diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml
index fab328a9d09d4..21e1bb6876c98 100644
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@@ -16125,91 +16125,90 @@ paths:
- content: Kibana, Elastic Cloud Serverless
name: product_name
/api/entity_store/entities/{entityType}:
- put:
+ delete:
description: |
- Update or create an entity in Entity Store.
- If the specified entity already exists, it is updated with the provided values. If the entity does not exist, a new one is created. By default, only the following fields can be updated: * `entity.attributes.*` * `entity.lifecycle.*` * `entity.behavior.*` To update other fields, set the `force` query parameter to `true`. > info > Some fields always retain the first observed value. Updates to these fields will not appear in the final index.
- > Due to technical limitations, not all updates are guaranteed to appear in the final list of observed values.
- > Due to technical limitations, create is an async operation. The time for a document to be present in the > final index depends on the entity store transform and usually takes more than 1 minute.
- operationId: UpsertEntity
+ Delete a single entity in Entity Store.
+ The entity will be immediately deleted from the latest index. It will remain available in historical snapshots if it has been snapshotted. The delete operation does not prevent the entity from being recreated if it is observed again in the future.
+ operationId: DeleteSingleEntity
parameters:
- in: path
name: entityType
required: true
schema:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
- - in: query
- name: force
- required: false
- schema:
- default: false
- type: boolean
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
- description: Schema for the updating a single entity
+ type: object
+ properties:
+ id:
+ description: Identifier of the entity to be deleted, commonly entity.id value.
+ type: string
+ required:
+ - id
+ description: Schema for the deleting entity
required: true
responses:
'200':
content:
application/json:
schema:
- $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
- description: Entity updated or created
- '403':
- description: Operation on a restricted field
- '409':
- description: Conflict. The entity was updated while another update was happening in ElasticSearch
+ type: object
+ properties:
+ deleted:
+ type: boolean
+ description: Successful response. Entity deleted.
+ '404':
+ description: Entity Not Found. No entity with this ID and Type exists.
'503':
description: Operation on an uninitialized Engine or in a cluster without CRUD API Enabled
- summary: Upsert an entity in Entity Store
+ summary: Delete an entity in Entity Store
tags:
- Security Entity Analytics API
x-metaTags:
- content: Kibana, Elastic Cloud Serverless
name: product_name
- /api/entity_store/entities/{entityType}/{entityId}:
- delete:
+ put:
description: |
- Delete a single entity in Entity Store.
- The entity will be immediately deleted from the latest index. It will remain available in historical snapshots if it has been snapshotted. The delete operation does not prevent the entity from being recreated if it is observed again in the future.
- operationId: DeleteSingleEntity
+ Update or create an entity in Entity Store.
+ If the specified entity already exists, it is updated with the provided values. If the entity does not exist, a new one is created. By default, only the following fields can be updated: * `entity.attributes.*` * `entity.lifecycle.*` * `entity.behavior.*` To update other fields, set the `force` query parameter to `true`. > info > Some fields always retain the first observed value. Updates to these fields will not appear in the final index.
+ > Due to technical limitations, not all updates are guaranteed to appear in the final list of observed values.
+ > Due to technical limitations, create is an async operation. The time for a document to be present in the > final index depends on the entity store transform and usually takes more than 1 minute.
+ operationId: UpsertEntity
parameters:
- in: path
name: entityType
required: true
schema:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
+ - in: query
+ name: force
+ required: false
+ schema:
+ default: false
+ type: boolean
requestBody:
content:
application/json:
schema:
- type: object
- properties:
- id:
- description: Identifier of the entity to be deleted, commonly entity.id value.
- type: string
- required:
- - id
- description: Schema for the deleting entity
+ $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
+ description: Schema for the updating a single entity
required: true
responses:
'200':
content:
application/json:
schema:
- type: object
- properties:
- deleted:
- type: boolean
- description: Successful response. Entity deleted.
- '404':
- description: Entity Not Found. No entity with this ID and Type exists.
+ $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
+ description: Entity updated or created
+ '403':
+ description: Operation on a restricted field
+ '409':
+ description: Conflict. The entity was updated while another update was happening in ElasticSearch
'503':
description: Operation on an uninitialized Engine or in a cluster without CRUD API Enabled
- summary: Delete an entity in Entity Store
+ summary: Upsert an entity in Entity Store
tags:
- Security Entity Analytics API
x-metaTags:
diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml
index 16676a0cfabb2..8801a411293d5 100644
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@@ -19579,103 +19579,102 @@ paths:
Refer to [Spaces](https://www.elastic.co/docs/deploy-manage/manage-spaces) for more information.
/api/entity_store/entities/{entityType}:
- put:
+ delete:
description: |
**Spaces method and path for this operation:**
- put /s/{space_id}/api/entity_store/entities/{entityType}
+ delete /s/{space_id}/api/entity_store/entities/{entityType}
Refer to [Spaces](https://www.elastic.co/docs/deploy-manage/manage-spaces) for more information.
- Update or create an entity in Entity Store.
