastic + id: 5bc92c86-b8e6-42dd-837f-12ad29e09caa + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:44.125Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: unisolate + comment: Not a threat to the network + completedAt: '2022-08-08T09:40:47.398Z' + createdBy: elastic + id: 790d54e0-3aa3-4e5b-8255-3ce9d851246a + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:15.391Z' + wasSuccessful: true + elasticAgentIds: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + endDate: now + page: 1 + pageSize: 10 + startDate: now-24h/h + total: 4 + type: object + properties: {} + Security_Endpoint_Management_API_GetEndpointActionResponse: + example: + data: + agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + outputs: + afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0: + content: + entries: + - command: /opt/cmd1 + entity_id: fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt + pid: '822' + user: Dexter + - command: /opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3 + entity_id: pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt + pid: '984' + user: Jada + type: json + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_GetFileRouteRequestBody: allOf: - type: object @@ -35867,7 +36096,42 @@ components: - path required: - parameters + example: + comment: Get my file + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + Security_Endpoint_Management_API_GetFileRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: get-file + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} Security_Endpoint_Management_API_GetProcessesRouteRequestBody: + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 type: object properties: agent_type: @@ -35884,6 +36148,30 @@ components: $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' required: - endpoint_ids + Security_Endpoint_Management_API_GetProcessesRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: running-processes + comment: '' + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: {} + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_HostPathScriptParameters: type: object properties: @@ -35915,23 +36203,32 @@ components: - unenrolled type: string type: array - Security_Endpoint_Management_API_IsolateRouteRequestBody: + Security_Endpoint_Management_API_IsolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + properties: {} Security_Endpoint_Management_API_KillProcessRouteRequestBody: allOf: - type: object @@ -35954,16 +36251,60 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + example: abc123 + minLength: 1 + type: string - type: object properties: process_name: - description: Valid for SentinelOne agent type only + description: The name of the process to terminate. Valid for SentinelOne agent type only. + example: Elastic minLength: 1 type: string required: - parameters + example: + comment: terminate the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + Security_Endpoint_Management_API_KillProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: kill-process + comment: terminate the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_Kuery: description: A KQL string. example: 'united.endpoint.host.os.name : ''Windows''' @@ -36189,12 +36530,6 @@ components: $ref: '#/components/schemas/Security_Endpoint_Management_API_PendingActionDataType' - additionalProperties: true type: object - Security_Endpoint_Management_API_Pid: - type: object - properties: - pid: - minimum: 1 - type: integer Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: type: object properties: @@ -36252,11 +36587,45 @@ components: type: object properties: path: + description: The folder or file’s full path (including the file name). + example: /usr/my-file.txt type: string required: - path required: - parameters + example: + comment: Scan the file for malware + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + Security_Endpoint_Management_API_ScanRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: scan + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} Security_Endpoint_Management_API_SortDirection: description: Determines the sort order. enum: @@ -36279,7 +36648,8 @@ components: example: enrolled_at type: string Security_Endpoint_Management_API_StartDate: - description: Start date + description: A start date in ISO 8601 format or Date Math format. + example: '2023-10-31T00:00:00.000Z' type: string Security_Endpoint_Management_API_SuccessResponse: type: object @@ -36306,10 +36676,53 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' - - $ref: '#/components/schemas/Security_Endpoint_Management_API_EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to suspend. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to suspend. + example: abc123 + minLength: 1 + type: string required: - parameters + example: + comment: suspend the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + Security_Endpoint_Management_API_SuspendProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Security_Endpoint_Management_API_Timeout: description: The maximum timeout value in milliseconds (optional) minimum: 1 @@ -36322,28 +36735,40 @@ components: type: string Security_Endpoint_Management_API_Types: description: List of types of response actions + example: + - automated + - manual items: $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' maxLength: 2 minLength: 1 type: array - Security_Endpoint_Management_API_UnisolateRouteRequestBody: + Security_Endpoint_Management_API_UnisolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' - alert_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' - case_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' - comment: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' - endpoint_ids: - $ref: '#/components/schemas/Security_Endpoint_Management_API_EndpointIds' - parameters: - $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' - required: - - endpoint_ids + properties: {} Security_Endpoint_Management_API_UploadRouteRequestBody: allOf: - type: object @@ -36365,6 +36790,8 @@ components: - type: object properties: file: + description: The binary content of the file. + example: RWxhc3RpYw== format: binary type: string parameters: @@ -36372,12 +36799,51 @@ components: properties: overwrite: default: false + description: Overwrite the file on the host if it already exists. + example: false type: boolean required: - parameters - file + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + file: RWxhc3RpYw== + parameters: {} + Security_Endpoint_Management_API_UploadRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: upload + createdBy: elastic + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: Host-5i6cuc8kdv + id: 9ff6aebc-2cb6-481e-8869-9b30036c9731 + isCompleted: false + isExpired: false + outputs: {} + parameters: + file_id: 10e4ce3d-4abb-4f93-a0cd-eaf63a489280 + file_name: fix-malware.sh + file_sha256: a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a + file_size: 69 + startedAt: '2023-07-03T15:07:22.837Z' + status: pending + wasSuccessful: false + type: object + properties: {} Security_Endpoint_Management_API_UserIds: - description: User IDs + description: A list of user IDs. + example: + - user-id-1 + - user-id-2 oneOf: - items: minLength: 1 @@ -36387,7 +36853,10 @@ components: - minLength: 1 type: string Security_Endpoint_Management_API_WithOutputs: - description: Shows detailed outputs for an action response + description: A list of action IDs that should include the complete output of the action. + example: + - action-id-1 + - action-id-2 oneOf: - items: minLength: 1 @@ -41332,7 +41801,7 @@ components: items: type: string description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format message: type: string description: The email message text. Markdown format is supported. diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.gen.ts index 1fa7d79e97feb..e8e3cdaefa3fb 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.gen.ts @@ -16,7 +16,8 @@ import { z } from '@kbn/zod'; -import { SuccessResponse } from '../../model/schema/common.gen'; +export type GetEndpointActionResponse = z.infer; +export const GetEndpointActionResponse = z.object({}); export type EndpointGetActionsDetailsRequestParams = z.infer< typeof EndpointGetActionsDetailsRequestParams @@ -29,4 +30,4 @@ export type EndpointGetActionsDetailsRequestParamsInput = z.input< >; export type EndpointGetActionsDetailsResponse = z.infer; -export const EndpointGetActionsDetailsResponse = SuccessResponse; +export const EndpointGetActionsDetailsResponse = GetEndpointActionResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.schema.yaml index 7cf2f808e06f8..36228bfe9bc81 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/details/details.schema.yaml @@ -16,12 +16,46 @@ paths: required: true schema: type: string + description: The ID of the action to retrieve. + example: 'fr518850-681a-4y60-aa98-e22640cae2b8' responses: '200': description: OK content: application/json: schema: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetEndpointActionResponse' +components: + schemas: + GetEndpointActionResponse: + type: object + properties: { } + example: + data: + id: "b3d6de74-36b0-4fa8-be46-c375bf1771bf" + agents: + - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0" + agentType: "endpoint" + command: "running-processes" + startedAt: "2022-08-08T15:24:57.402Z" + completedAt: "2022-08-08T09:50:47.672Z" + createdBy: "elastic" + isCompleted: true + wasSuccessful: true + isExpired: false + outputs: + afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0: + type: "json" + content: + entries: + - pid: "822" + entity_id: "fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt" + user: "Dexter" + command: "/opt/cmd1" + - pid: "984" + entity_id: "pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt" + user: "Jada" + command: "/opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3" + diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.gen.ts index 4eec6a2cb6479..8e2ffea437d71 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.gen.ts @@ -17,42 +17,37 @@ import { z } from '@kbn/zod'; import { - SuccessResponse, - AgentIds, - AgentTypes, - Commands, Page, + PageSize, + Commands, + AgentIds, + UserIds, StartDate, EndDate, - UserIds, - Types, + AgentTypes, WithOutputs, + Types, } from '../../model/schema/common.gen'; -export type GetEndpointActionListRouteQuery = z.infer; -export const GetEndpointActionListRouteQuery = z.object({ - agentIds: AgentIds.optional(), - agentTypes: AgentTypes.optional(), - commands: Commands.optional(), +export type GetEndpointActionListResponse = z.infer; +export const GetEndpointActionListResponse = z.object({}); + +export type EndpointGetActionsListRequestQuery = z.infer; +export const EndpointGetActionsListRequestQuery = z.object({ page: Page.optional(), - /** - * Number of items