- If the specified entity already exists, it is updated with the provided values. If the entity does not exist, a new one is created. By default, only the following fields can be updated: * `entity.attributes.*` * `entity.lifecycle.*` * `entity.behavior.*` To update other fields, set the `force` query parameter to `true`. > info > Some fields always retain the first observed value. Updates to these fields will not appear in the final index.
- > Due to technical limitations, not all updates are guaranteed to appear in the final list of observed values.
- > Due to technical limitations, create is an async operation. The time for a document to be present in the > final index depends on the entity store transform and usually takes more than 1 minute.
- operationId: UpsertEntity
+ Delete a single entity in Entity Store.
+ The entity will be immediately deleted from the latest index. It will remain available in historical snapshots if it has been snapshotted. The delete operation does not prevent the entity from being recreated if it is observed again in the future.
+ operationId: DeleteSingleEntity
parameters:
- in: path
name: entityType
required: true
schema:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
- - in: query
- name: force
- required: false
- schema:
- default: false
- type: boolean
requestBody:
content:
application/json:
schema:
- $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
- description: Schema for the updating a single entity
+ type: object
+ properties:
+ id:
+ description: Identifier of the entity to be deleted, commonly entity.id value.
+ type: string
+ required:
+ - id
+ description: Schema for the deleting entity
required: true
responses:
'200':
content:
application/json:
schema:
- $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
- description: Entity updated or created
- '403':
- description: Operation on a restricted field
- '409':
- description: Conflict. The entity was updated while another update was happening in ElasticSearch
+ type: object
+ properties:
+ deleted:
+ type: boolean
+ description: Successful response. Entity deleted.
+ '404':
+ description: Entity Not Found. No entity with this ID and Type exists.
'503':
description: Operation on an uninitialized Engine or in a cluster without CRUD API Enabled
- summary: Upsert an entity in Entity Store
+ summary: Delete an entity in Entity Store
tags:
- Security Entity Analytics API
x-metaTags:
- content: Kibana
name: product_name
- /api/entity_store/entities/{entityType}/{entityId}:
- delete:
+ put:
description: |
**Spaces method and path for this operation:**
- delete /s/{space_id}/api/entity_store/entities/{entityType}/{entityId}
+ put /s/{space_id}/api/entity_store/entities/{entityType}
Refer to [Spaces](https://www.elastic.co/docs/deploy-manage/manage-spaces) for more information.
- Delete a single entity in Entity Store.
- The entity will be immediately deleted from the latest index. It will remain available in historical snapshots if it has been snapshotted. The delete operation does not prevent the entity from being recreated if it is observed again in the future.
- operationId: DeleteSingleEntity
+ Update or create an entity in Entity Store.
+ If the specified entity already exists, it is updated with the provided values. If the entity does not exist, a new one is created. By default, only the following fields can be updated: * `entity.attributes.*` * `entity.lifecycle.*` * `entity.behavior.*` To update other fields, set the `force` query parameter to `true`. > info > Some fields always retain the first observed value. Updates to these fields will not appear in the final index.
+ > Due to technical limitations, not all updates are guaranteed to appear in the final list of observed values.
+ > Due to technical limitations, create is an async operation. The time for a document to be present in the > final index depends on the entity store transform and usually takes more than 1 minute.
+ operationId: UpsertEntity
parameters:
- in: path
name: entityType
required: true
schema:
$ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType'
+ - in: query
+ name: force
+ required: false
+ schema:
+ default: false
+ type: boolean
requestBody:
content:
application/json:
schema:
- type: object
- properties:
- id:
- description: Identifier of the entity to be deleted, commonly entity.id value.
- type: string
- required:
- - id
- description: Schema for the deleting entity
+ $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
+ description: Schema for the updating a single entity
required: true
responses:
'200':
content:
application/json:
schema:
- type: object
- properties:
- deleted:
- type: boolean
- description: Successful response. Entity deleted.
- '404':
- description: Entity Not Found. No entity with this ID and Type exists.