per page - */ - pageSize: z.number().int().min(1).max(10000).optional().default(10), + pageSize: PageSize.optional(), + commands: Commands.optional(), + agentIds: AgentIds.optional(), + userIds: UserIds.optional(), startDate: StartDate.optional(), endDate: EndDate.optional(), - userIds: UserIds.optional(), - types: Types.optional(), + agentTypes: AgentTypes.optional(), withOutputs: WithOutputs.optional(), -}); - -export type EndpointGetActionsListRequestQuery = z.infer; -export const EndpointGetActionsListRequestQuery = z.object({ - query: GetEndpointActionListRouteQuery, + types: Types.optional(), }); export type EndpointGetActionsListRequestQueryInput = z.input< typeof EndpointGetActionsListRequestQuery >; export type EndpointGetActionsListResponse = z.infer; -export const EndpointGetActionsListResponse = SuccessResponse; +export const EndpointGetActionsListResponse = GetEndpointActionListResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.schema.yaml index 8e7dcfd5412f4..ecd0445750a05 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/list/list.schema.yaml @@ -11,44 +11,121 @@ paths: x-codegen-enabled: true x-labels: [ess, serverless] parameters: - - name: query + - name: page in: query - required: true + required: false schema: - $ref: '#/components/schemas/GetEndpointActionListRouteQuery' + $ref: '../../model/schema/common.schema.yaml#/components/schemas/Page' + - name: pageSize + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/PageSize' + - name: commands + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/Commands' + - name: agentIds + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentIds' + - name: userIds + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/UserIds' + - name: startDate + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/StartDate' + - name: endDate + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/EndDate' + - name: agentTypes + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentTypes' + - name: withOutputs + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/WithOutputs' + - name: types + in: query + required: false + schema: + $ref: '../../model/schema/common.schema.yaml#/components/schemas/Types' responses: '200': description: OK content: application/json: schema: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetEndpointActionListResponse' components: schemas: - GetEndpointActionListRouteQuery: + GetEndpointActionListResponse: type: object - properties: - agentIds: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentIds' - agentTypes: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/AgentTypes' - commands: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/Commands' - page: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/Page' - pageSize: - type: integer - default: 10 - minimum: 1 - maximum: 10000 - description: Number of items per page - startDate: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/StartDate' - endDate: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/EndDate' - userIds: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/UserIds' - types: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/Types' - withOutputs: - $ref: '../../model/schema/common.schema.yaml#/components/schemas/WithOutputs' + properties: { } + example: + page: 1 + pageSize: 10 + total: 4 + startDate: "now-24h/h" + endDate: "now" + elasticAgentIds: + - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0" + data: + - id: "b3d6de74-36b0-4fa8-be46-c375bf1771bf" + agents: + - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0" + command: "running-processes" + agentType: "endpoint" + startedAt: "2022-08-08T15:24:57.402Z" + isCompleted: true + completedAt: "2022-08-08T09:50:47.672Z" + wasSuccessful: true + isExpired: false + createdBy: "elastic" + - id: "43b4098b-8752-4fbb-a7a7-6df7c74d0ee3" + agents: + - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0" + command: "isolate" + agentType: "endpoint" + startedAt: "2022-08-08T15:23:37.359Z" + isCompleted: true + completedAt: "2022-08-08T10:41:57.352Z" + wasSuccessful: true + isExpired: false + createdBy: "elastic" + - id: "5bc92c86-b8e6-42dd-837f-12ad29e09caa" + agents: + - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0" + command: "kill-process" + agentType: "endpoint" + startedAt: "2022-08-08T14:38:44.125Z" + isCompleted: true + completedAt: "2022-08-08T09:44:50.952Z" + wasSuccessful: true + isExpired: false + createdBy: "elastic" + comment: "bad process - taking up too much cpu" + - id: "790d54e0-3aa3-4e5b-8255-3ce9d851246a" + agents: + - "afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0" + command: "unisolate" + agentType: "endpoint" + startedAt: "2022-08-08T14:38:15.391Z" + isCompleted: true + completedAt: "2022-08-08T09:40:47.398Z" + wasSuccessful: true + isExpired: false + createdBy: "elastic" + comment: "Not a threat to the network" + diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.gen.ts index 531236ea248bf..b9cf0db2b4ce9 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.gen.ts @@ -16,12 +16,7 @@ import { z } from '@kbn/zod'; -import { - SuccessResponse, - BaseActionSchema, - Command, - Timeout, -} from '../../../model/schema/common.gen'; +import { BaseActionSchema, Command, Timeout } from '../../../model/schema/common.gen'; export type ExecuteRouteRequestBody = z.infer; export const ExecuteRouteRequestBody = BaseActionSchema.merge( @@ -33,6 +28,9 @@ export const ExecuteRouteRequestBody = BaseActionSchema.merge( }) ); +export type ExecuteRouteResponse = z.infer; +export const ExecuteRouteResponse = z.object({}); + export type EndpointExecuteActionRequestBody = z.infer; export const EndpointExecuteActionRequestBody = ExecuteRouteRequestBody; export type EndpointExecuteActionRequestBodyInput = z.input< @@ -40,4 +38,4 @@ export type EndpointExecuteActionRequestBodyInput = z.input< >; export type EndpointExecuteActionResponse = z.infer; -export const EndpointExecuteActionResponse = SuccessResponse; +export const EndpointExecuteActionResponse = ExecuteRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml index f2496687b8fb0..84e6fa32d1389 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/execute/execute.schema.yaml @@ -22,11 +22,18 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/ExecuteRouteResponse' components: schemas: ExecuteRouteRequestBody: + example: + parameters: + command: "ls -al" + timeout: 600 + endpoint_ids: + - "b3d6de74-36b0-4fa8-be46-c375bf1771bf" + comment: "Get list of all files" allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' - type: object @@ -42,3 +49,31 @@ components: $ref: '../../../model/schema/common.schema.yaml#/components/schemas/Command' timeout: $ref: '../../../model/schema/common.schema.yaml#/components/schemas/Timeout' + ExecuteRouteResponse: + type: object + properties: { } + example: + data: + id: "9f934028-2300-4927-b531-b26376793dc4" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r" + agentType: "endpoint" + command: "execute" + startedAt: "2023-07-28T18:43:27.362Z" + isCompleted: false + wasSuccessful: false + isExpired: false + status: "pending" + outputs: { } + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + createdBy: "myuser" + comment: "Get list of all files" + parameters: + command: "ls -al" + timeout: 600 diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.gen.ts index e094bde8649d2..920b0a46f5f5f 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.gen.ts @@ -16,7 +16,7 @@ import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; export type GetFileRouteRequestBody = z.infer; export const GetFileRouteRequestBody = BaseActionSchema.merge( @@ -27,6 +27,9 @@ export const GetFileRouteRequestBody = BaseActionSchema.merge( }) ); +export type GetFileRouteResponse = z.infer; +export const GetFileRouteResponse = z.object({}); + export type EndpointGetFileActionRequestBody = z.infer; export const EndpointGetFileActionRequestBody = GetFileRouteRequestBody; export type EndpointGetFileActionRequestBodyInput = z.input< @@ -34,4 +37,4 @@ export type EndpointGetFileActionRequestBodyInput = z.input< >; export type EndpointGetFileActionResponse = z.infer; -export const EndpointGetFileActionResponse = SuccessResponse; +export const EndpointGetFileActionResponse = GetFileRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.schema.yaml index cc36b843110b8..5ed449e492aac 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/get_file/get_file.schema.yaml @@ -23,11 +23,17 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetFileRouteResponse' components: schemas: GetFileRouteRequestBody: + example: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + parameters: + path: "/usr/my-file.txt" + comment: "Get my file" allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' - type: object @@ -41,4 +47,31 @@ components: properties: path: type: string + GetFileRouteResponse: + type: object + properties: { } + example: + data: + id: "27ba1b42-7cc6-4e53-86ce-675c876092b2" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r" + agentType: "endpoint" + command: "get-file" + startedAt: "2023-07-28T19:00:03.911Z" + isCompleted: false + wasSuccessful: false + isExpired: false + status: "pending" + outputs: { } + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + createdBy: "myuser" + parameters: + path: "/usr/my-file.txt" + diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.gen.ts index 030ba1433fb7b..f14b103f84bd7 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.gen.ts @@ -14,18 +14,18 @@ * version: 2023-10-31 */ -import type { z } from '@kbn/zod'; +import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; -export type IsolateRouteRequestBody = z.infer; -export const IsolateRouteRequestBody = BaseActionSchema; +export type IsolateRouteResponse = z.infer; +export const IsolateRouteResponse = z.object({}); export type EndpointIsolateActionRequestBody = z.infer; -export const EndpointIsolateActionRequestBody = IsolateRouteRequestBody; +export const EndpointIsolateActionRequestBody = BaseActionSchema; export type EndpointIsolateActionRequestBodyInput = z.input< typeof EndpointIsolateActionRequestBody >; export type EndpointIsolateActionResponse = z.infer; -export const EndpointIsolateActionResponse = SuccessResponse; +export const EndpointIsolateActionResponse = IsolateRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.schema.yaml index 396d8e3d54b1e..1dbbea5b5c430 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/isolate/isolate.schema.yaml @@ -15,16 +15,62 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/IsolateRouteRequestBody' + $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' + examples: + single_endpoint: + summary: "Isolates a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8" + value: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + multiple_endpoints: + summary: "Isolates several hosts; includes a comment" + value: + endpoint_ids: + - "9972d10e-4b9e-41aa-a534-a85e2a28ea42" + - "bc0e4f0c-3bca-4633-9fee-156c0b505d16" + - "fa89271b-b9d4-43f2-a684-307cffddeb5a" + comment: "Locked down, pending further investigation" + with_case_id: + summary: "Isolates a single host with a case_id value of 1234" + value: + endpoint_ids: + - "1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0" + - "b30a11bf-1395-4707-b508-fbb45ef9793e" + case_ids: + - "4976be38-c134-4554-bd5e-0fd89ce63667" + comment: "Isolating as initial response" responses: '200': description: OK content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' - + $ref: '#/components/schemas/IsolateRouteResponse' components: schemas: - IsolateRouteRequestBody: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' + IsolateRouteResponse: + type: object + properties: { } + example: + action: "233db9ea-6733-4849-9226-5a7039c7161d" + data: + id: "233db9ea-6733-4849-9226-5a7039c7161d" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + command: "suspend-process" + agentType: "endpoint" + isExpired: false + isCompleted: true + wasSuccessful: true + errors: [ ] + startedAt: "2022-07-29T19:08:49.126Z" + completedAt: "2022-07-29T19:09:44.961Z" + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + type: "json" + content: + key: "value" + createdBy: "myuser" + comment: "suspend the process" + parameters: + entity_id: "abc123" diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen.ts index 0f75653323bd2..cda61249e3f66 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.gen.ts @@ -16,17 +16,27 @@ import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema, Pid, EntityId } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; export type KillProcessRouteRequestBody = z.infer; export const KillProcessRouteRequestBody = BaseActionSchema.merge( z.object({ parameters: z.union([ - Pid, - EntityId, z.object({ /** - * Valid for SentinelOne agent type only + * The process ID (PID) of the process to terminate. + */ + pid: z.number().int().min(1).optional(), + }), + z.object({ + /** + * The entity ID of the process to terminate. + */ + entity_id: z.string().min(1).optional(), + }), + z.object({ + /** + * The name of the process to terminate. Valid for SentinelOne agent type only. */ process_name: z.string().min(1).optional(), }), @@ -34,6 +44,9 @@ export const KillProcessRouteRequestBody = BaseActionSchema.merge( }) ); +export type KillProcessRouteResponse = z.infer; +export const KillProcessRouteResponse = z.object({}); + export type EndpointKillProcessActionRequestBody = z.infer< typeof EndpointKillProcessActionRequestBody >; @@ -43,4 +56,4 @@ export type EndpointKillProcessActionRequestBodyInput = z.input< >; export type EndpointKillProcessActionResponse = z.infer; -export const EndpointKillProcessActionResponse = SuccessResponse; +export const EndpointKillProcessActionResponse = KillProcessRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.schema.yaml index fc0f68ef72bc6..ba314589cc4e7 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/kill_process/kill_process.schema.yaml @@ -22,11 +22,17 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/KillProcessRouteResponse' components: schemas: KillProcessRouteRequestBody: + example: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + parameters: + entity_id: "abc123" + comment: "terminate the process" allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' - type: object @@ -35,11 +41,49 @@ components: properties: parameters: oneOf: - - $ref: "../../../model/schema/common.schema.yaml#/components/schemas/Pid" - - $ref: "../../../model/schema/common.schema.yaml#/components/schemas/EntityId" + - type: object + properties: + pid: + type: integer + description: "The process ID (PID) of the process to terminate." + example: 123 + minimum: 1 + - type: object + properties: + entity_id: + type: string + description: "The entity ID of the process to terminate." + example: "abc123" + minLength: 1 - type: object properties: process_name: type: string + description: "The name of the process to terminate. Valid for SentinelOne agent type only." + example: "Elastic" minLength: 1 - description: Valid for SentinelOne agent type only + KillProcessRouteResponse: + type: object + properties: { } + example: + data: + id: "233db9ea-6733-4849-9226-5a7039c7161d" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + command: "kill-process" + agentType: "endpoint" + isExpired: false + isCompleted: true + wasSuccessful: true + errors: [ ] + startedAt: "2022-07-29T19:08:49.126Z" + completedAt: "2022-07-29T19:09:44.961Z" + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + type: "json" + content: + key: "value" + createdBy: "myuser" + comment: "terminate the process" + parameters: + entity_id: "abc123" diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen.ts index 63e31a863e58e..1b590d73f0bec 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.gen.ts @@ -14,13 +14,16 @@ * version: 2023-10-31 */ -import type { z } from '@kbn/zod'; +import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; export type GetProcessesRouteRequestBody = z.infer; export const GetProcessesRouteRequestBody = BaseActionSchema; +export type GetProcessesRouteResponse = z.infer; +export const GetProcessesRouteResponse = z.object({}); + export type EndpointGetProcessesActionRequestBody = z.infer< typeof EndpointGetProcessesActionRequestBody >; @@ -30,4 +33,4 @@ export type EndpointGetProcessesActionRequestBodyInput = z.input< >; export type EndpointGetProcessesActionResponse = z.infer; -export const EndpointGetProcessesActionResponse = SuccessResponse; +export const EndpointGetProcessesActionResponse = GetProcessesRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.schema.yaml index dc2735e04b50f..1eb69fc04018d 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/running_procs/running_procs.schema.yaml @@ -22,10 +22,37 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetProcessesRouteResponse' components: schemas: GetProcessesRouteRequestBody: + example: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' + GetProcessesRouteResponse: + type: object + properties: { } + example: + data: + id: "233db9ea-6733-4849-9226-5a7039c7161d" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + command: "running-processes" + agentType: "endpoint" + isExpired: false + isCompleted: true + wasSuccessful: true + errors: [ ] + startedAt: "2022-07-29T19:08:49.126Z" + completedAt: "2022-07-29T19:09:44.961Z" + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + type: "json" + content: + key: "value" + createdBy: "myuser" + comment: "" + parameters: { } diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.gen.ts index 2d6f458e79994..0bb78c35fc1f1 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.gen.ts @@ -16,20 +16,26 @@ import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; export type ScanRouteRequestBody = z.infer; export const ScanRouteRequestBody = BaseActionSchema.merge( z.object({ parameters: z.object({ + /** + * The folder or file’s full path (including the file name). + */ path: z.string(), }), }) ); +export type ScanRouteResponse = z.infer; +export const ScanRouteResponse = z.object({}); + export type EndpointScanActionRequestBody = z.infer; export const EndpointScanActionRequestBody = ScanRouteRequestBody; export type EndpointScanActionRequestBodyInput = z.input; export type EndpointScanActionResponse = z.infer; -export const EndpointScanActionResponse = SuccessResponse; +export const EndpointScanActionResponse = ScanRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.schema.yaml index 7ebf23a51ad7a..dc11a463319cd 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/scan/scan.schema.yaml @@ -22,11 +22,16 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' - + $ref: '#/components/schemas/ScanRouteResponse' components: schemas: ScanRouteRequestBody: + example: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + parameters: + path: "/usr/my-file.txt" + comment: "Scan the file for malware" allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' - type: object @@ -40,4 +45,34 @@ components: properties: path: type: string + description: "The folder or file’s full path (including the file name)." + example: "/usr/my-file.txt" + ScanRouteResponse: + type: object + properties: { } + example: + data: + id: "27ba1b42-7cc6-4e53-86ce-675c876092b2" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r" + agentType: "endpoint" + command: "scan" + startedAt: "2023-07-28T19:00:03.911Z" + isCompleted: false + wasSuccessful: false + isExpired: false + status: "pending" + outputs: { } + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + createdBy: "myuser" + parameters: + path: "/usr/my-file.txt" + + diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen.ts index ae737755e9880..12216e46bdf72 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen.ts @@ -16,15 +16,31 @@ import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema, Pid, EntityId } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; export type SuspendProcessRouteRequestBody = z.infer; export const SuspendProcessRouteRequestBody = BaseActionSchema.merge( z.object({ - parameters: z.union([Pid, EntityId]), + parameters: z.union([ + z.object({ + /** + * The process ID (PID) of the process to suspend. + */ + pid: z.number().int().min(1).optional(), + }), + z.object({ + /** + * The entity ID of the process to suspend. + */ + entity_id: z.string().min(1).optional(), + }), + ]), }) ); +export type SuspendProcessRouteResponse = z.infer; +export const SuspendProcessRouteResponse = z.object({}); + export type EndpointSuspendProcessActionRequestBody = z.infer< typeof EndpointSuspendProcessActionRequestBody >; @@ -36,4 +52,4 @@ export type EndpointSuspendProcessActionRequestBodyInput = z.input< export type EndpointSuspendProcessActionResponse = z.infer< typeof EndpointSuspendProcessActionResponse >; -export const EndpointSuspendProcessActionResponse = SuccessResponse; +export const EndpointSuspendProcessActionResponse = SuspendProcessRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.schema.yaml index bc1a38351df44..505b8424b6c2c 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.schema.yaml @@ -22,11 +22,17 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/SuspendProcessRouteResponse' components: schemas: SuspendProcessRouteRequestBody: + example: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + parameters: + entity_id: "abc123" + comment: "suspend the process" allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' - type: object @@ -35,5 +41,42 @@ components: properties: parameters: oneOf: - - $ref: "../../../model/schema/common.schema.yaml#/components/schemas/Pid" - - $ref: "../../../model/schema/common.schema.yaml#/components/schemas/EntityId" + - type: object + properties: + pid: + type: integer + description: "The process ID (PID) of the process to suspend." + example: 123 + minimum: 1 + - type: object + properties: + entity_id: + type: string + description: "The entity ID of the process to suspend." + example: "abc123" + minLength: 1 + SuspendProcessRouteResponse: + type: object + properties: { } + example: + data: + id: "233db9ea-6733-4849-9226-5a7039c7161d" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + command: "suspend-process" + agentType: "endpoint" + isExpired: false + isCompleted: true + wasSuccessful: true + errors: [ ] + startedAt: "2022-07-29T19:08:49.126Z" + completedAt: "2022-07-29T19:09:44.961Z" + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + type: "json" + content: + key: "value" + createdBy: "myuser" + comment: "suspend the process" + parameters: + entity_id: "abc123" diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen.ts index 115ff4162e206..be1bc891a6680 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen.ts @@ -14,18 +14,18 @@ * version: 2023-10-31 */ -import type { z } from '@kbn/zod'; +import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; -export type UnisolateRouteRequestBody = z.infer; -export const UnisolateRouteRequestBody = BaseActionSchema; +export type UnisolateRouteResponse = z.infer; +export const UnisolateRouteResponse = z.object({}); export type EndpointUnisolateActionRequestBody = z.infer; -export const EndpointUnisolateActionRequestBody = UnisolateRouteRequestBody; +export const EndpointUnisolateActionRequestBody = BaseActionSchema; export type EndpointUnisolateActionRequestBodyInput = z.input< typeof EndpointUnisolateActionRequestBody >; export type EndpointUnisolateActionResponse = z.infer; -export const EndpointUnisolateActionResponse = SuccessResponse; +export const EndpointUnisolateActionResponse = UnisolateRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.schema.yaml index 6f5d2087c556e..11662d00ce331 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/unisolate/unisolate.schema.yaml @@ -14,17 +14,63 @@ paths: required: true content: application/json: + examples: + singleHost: + summary: "Releases a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8" + value: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + multipleHosts: + summary: "Releases several hosts; includes a comment:" + value: + endpoint_ids: + - "9972d10e-4b9e-41aa-a534-a85e2a28ea42" + - "bc0e4f0c-3bca-4633-9fee-156c0b505d16" + - "fa89271b-b9d4-43f2-a684-307cffddeb5a" + comment: "Benign process identified, releasing group" + withCaseId: + summary: "Releases hosts with an associated case; includes a comment." + value: + endpoint_ids: + - "1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0" + - "b30a11bf-1395-4707-b508-fbb45ef9793e" + case_ids: + - "4976be38-c134-4554-bd5e-0fd89ce63667" + comment: "Remediation complete, restoring network" schema: - $ref: '#/components/schemas/UnisolateRouteRequestBody' + $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' responses: '200': description: OK content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' - + $ref: '#/components/schemas/UnisolateRouteResponse' components: schemas: - UnisolateRouteRequestBody: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' + UnisolateRouteResponse: + type: object + properties: {} + example: + action: "233db9ea-6733-4849-9226-5a7039c7161d" + data: + id: "233db9ea-6733-4849-9226-5a7039c7161d" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + command: "suspend-process" + agentType: "endpoint" + isExpired: false + isCompleted: true + wasSuccessful: true + errors: [ ] + startedAt: "2022-07-29T19:08:49.126Z" + completedAt: "2022-07-29T19:09:44.961Z" + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + type: "json" + content: + key: "value" + createdBy: "myuser" + comment: "suspend the process" + parameters: + entity_id: "abc123" diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.gen.ts index fbce5717a6a22..adadf042652a0 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.gen.ts @@ -16,21 +16,26 @@ import { z } from '@kbn/zod'; -import { SuccessResponse, BaseActionSchema } from '../../../model/schema/common.gen'; +import { BaseActionSchema } from '../../../model/schema/common.gen'; export type UploadRouteRequestBody = z.infer; export const UploadRouteRequestBody = BaseActionSchema.merge( z.object({ parameters: z.object({ + /** + * Overwrite the file on the host if it already exists. + */ overwrite: z.boolean().optional().default(false), }), + /** + * The binary content of the file. + */ file: z.string(), }) ); -export type EndpointUploadActionRequestBody = z.infer; -export const EndpointUploadActionRequestBody = UploadRouteRequestBody; -export type EndpointUploadActionRequestBodyInput = z.input; +export type UploadRouteResponse = z.infer; +export const UploadRouteResponse = z.object({}); export type EndpointUploadActionResponse = z.infer; -export const EndpointUploadActionResponse = SuccessResponse; +export const EndpointUploadActionResponse = UploadRouteResponse; diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.schema.yaml index 512fc6c4d4613..900eeec3fbd4d 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/actions/response_actions/upload/upload.schema.yaml @@ -13,7 +13,7 @@ paths: requestBody: required: true content: - application/json: + multipart/form-data: schema: $ref: '#/components/schemas/UploadRouteRequestBody' responses: @@ -22,11 +22,16 @@ paths: content: application/json: schema: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/UploadRouteResponse' components: schemas: UploadRouteRequestBody: + example: + endpoint_ids: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + file: "RWxhc3RpYw==" + parameters: { } allOf: - $ref: '../../../model/schema/common.schema.yaml#/components/schemas/BaseActionSchema' - type: object @@ -39,8 +44,41 @@ components: properties: overwrite: type: boolean + description: "Overwrite the file on the host if it already exists." + example: false default: false # File extends Blob - any binary data will be base-64 encoded file: type: string + description: "The binary content of the file." + example: "RWxhc3RpYw==" format: binary + UploadRouteResponse: + type: object + properties: { } + example: + data: + id: "9ff6aebc-2cb6-481e-8869-9b30036c9731" + agents: + - "ed518850-681a-4d60-bb98-e22640cae2a8" + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: "Host-5i6cuc8kdv" + command: "upload" + agentType: "endpoint" + startedAt: "2023-07-03T15:07:22.837Z" + isCompleted: false + wasSuccessful: false + isExpired: false + status: "pending" + outputs: { } + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + createdBy: "elastic" + parameters: + file_name: "fix-malware.sh" + file_id: "10e4ce3d-4abb-4f93-a0cd-eaf63a489280" + file_sha256: "a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a" + file_size: 69 diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.gen.ts index a30695af76bf4..c8df058537fc2 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.gen.ts @@ -37,13 +37,13 @@ export type PageSize = z.infer; export const PageSize = z.number().int().min(1).max(100).default(10); /** - * Start date + * A start date in ISO 8601 format or Date Math format. */ export type StartDate = z.infer; export const StartDate = z.string(); /** - * End date + * An end date in ISO format or Date Math format. */ export type EndDate = z.infer; export const EndDate = z.string(); @@ -94,6 +94,9 @@ export const SortField = z.enum([ export type SortFieldEnum = typeof SortField.enum; export const SortFieldEnum = SortField.enum; +/** + * A list of agent IDs. Max of 50. + */ export type AgentIds = z.infer; export const AgentIds = z.union([z.array(z.string().min(1)).min(1).max(50), z.string().min(1)]); @@ -115,6 +118,9 @@ export const Command = z.enum([ export type CommandEnum = typeof Command.enum; export const CommandEnum = Command.enum; +/** + * A list of response action command names. + */ export type Commands = z.infer; export const Commands = z.array(Command); @@ -133,13 +139,13 @@ export type Statuses = z.infer; export const Statuses = z.array(Status); /** - * User IDs + * A list of user IDs. */ export type UserIds = z.infer; export const UserIds = z.union([z.array(z.string().min(1)).min(1), z.string().min(1)]); /** - * Shows detailed outputs for an action response + * A list of action IDs that should include the complete output of the action. */ export type WithOutputs = z.infer; export const WithOutputs = z.union([z.array(z.string().min(1)).min(1), z.string().min(1)]); @@ -183,7 +189,7 @@ export type Parameters = z.infer; export const Parameters = z.object({}); /** - * The host agent type (optional). Defaults to endpoint. + * List of agent types to retrieve. Defaults to `endpoint`. */ export type AgentTypes = z.infer; export const AgentTypes = z.enum([ @@ -210,16 +216,6 @@ export const NoParametersRequestSchema = z.object({ body: BaseActionSchema, }); -export type Pid = z.infer; -export const Pid = z.object({ - pid: z.number().int().min(1).optional(), -}); - -export type EntityId = z.infer; -export const EntityId = z.object({ - entity_id: z.string().min(1).optional(), -}); - export type ProtectionUpdatesNoteResponse = z.infer; export const ProtectionUpdatesNoteResponse = z.object({ note: z.string().optional(), diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.schema.yaml index 457fa19f26478..324efce4960db 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/common/api/endpoint/model/schema/common.schema.yaml @@ -25,10 +25,12 @@ components: example: 10 StartDate: type: string - description: Start date + description: A start date in ISO 8601 format or Date Math format. + example: "2023-10-31T00:00:00.000Z" EndDate: type: string - description: End date + description: An end date in ISO format or Date Math format. + example: "2023-10-31T23:59:59.999Z" AgentId: type: string description: Agent ID @@ -80,6 +82,8 @@ components: maxItems: 50 - type: string minLength: 1 + description: A list of agent IDs. Max of 50. + example: [ "agent-id-1", "agent-id-2" ] minLength: 1 Command: @@ -99,6 +103,8 @@ components: Commands: type: array + description: A list of response action command names. + example: [ "isolate", "unisolate" ] items: $ref: '#/components/schemas/Command' @@ -130,7 +136,8 @@ components: minItems: 1 - type: string minLength: 1 - description: User IDs + description: A list of user IDs. + example: [ "user-id-1", "user-id-2" ] WithOutputs: oneOf: @@ -141,7 +148,8 @@ components: minItems: 1 - type: string minLength: 1 - description: Shows detailed outputs for an action response + description: A list of action IDs that should include the complete output of the action. + example: [ "action-id-1", "action-id-2" ] Type: type: string @@ -153,6 +161,7 @@ components: Types: type: array description: List of types of response actions + example: [ "automated", "manual" ] items: $ref: '#/components/schemas/Type' minLength: 1 @@ -160,27 +169,35 @@ components: EndpointIds: type: array + description: List of endpoint IDs (cannot contain empty strings) + example: [ "endpoint-id-1", "endpoint-id-2" ] items: type: string minLength: 1 minItems: 1 - description: List of endpoint IDs (cannot contain empty strings) + CaseIds: type: array + description: Case IDs to be updated (cannot contain empty strings) + example: [ "case-id-1", "case-id-2" ] items: type: string minLength: 1 minItems: 1 - description: Case IDs to be updated (cannot contain empty strings) + Comment: type: string description: Optional comment + example: "This is a comment" + Parameters: type: object description: Optional parameters object + AgentTypes: type: string - description: The host agent type (optional). Defaults to endpoint. + description: List of agent types to retrieve. Defaults to `endpoint`. + example: endpoint enum: - endpoint - sentinel_one @@ -214,20 +231,6 @@ components: body: $ref: '#/components/schemas/BaseActionSchema' - Pid: - type: object - properties: - pid: - type: integer - minimum: 1 - - EntityId: - type: object - properties: - entity_id: - type: string - minLength: 1 - ProtectionUpdatesNoteResponse: type: object properties: diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts index d6f29fe5cda89..3ae6d05b67515 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -188,10 +188,7 @@ import type { EndpointUnisolateActionRequestBodyInput, EndpointUnisolateActionResponse, } from './endpoint/actions/response_actions/unisolate/unisolate.gen'; -import type { - EndpointUploadActionRequestBodyInput, - EndpointUploadActionResponse, -} from './endpoint/actions/response_actions/upload/upload.gen'; +import type { EndpointUploadActionResponse } from './endpoint/actions/response_actions/upload/upload.gen'; import type { EndpointGetActionsStateResponse } from './endpoint/actions/state/state.gen'; import type { EndpointGetActionsStatusRequestQueryInput, @@ -1182,7 +1179,7 @@ If a record already exists for the specified entity, that record is overwritten [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'POST', - body: props.body, + body: props.attachment, }) .catch(catchAxiosErrorFormatAndThrow); } @@ -2509,7 +2506,7 @@ export interface EndpointUnisolateRedirectProps { body: EndpointUnisolateRedirectRequestBodyInput; } export interface EndpointUploadActionProps { - body: EndpointUploadActionRequestBodyInput; + attachment: FormData; } export interface ExportRulesProps { query: ExportRulesRequestQueryInput; diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index a4fa6e6a3f260..95d648a1237f3 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -17,16 +17,61 @@ paths: operationId: EndpointGetActionsList parameters: - in: query - name: query - required: true + name: page + required: false + schema: + $ref: '#/components/schemas/Page' + - in: query + name: pageSize + required: false schema: - $ref: '#/components/schemas/GetEndpointActionListRouteQuery' + $ref: '#/components/schemas/PageSize' + - in: query + name: commands + required: false + schema: + $ref: '#/components/schemas/Commands' + - in: query + name: agentIds + required: false + schema: + $ref: '#/components/schemas/AgentIds' + - in: query + name: userIds + required: false + schema: + $ref: '#/components/schemas/UserIds' + - in: query + name: startDate + required: false + schema: + $ref: '#/components/schemas/StartDate' + - in: query + name: endDate + required: false + schema: + $ref: '#/components/schemas/EndDate' + - in: query + name: agentTypes + required: false + schema: + $ref: '#/components/schemas/AgentTypes' + - in: query + name: withOutputs + required: false + schema: + $ref: '#/components/schemas/WithOutputs' + - in: query + name: types + required: false + schema: + $ref: '#/components/schemas/Types' responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetEndpointActionListResponse' description: OK summary: Get response actions tags: @@ -89,13 +134,15 @@ paths: name: action_id required: true schema: + description: The ID of the action to retrieve. + example: fr518850-681a-4y60-aa98-e22640cae2b8 type: string responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetEndpointActionResponse' description: OK summary: Get action details tags: @@ -165,7 +212,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/ExecuteRouteResponse' description: OK summary: Run a command tags: @@ -185,7 +232,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetFileRouteResponse' description: OK summary: Get a file tags: @@ -199,15 +246,55 @@ paths: requestBody: content: application/json: + examples: + multiple_endpoints: + summary: Isolates several hosts; includes a comment + value: + comment: Locked down, pending further investigation + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + single_endpoint: + summary: >- + Isolates a single host with an endpoint_id value of + ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + with_case_id: + summary: Isolates a single host with a case_id value of 1234 + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Isolating as initial response + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/IsolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/AgentTypes' + alert_ids: + $ref: '#/components/schemas/AlertIds' + case_ids: + $ref: '#/components/schemas/CaseIds' + comment: + $ref: '#/components/schemas/Comment' + endpoint_ids: + $ref: '#/components/schemas/EndpointIds' + parameters: + $ref: '#/components/schemas/Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/IsolateRouteResponse' description: OK summary: Isolate an endpoint tags: @@ -227,7 +314,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/KillProcessRouteResponse' description: OK summary: Terminate a process tags: @@ -247,7 +334,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetProcessesRouteResponse' description: OK summary: Get running processes tags: @@ -287,7 +374,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/ScanRouteResponse' description: OK summary: Scan a file or directory tags: @@ -323,7 +410,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/SuspendProcessRouteResponse' description: OK summary: Suspend a process tags: @@ -335,15 +422,55 @@ paths: requestBody: content: application/json: + examples: + multipleHosts: + summary: 'Releases several hosts; includes a comment:' + value: + comment: Benign process identified, releasing group + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + singleHost: + summary: >- + Releases a single host with an endpoint_id value of + ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + withCaseId: + summary: Releases hosts with an associated case; includes a comment. + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Remediation complete, restoring network + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/UnisolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/AgentTypes' + alert_ids: + $ref: '#/components/schemas/AlertIds' + case_ids: + $ref: '#/components/schemas/CaseIds' + comment: + $ref: '#/components/schemas/Comment' + endpoint_ids: + $ref: '#/components/schemas/EndpointIds' + parameters: + $ref: '#/components/schemas/Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/UnisolateRouteResponse' description: OK summary: Release an isolated endpoint tags: @@ -354,7 +481,7 @@ paths: operationId: EndpointUploadAction requestBody: content: - application/json: + multipart/form-data: schema: $ref: '#/components/schemas/UploadRouteRequestBody' required: true @@ -363,7 +490,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/UploadRouteResponse' description: OK summary: Upload a file tags: @@ -729,6 +856,10 @@ components: description: Agent ID type: string AgentIds: + description: A list of agent IDs. Max of 50. + example: + - agent-id-1 + - agent-id-2 minLength: 1 oneOf: - items: @@ -740,12 +871,13 @@ components: - minLength: 1 type: string AgentTypes: - description: The host agent type (optional). Defaults to endpoint. + description: List of agent types to retrieve. Defaults to `endpoint`. enum: - endpoint - sentinel_one - crowdstrike - microsoft_defender_endpoint + example: endpoint type: string AlertIds: description: A list of alerts ids. @@ -755,6 +887,9 @@ components: type: array CaseIds: description: Case IDs to be updated (cannot contain empty strings) + example: + - case-id-1 + - case-id-2 items: minLength: 1 type: string @@ -792,17 +927,26 @@ components: minLength: 1 type: string Commands: + description: A list of response action command names. + example: + - isolate + - unisolate items: $ref: '#/components/schemas/Command' type: array Comment: description: Optional comment + example: This is a comment type: string EndDate: - description: End date + description: An end date in ISO format or Date Math format. + example: '2023-10-31T23:59:59.999Z' type: string EndpointIds: description: List of endpoint IDs (cannot contain empty strings) + example: + - endpoint-id-1 + - endpoint-id-2 items: minLength: 1 type: string @@ -896,12 +1040,6 @@ components: revision: 2 type: object properties: {} - EntityId: - type: object - properties: - entity_id: - minLength: 1 - type: string ExecuteRouteRequestBody: allOf: - type: object @@ -933,33 +1071,128 @@ components: - command required: - parameters - GetEndpointActionListRouteQuery: + example: + comment: Get list of all files + endpoint_ids: + - b3d6de74-36b0-4fa8-be46-c375bf1771bf + parameters: + command: ls -al + timeout: 600 + ExecuteRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: execute + comment: Get list of all files + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 9f934028-2300-4927-b531-b26376793dc4 + isCompleted: false + isExpired: false + outputs: {} + parameters: + command: ls -al + timeout: 600 + startedAt: '2023-07-28T18:43:27.362Z' + status: pending + wasSuccessful: false type: object - properties: - agentIds: - $ref: '#/components/schemas/AgentIds' - agentTypes: - $ref: '#/components/schemas/AgentTypes' - commands: - $ref: '#/components/schemas/Commands' - endDate: - $ref: '#/components/schemas/EndDate' - page: - $ref: '#/components/schemas/Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: '#/components/schemas/StartDate' - types: - $ref: '#/components/schemas/Types' - userIds: - $ref: '#/components/schemas/UserIds' - withOutputs: - $ref: '#/components/schemas/WithOutputs' + properties: {} + GetEndpointActionListResponse: + example: + data: + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: isolate + completedAt: '2022-08-08T10:41:57.352Z' + createdBy: elastic + id: 43b4098b-8752-4fbb-a7a7-6df7c74d0ee3 + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:23:37.359Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: kill-process + comment: bad process - taking up too much cpu + completedAt: '2022-08-08T09:44:50.952Z' + createdBy: elastic + id: 5bc92c86-b8e6-42dd-837f-12ad29e09caa + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:44.125Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: unisolate + comment: Not a threat to the network + completedAt: '2022-08-08T09:40:47.398Z' + createdBy: elastic + id: 790d54e0-3aa3-4e5b-8255-3ce9d851246a + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:15.391Z' + wasSuccessful: true + elasticAgentIds: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + endDate: now + page: 1 + pageSize: 10 + startDate: now-24h/h + total: 4 + type: object + properties: {} + GetEndpointActionResponse: + example: + data: + agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + outputs: + afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0: + content: + entries: + - command: /opt/cmd1 + entity_id: fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt + pid: '822' + user: Dexter + - command: /opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3 + entity_id: pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt + pid: '984' + user: Jada + type: json + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + type: object + properties: {} GetFileRouteRequestBody: allOf: - type: object @@ -989,7 +1222,42 @@ components: - path required: - parameters + example: + comment: Get my file + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + GetFileRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: get-file + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} GetProcessesRouteRequestBody: + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 type: object properties: agent_type: @@ -1006,6 +1274,30 @@ components: $ref: '#/components/schemas/Parameters' required: - endpoint_ids + GetProcessesRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: running-processes + comment: '' + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: {} + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} HostPathScriptParameters: type: object properties: @@ -1037,23 +1329,32 @@ components: - unenrolled type: string type: array - IsolateRouteRequestBody: + IsolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/AgentTypes' - alert_ids: - $ref: '#/components/schemas/AlertIds' - case_ids: - $ref: '#/components/schemas/CaseIds' - comment: - $ref: '#/components/schemas/Comment' - endpoint_ids: - $ref: '#/components/schemas/EndpointIds' - parameters: - $ref: '#/components/schemas/Parameters' - required: - - endpoint_ids + properties: {} KillProcessRouteRequestBody: allOf: - type: object @@ -1076,16 +1377,62 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Pid' - - $ref: '#/components/schemas/EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + example: abc123 + minLength: 1 + type: string - type: object properties: process_name: - description: Valid for SentinelOne agent type only + description: >- + The name of the process to terminate. Valid for + SentinelOne agent type only. + example: Elastic minLength: 1 type: string required: - parameters + example: + comment: terminate the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + KillProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: kill-process + comment: terminate the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Kuery: description: A KQL string. example: 'united.endpoint.host.os.name : ''Windows''' @@ -1317,12 +1664,6 @@ components: $ref: '#/components/schemas/PendingActionDataType' - additionalProperties: true type: object - Pid: - type: object - properties: - pid: - minimum: 1 - type: integer ProtectionUpdatesNoteResponse: type: object properties: @@ -1382,11 +1723,45 @@ components: type: object properties: path: + description: The folder or file’s full path (including the file name). + example: /usr/my-file.txt type: string required: - path required: - parameters + example: + comment: Scan the file for malware + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + ScanRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: scan + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} SortDirection: description: Determines the sort order. enum: @@ -1409,7 +1784,8 @@ components: example: enrolled_at type: string StartDate: - description: Start date + description: A start date in ISO 8601 format or Date Math format. + example: '2023-10-31T00:00:00.000Z' type: string SuccessResponse: type: object @@ -1436,10 +1812,53 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Pid' - - $ref: '#/components/schemas/EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to suspend. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to suspend. + example: abc123 + minLength: 1 + type: string required: - parameters + example: + comment: suspend the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + SuspendProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Timeout: description: The maximum timeout value in milliseconds (optional) minimum: 1 @@ -1452,28 +1871,40 @@ components: type: string Types: description: List of types of response actions + example: + - automated + - manual items: $ref: '#/components/schemas/Type' maxLength: 2 minLength: 1 type: array - UnisolateRouteRequestBody: + UnisolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/AgentTypes' - alert_ids: - $ref: '#/components/schemas/AlertIds' - case_ids: - $ref: '#/components/schemas/CaseIds' - comment: - $ref: '#/components/schemas/Comment' - endpoint_ids: - $ref: '#/components/schemas/EndpointIds' - parameters: - $ref: '#/components/schemas/Parameters' - required: - - endpoint_ids + properties: {} UploadRouteRequestBody: allOf: - type: object @@ -1495,6 +1926,8 @@ components: - type: object properties: file: + description: The binary content of the file. + example: RWxhc3RpYw== format: binary type: string parameters: @@ -1502,12 +1935,51 @@ components: properties: overwrite: default: false + description: Overwrite the file on the host if it already exists. + example: false type: boolean required: - parameters - file + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + file: RWxhc3RpYw== + parameters: {} + UploadRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: upload + createdBy: elastic + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: Host-5i6cuc8kdv + id: 9ff6aebc-2cb6-481e-8869-9b30036c9731 + isCompleted: false + isExpired: false + outputs: {} + parameters: + file_id: 10e4ce3d-4abb-4f93-a0cd-eaf63a489280 + file_name: fix-malware.sh + file_sha256: a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a + file_size: 69 + startedAt: '2023-07-03T15:07:22.837Z' + status: pending + wasSuccessful: false + type: object + properties: {} UserIds: - description: User IDs + description: A list of user IDs. + example: + - user-id-1 + - user-id-2 oneOf: - items: minLength: 1 @@ -1517,7 +1989,12 @@ components: - minLength: 1 type: string WithOutputs: - description: Shows detailed outputs for an action response + description: >- + A list of action IDs that should include the complete output of the + action. + example: + - action-id-1 + - action-id-2 oneOf: - items: minLength: 1 diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index 74473e3c810e8..d2727974dbe10 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -17,16 +17,61 @@ paths: operationId: EndpointGetActionsList parameters: - in: query - name: query - required: true + name: page + required: false + schema: + $ref: '#/components/schemas/Page' + - in: query + name: pageSize + required: false + schema: + $ref: '#/components/schemas/PageSize' + - in: query + name: commands + required: false + schema: + $ref: '#/components/schemas/Commands' + - in: query + name: agentIds + required: false + schema: + $ref: '#/components/schemas/AgentIds' + - in: query + name: userIds + required: false + schema: + $ref: '#/components/schemas/UserIds' + - in: query + name: startDate + required: false + schema: + $ref: '#/components/schemas/StartDate' + - in: query + name: endDate + required: false + schema: + $ref: '#/components/schemas/EndDate' + - in: query + name: agentTypes + required: false + schema: + $ref: '#/components/schemas/AgentTypes' + - in: query + name: withOutputs + required: false + schema: + $ref: '#/components/schemas/WithOutputs' + - in: query + name: types + required: false schema: - $ref: '#/components/schemas/GetEndpointActionListRouteQuery' + $ref: '#/components/schemas/Types' responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetEndpointActionListResponse' description: OK summary: Get response actions tags: @@ -89,13 +134,15 @@ paths: name: action_id required: true schema: + description: The ID of the action to retrieve. + example: fr518850-681a-4y60-aa98-e22640cae2b8 type: string responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetEndpointActionResponse' description: OK summary: Get action details tags: @@ -165,7 +212,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/ExecuteRouteResponse' description: OK summary: Run a command tags: @@ -185,7 +232,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetFileRouteResponse' description: OK summary: Get a file tags: @@ -199,15 +246,55 @@ paths: requestBody: content: application/json: + examples: + multiple_endpoints: + summary: Isolates several hosts; includes a comment + value: + comment: Locked down, pending further investigation + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + single_endpoint: + summary: >- + Isolates a single host with an endpoint_id value of + ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + with_case_id: + summary: Isolates a single host with a case_id value of 1234 + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Isolating as initial response + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/IsolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/AgentTypes' + alert_ids: + $ref: '#/components/schemas/AlertIds' + case_ids: + $ref: '#/components/schemas/CaseIds' + comment: + $ref: '#/components/schemas/Comment' + endpoint_ids: + $ref: '#/components/schemas/EndpointIds' + parameters: + $ref: '#/components/schemas/Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/IsolateRouteResponse' description: OK summary: Isolate an endpoint tags: @@ -227,7 +314,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/KillProcessRouteResponse' description: OK summary: Terminate a process tags: @@ -247,7 +334,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/GetProcessesRouteResponse' description: OK summary: Get running processes tags: @@ -287,7 +374,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/ScanRouteResponse' description: OK summary: Scan a file or directory tags: @@ -323,7 +410,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/SuspendProcessRouteResponse' description: OK summary: Suspend a process tags: @@ -335,15 +422,55 @@ paths: requestBody: content: application/json: + examples: + multipleHosts: + summary: 'Releases several hosts; includes a comment:' + value: + comment: Benign process identified, releasing group + endpoint_ids: + - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 + - bc0e4f0c-3bca-4633-9fee-156c0b505d16 + - fa89271b-b9d4-43f2-a684-307cffddeb5a + singleHost: + summary: >- + Releases a single host with an endpoint_id value of + ed518850-681a-4d60-bb98-e22640cae2a8 + value: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + withCaseId: + summary: Releases hosts with an associated case; includes a comment. + value: + case_ids: + - 4976be38-c134-4554-bd5e-0fd89ce63667 + comment: Remediation complete, restoring network + endpoint_ids: + - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 + - b30a11bf-1395-4707-b508-fbb45ef9793e schema: - $ref: '#/components/schemas/UnisolateRouteRequestBody' + type: object + properties: + agent_type: + $ref: '#/components/schemas/AgentTypes' + alert_ids: + $ref: '#/components/schemas/AlertIds' + case_ids: + $ref: '#/components/schemas/CaseIds' + comment: + $ref: '#/components/schemas/Comment' + endpoint_ids: + $ref: '#/components/schemas/EndpointIds' + parameters: + $ref: '#/components/schemas/Parameters' + required: + - endpoint_ids required: true responses: '200': content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/UnisolateRouteResponse' description: OK summary: Release an isolated endpoint tags: @@ -354,7 +481,7 @@ paths: operationId: EndpointUploadAction requestBody: content: - application/json: + multipart/form-data: schema: $ref: '#/components/schemas/UploadRouteRequestBody' required: true @@ -363,7 +490,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/SuccessResponse' + $ref: '#/components/schemas/UploadRouteResponse' description: OK summary: Upload a file tags: @@ -629,6 +756,10 @@ components: description: Agent ID type: string AgentIds: + description: A list of agent IDs. Max of 50. + example: + - agent-id-1 + - agent-id-2 minLength: 1 oneOf: - items: @@ -640,12 +771,13 @@ components: - minLength: 1 type: string AgentTypes: - description: The host agent type (optional). Defaults to endpoint. + description: List of agent types to retrieve. Defaults to `endpoint`. enum: - endpoint - sentinel_one - crowdstrike - microsoft_defender_endpoint + example: endpoint type: string AlertIds: description: A list of alerts ids. @@ -655,6 +787,9 @@ components: type: array CaseIds: description: Case IDs to be updated (cannot contain empty strings) + example: + - case-id-1 + - case-id-2 items: minLength: 1 type: string @@ -692,17 +827,26 @@ components: minLength: 1 type: string Commands: + description: A list of response action command names. + example: + - isolate + - unisolate items: $ref: '#/components/schemas/Command' type: array Comment: description: Optional comment + example: This is a comment type: string EndDate: - description: End date + description: An end date in ISO format or Date Math format. + example: '2023-10-31T23:59:59.999Z' type: string EndpointIds: description: List of endpoint IDs (cannot contain empty strings) + example: + - endpoint-id-1 + - endpoint-id-2 items: minLength: 1 type: string @@ -796,12 +940,6 @@ components: revision: 2 type: object properties: {} - EntityId: - type: object - properties: - entity_id: - minLength: 1 - type: string ExecuteRouteRequestBody: allOf: - type: object @@ -833,33 +971,128 @@ components: - command required: - parameters - GetEndpointActionListRouteQuery: + example: + comment: Get list of all files + endpoint_ids: + - b3d6de74-36b0-4fa8-be46-c375bf1771bf + parameters: + command: ls -al + timeout: 600 + ExecuteRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: execute + comment: Get list of all files + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 9f934028-2300-4927-b531-b26376793dc4 + isCompleted: false + isExpired: false + outputs: {} + parameters: + command: ls -al + timeout: 600 + startedAt: '2023-07-28T18:43:27.362Z' + status: pending + wasSuccessful: false type: object - properties: - agentIds: - $ref: '#/components/schemas/AgentIds' - agentTypes: - $ref: '#/components/schemas/AgentTypes' - commands: - $ref: '#/components/schemas/Commands' - endDate: - $ref: '#/components/schemas/EndDate' - page: - $ref: '#/components/schemas/Page' - pageSize: - default: 10 - description: Number of items per page - maximum: 10000 - minimum: 1 - type: integer - startDate: - $ref: '#/components/schemas/StartDate' - types: - $ref: '#/components/schemas/Types' - userIds: - $ref: '#/components/schemas/UserIds' - withOutputs: - $ref: '#/components/schemas/WithOutputs' + properties: {} + GetEndpointActionListResponse: + example: + data: + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: isolate + completedAt: '2022-08-08T10:41:57.352Z' + createdBy: elastic + id: 43b4098b-8752-4fbb-a7a7-6df7c74d0ee3 + isCompleted: true + isExpired: false + startedAt: '2022-08-08T15:23:37.359Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: kill-process + comment: bad process - taking up too much cpu + completedAt: '2022-08-08T09:44:50.952Z' + createdBy: elastic + id: 5bc92c86-b8e6-42dd-837f-12ad29e09caa + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:44.125Z' + wasSuccessful: true + - agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: unisolate + comment: Not a threat to the network + completedAt: '2022-08-08T09:40:47.398Z' + createdBy: elastic + id: 790d54e0-3aa3-4e5b-8255-3ce9d851246a + isCompleted: true + isExpired: false + startedAt: '2022-08-08T14:38:15.391Z' + wasSuccessful: true + elasticAgentIds: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + endDate: now + page: 1 + pageSize: 10 + startDate: now-24h/h + total: 4 + type: object + properties: {} + GetEndpointActionResponse: + example: + data: + agents: + - afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0 + agentType: endpoint + command: running-processes + completedAt: '2022-08-08T09:50:47.672Z' + createdBy: elastic + id: b3d6de74-36b0-4fa8-be46-c375bf1771bf + isCompleted: true + isExpired: false + outputs: + afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0: + content: + entries: + - command: /opt/cmd1 + entity_id: fk2ym7bl3oiu3okjcik0xosc0i0m75x3eh49nu3uaqt4dqanjt + pid: '822' + user: Dexter + - command: /opt/cmd3/opt/cmd3/opt/cmd3/opt/cmd3 + entity_id: pwvz91m48wpj9j7ov9gtw8fp7u2rat4eu5ipte37hnhdcbi2pt + pid: '984' + user: Jada + type: json + startedAt: '2022-08-08T15:24:57.402Z' + wasSuccessful: true + type: object + properties: {} GetFileRouteRequestBody: allOf: - type: object @@ -889,7 +1122,42 @@ components: - path required: - parameters + example: + comment: Get my file + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + GetFileRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: get-file + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} GetProcessesRouteRequestBody: + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 type: object properties: agent_type: @@ -906,6 +1174,30 @@ components: $ref: '#/components/schemas/Parameters' required: - endpoint_ids + GetProcessesRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: running-processes + comment: '' + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: {} + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} HostPathScriptParameters: type: object properties: @@ -937,23 +1229,32 @@ components: - unenrolled type: string type: array - IsolateRouteRequestBody: + IsolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/AgentTypes' - alert_ids: - $ref: '#/components/schemas/AlertIds' - case_ids: - $ref: '#/components/schemas/CaseIds' - comment: - $ref: '#/components/schemas/Comment' - endpoint_ids: - $ref: '#/components/schemas/EndpointIds' - parameters: - $ref: '#/components/schemas/Parameters' - required: - - endpoint_ids + properties: {} KillProcessRouteRequestBody: allOf: - type: object @@ -976,16 +1277,62 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Pid' - - $ref: '#/components/schemas/EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to terminate. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to terminate. + example: abc123 + minLength: 1 + type: string - type: object properties: process_name: - description: Valid for SentinelOne agent type only + description: >- + The name of the process to terminate. Valid for + SentinelOne agent type only. + example: Elastic minLength: 1 type: string required: - parameters + example: + comment: terminate the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + KillProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: kill-process + comment: terminate the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Kuery: description: A KQL string. example: 'united.endpoint.host.os.name : ''Windows''' @@ -1217,12 +1564,6 @@ components: $ref: '#/components/schemas/PendingActionDataType' - additionalProperties: true type: object - Pid: - type: object - properties: - pid: - minimum: 1 - type: integer ProtectionUpdatesNoteResponse: type: object properties: @@ -1282,11 +1623,45 @@ components: type: object properties: path: + description: The folder or file’s full path (including the file name). + example: /usr/my-file.txt type: string required: - path required: - parameters + example: + comment: Scan the file for malware + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + path: /usr/my-file.txt + ScanRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: scan + createdBy: myuser + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r + id: 27ba1b42-7cc6-4e53-86ce-675c876092b2 + isCompleted: false + isExpired: false + outputs: {} + parameters: + path: /usr/my-file.txt + startedAt: '2023-07-28T19:00:03.911Z' + status: pending + wasSuccessful: false + type: object + properties: {} SortDirection: description: Determines the sort order. enum: @@ -1309,7 +1684,8 @@ components: example: enrolled_at type: string StartDate: - description: Start date + description: A start date in ISO 8601 format or Date Math format. + example: '2023-10-31T00:00:00.000Z' type: string SuccessResponse: type: object @@ -1336,10 +1712,53 @@ components: properties: parameters: oneOf: - - $ref: '#/components/schemas/Pid' - - $ref: '#/components/schemas/EntityId' + - type: object + properties: + pid: + description: The process ID (PID) of the process to suspend. + example: 123 + minimum: 1 + type: integer + - type: object + properties: + entity_id: + description: The entity ID of the process to suspend. + example: abc123 + minLength: 1 + type: string required: - parameters + example: + comment: suspend the process + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + parameters: + entity_id: abc123 + SuspendProcessRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true + type: object + properties: {} Timeout: description: The maximum timeout value in milliseconds (optional) minimum: 1 @@ -1352,28 +1771,40 @@ components: type: string Types: description: List of types of response actions + example: + - automated + - manual items: $ref: '#/components/schemas/Type' maxLength: 2 minLength: 1 type: array - UnisolateRouteRequestBody: + UnisolateRouteResponse: + example: + action: 233db9ea-6733-4849-9226-5a7039c7161d + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentType: endpoint + command: suspend-process + comment: suspend the process + completedAt: '2022-07-29T19:09:44.961Z' + createdBy: myuser + errors: [] + id: 233db9ea-6733-4849-9226-5a7039c7161d + isCompleted: true + isExpired: false + outputs: + ed518850-681a-4d60-bb98-e22640cae2a8: + content: + key: value + type: json + parameters: + entity_id: abc123 + startedAt: '2022-07-29T19:08:49.126Z' + wasSuccessful: true type: object - properties: - agent_type: - $ref: '#/components/schemas/AgentTypes' - alert_ids: - $ref: '#/components/schemas/AlertIds' - case_ids: - $ref: '#/components/schemas/CaseIds' - comment: - $ref: '#/components/schemas/Comment' - endpoint_ids: - $ref: '#/components/schemas/EndpointIds' - parameters: - $ref: '#/components/schemas/Parameters' - required: - - endpoint_ids + properties: {} UploadRouteRequestBody: allOf: - type: object @@ -1395,6 +1826,8 @@ components: - type: object properties: file: + description: The binary content of the file. + example: RWxhc3RpYw== format: binary type: string parameters: @@ -1402,12 +1835,51 @@ components: properties: overwrite: default: false + description: Overwrite the file on the host if it already exists. + example: false type: boolean required: - parameters - file + example: + endpoint_ids: + - ed518850-681a-4d60-bb98-e22640cae2a8 + file: RWxhc3RpYw== + parameters: {} + UploadRouteResponse: + example: + data: + agents: + - ed518850-681a-4d60-bb98-e22640cae2a8 + agentState: + ed518850-681a-4d60-bb98-e22640cae2a8: + isCompleted: false + wasSuccessful: false + agentType: endpoint + command: upload + createdBy: elastic + hosts: + ed518850-681a-4d60-bb98-e22640cae2a8: + name: Host-5i6cuc8kdv + id: 9ff6aebc-2cb6-481e-8869-9b30036c9731 + isCompleted: false + isExpired: false + outputs: {} + parameters: + file_id: 10e4ce3d-4abb-4f93-a0cd-eaf63a489280 + file_name: fix-malware.sh + file_sha256: a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a + file_size: 69 + startedAt: '2023-07-03T15:07:22.837Z' + status: pending + wasSuccessful: false + type: object + properties: {} UserIds: - description: User IDs + description: A list of user IDs. + example: + - user-id-1 + - user-id-2 oneOf: - items: minLength: 1 @@ -1417,7 +1889,12 @@ components: - minLength: 1 type: string WithOutputs: - description: Shows detailed outputs for an action response + description: >- + A list of action IDs that should include the complete output of the + action. + example: + - action-id-1 + - action-id-2 oneOf: - items: minLength: 1 diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index 5614ee93c41ca..9bee648c23e2d 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -65,8 +65,6 @@ import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solutio import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; -import { EndpointUnisolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen'; -import { EndpointUploadActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/upload/upload.gen'; import { ExportRulesRequestQueryInput, ExportRulesRequestBodyInput, @@ -750,13 +748,12 @@ If a record already exists for the specified entity, that record is overwritten /** * Upload a file to an endpoint. */ - endpointUploadAction(props: EndpointUploadActionProps, kibanaSpace: string = 'default') { + endpointUploadAction(kibanaSpace: string = 'default') { return supertest .post(routeWithNamespace('/api/endpoint/action/upload', kibanaSpace)) .set('kbn-xsrf', 'true') .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') - .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana') - .send(props.body as object); + .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); }, entityStoreGetPrivileges(kibanaSpace: string = 'default') { return supertest @@ -1796,12 +1793,6 @@ export interface EndpointSuspendProcessActionProps { export interface EndpointUnisolateActionProps { body: EndpointUnisolateActionRequestBodyInput; } -export interface EndpointUnisolateRedirectProps { - body: EndpointUnisolateRedirectRequestBodyInput; -} -export interface EndpointUploadActionProps { - body: EndpointUploadActionRequestBodyInput; -} export interface ExportRulesProps { query: ExportRulesRequestQueryInput; body: ExportRulesRequestBodyInput; From 1c4c337307987f6aac20981595dcf1829f233a3b Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:19:58 +0000 Subject: [PATCH 2/5] [CI] Auto-commit changed files from 'yarn openapi:bundle' --- ...n_endpoint_management_api_2023_10_31.bundled.schema.yaml | 6 +++--- ...n_endpoint_management_api_2023_10_31.bundled.schema.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index 95d648a1237f3..83077652222ef 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -250,7 +250,7 @@ paths: multiple_endpoints: summary: Isolates several hosts; includes a comment value: - comment: Locked down, pending further investigation + comment: 'Locked down, pending further investigation' endpoint_ids: - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 - bc0e4f0c-3bca-4633-9fee-156c0b505d16 @@ -426,7 +426,7 @@ paths: multipleHosts: summary: 'Releases several hosts; includes a comment:' value: - comment: Benign process identified, releasing group + comment: 'Benign process identified, releasing group' endpoint_ids: - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 - bc0e4f0c-3bca-4633-9fee-156c0b505d16 @@ -443,7 +443,7 @@ paths: value: case_ids: - 4976be38-c134-4554-bd5e-0fd89ce63667 - comment: Remediation complete, restoring network + comment: 'Remediation complete, restoring network' endpoint_ids: - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 - b30a11bf-1395-4707-b508-fbb45ef9793e diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index d2727974dbe10..239b2de7e4548 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -250,7 +250,7 @@ paths: multiple_endpoints: summary: Isolates several hosts; includes a comment value: - comment: Locked down, pending further investigation + comment: 'Locked down, pending further investigation' endpoint_ids: - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 - bc0e4f0c-3bca-4633-9fee-156c0b505d16 @@ -426,7 +426,7 @@ paths: multipleHosts: summary: 'Releases several hosts; includes a comment:' value: - comment: Benign process identified, releasing group + comment: 'Benign process identified, releasing group' endpoint_ids: - 9972d10e-4b9e-41aa-a534-a85e2a28ea42 - bc0e4f0c-3bca-4633-9fee-156c0b505d16 @@ -443,7 +443,7 @@ paths: value: case_ids: - 4976be38-c134-4554-bd5e-0fd89ce63667 - comment: Remediation complete, restoring network + comment: 'Remediation complete, restoring network' endpoint_ids: - 1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0 - b30a11bf-1395-4707-b508-fbb45ef9793e From d70b96bac8ec68431b5a6e2e8797bc202032ca6f Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 3 Mar 2025 10:39:09 +0000 Subject: [PATCH 3/5] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index f3351bf42a52a..5c735f083b3ed 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -17013,7 +17013,7 @@ paths: schema: type: object description: | - Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -17045,7 +17045,7 @@ paths: schema: type: object description: | - Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. + Indicates a successful call. NOTE: This HTTP response code indicates that the bulk operation succeeded. Errors pertaining to individual objects will be returned in the response body. '400': content: application/json; Elastic-Api-Version=2023-10-31: @@ -25490,7 +25490,7 @@ components: type: boolean scaling_factor: description: | - The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. + The scaling factor to use when encoding values. This property is applicable when `type` is `scaled_float`. Values will be multiplied by this factor at index time and rounded to the closest long value. type: integer type: description: Specifies the data type for the field. @@ -41801,7 +41801,7 @@ components: items: type: string description: | - A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format + A list of "carbon copy" email addresses. Addresses can be specified in `user@host-name` format or in name `` format message: type: string description: The email message text. Markdown format is supported. From 58ad2df57a90c3ce371b6498f6ad323c4683a035 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 3 Mar 2025 11:04:19 +0000 Subject: [PATCH 4/5] [CI] Auto-commit changed files from 'yarn openapi:generate' --- .../api_integration/services/security_solution_api.gen.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index 9bee648c23e2d..c0e3cadd13ae5 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -65,6 +65,7 @@ import { EndpointKillProcessActionRequestBodyInput } from '@kbn/security-solutio import { EndpointScanActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/scan/scan.gen'; import { EndpointSuspendProcessActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/suspend_process/suspend_process.gen'; import { EndpointUnisolateActionRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/unisolate.gen'; +import { EndpointUnisolateRedirectRequestBodyInput } from '@kbn/security-solution-plugin/common/api/endpoint/actions/response_actions/unisolate/deprecated_unisolate.gen'; import { ExportRulesRequestQueryInput, ExportRulesRequestBodyInput, @@ -1793,6 +1794,9 @@ export interface EndpointSuspendProcessActionProps { export interface EndpointUnisolateActionProps { body: EndpointUnisolateActionRequestBodyInput; } +export interface EndpointUnisolateRedirectProps { + body: EndpointUnisolateRedirectRequestBodyInput; +} export interface ExportRulesProps { query: ExportRulesRequestQueryInput; body: ExportRulesRequestBodyInput; From e7ca4b4652c92733016c8741c8c30dabb8077d0a Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 3 Mar 2025 13:50:41 +0000 Subject: [PATCH 5/5] [CI] Auto-commit changed files from 'make api-docs' --- oas_docs/output/kibana.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index 724b1f453a3cf..b9b03fbdf359d 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -12924,7 +12924,7 @@ paths: operationId: EndpointUploadAction requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: + multipart/form-data: schema: $ref: '#/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody' required: true