+ $ref: '#/components/schemas/Security_Entity_Analytics_API_Entity'
+ description: Entity updated or created
+ '403':
+ description: Operation on a restricted field
+ '409':
+ description: Conflict. The entity was updated while another update was happening in ElasticSearch
'503':
description: Operation on an uninitialized Engine or in a cluster without CRUD API Enabled
- summary: Delete an entity in Entity Store
+ summary: Upsert an entity in Entity Store
tags:
- Security Entity Analytics API
x-metaTags:
diff --git a/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts b/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts
index c886378e0d8eb..0e6748a081da8 100644
--- a/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts
+++ b/x-pack/solutions/security/packages/test-api-clients/supertest/entity_analytics.gen.ts
@@ -254,7 +254,7 @@ The entity will be immediately deleted from the latest index. It will remain av
return supertest
.delete(
getRouteUrlForSpace(
- replaceParams('/api/entity_store/entities/{entityType}/{entityId}', props.params),
+ replaceParams('/api/entity_store/entities/{entityType}', props.params),
kibanaSpace
)
)
diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/delete_entity.schema.yaml b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/delete_entity.schema.yaml
index ae7b73e45d395..8a1dfa2212c3a 100644
--- a/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/delete_entity.schema.yaml
+++ b/x-pack/solutions/security/plugins/security_solution/common/api/entity_analytics/entity_store/entities/delete_entity.schema.yaml
@@ -3,7 +3,7 @@ info:
version: '2023-10-31'
title: Entity Store - Delete Single Entity
paths:
- /api/entity_store/entities/{entityType}/{entityId}:
+ /api/entity_store/entities/{entityType}:
delete:
x-labels: [ess, serverless]
x-codegen-enabled: true
diff --git a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
index f8cac2da6d864..340281d1d5eab 100644
--- a/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
+++ b/x-pack/solutions/security/plugins/security_solution/common/api/quickstart_client.gen.ts
@@ -1085,7 +1085,7 @@ The entity will be immediately deleted from the latest index. It will remain av
this.log.info(`${new Date().toISOString()} Calling API DeleteSingleEntity`);
return this.kbnClient
.request({
- path: replaceParams('/api/entity_store/entities/{entityType}/{entityId}', props.params),
+ path: replaceParams('/api/entity_store/entities/{entityType}', props.params),
headers: {
[ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31',
},
diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
index 933e1d0422bda..d31100793e561 100644
--- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
@@ -984,6 +984,55 @@ paths:
tags:
- Security Entity Analytics API
/api/entity_store/entities/{entityType}:
+ delete:
+ description: >
+ Delete a single entity in Entity Store.
+
+ The entity will be immediately deleted from the latest index. It will
+ remain available in historical snapshots if it has been snapshotted.
+ The delete operation does not prevent the entity from being recreated if
+ it is observed again in the future.
+ operationId: DeleteSingleEntity
+ parameters:
+ - in: path
+ name: entityType
+ required: true
+ schema:
+ $ref: '#/components/schemas/EntityType'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ description: >-
+ Identifier of the entity to be deleted, commonly entity.id
+ value.
+ type: string
+ required:
+ - id
+ description: Schema for the deleting entity
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ deleted:
+ type: boolean
+ description: Successful response. Entity deleted.
+ '404':
+ description: Entity Not Found. No entity with this ID and Type exists.
+ '503':
+ description: >-
+ Operation on an uninitialized Engine or in a cluster without CRUD
+ API Enabled
+ summary: Delete an entity in Entity Store
+ tags:
+ - Security Entity Analytics API
put:
description: >
Update or create an entity in Entity Store.
@@ -1042,56 +1091,6 @@ paths:
summary: Upsert an entity in Entity Store
tags:
- Security Entity Analytics API
- /api/entity_store/entities/{entityType}/{entityId}:
- delete:
- description: >
- Delete a single entity in Entity Store.
-
- The entity will be immediately deleted from the latest index. It will
- remain available in historical snapshots if it has been snapshotted.
- The delete operation does not prevent the entity from being recreated if
- it is observed again in the future.
- operationId: DeleteSingleEntity
- parameters:
- - in: path
- name: entityType
- required: true
- schema:
- $ref: '#/components/schemas/EntityType'
- requestBody:
- content:
- application/json:
- schema:
- type: object
- properties:
- id:
- description: >-
- Identifier of the entity to be deleted, commonly entity.id
- value.
- type: string
- required:
- - id
- description: Schema for the deleting entity
- required: true
- responses:
- '200':
- content:
- application/json:
- schema:
- type: object
- properties:
- deleted:
- type: boolean
- description: Successful response. Entity deleted.
- '404':
- description: Entity Not Found. No entity with this ID and Type exists.
- '503':
- description: >-
- Operation on an uninitialized Engine or in a cluster without CRUD
- API Enabled
- summary: Delete an entity in Entity Store
- tags:
- - Security Entity Analytics API
/api/entity_store/entities/bulk:
put:
description: >
diff --git a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
index 6ea68afadfe81..ea30a0e33cbf0 100644
--- a/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
+++ b/x-pack/solutions/security/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml
@@ -984,6 +984,55 @@ paths:
tags:
- Security Entity Analytics API
/api/entity_store/entities/{entityType}:
+ delete:
+ description: >
+ Delete a single entity in Entity Store.
+
+ The entity will be immediately deleted from the latest index. It will
+ remain available in historical snapshots if it has been snapshotted.
+ The delete operation does not prevent the entity from being recreated if
+ it is observed again in the future.
+ operationId: DeleteSingleEntity
+ parameters:
+ - in: path
+ name: entityType
+ required: true
+ schema:
+ $ref: '#/components/schemas/EntityType'
+ requestBody:
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ id:
+ description: >-
+ Identifier of the entity to be deleted, commonly entity.id
+ value.
+ type: string
+ required:
+ - id
+ description: Schema for the deleting entity
+ required: true
+ responses:
+ '200':
+ content:
+ application/json:
+ schema:
+ type: object
+ properties:
+ deleted:
+ type: boolean
+ description: Successful response. Entity deleted.
+ '404':
+ description: Entity Not Found. No entity with this ID and Type exists.
+ '503':
+ description: >-
+ Operation on an uninitialized Engine or in a cluster without CRUD
+ API Enabled
+ summary: Delete an entity in Entity Store
+ tags:
+ - Security Entity Analytics API
put:
description: >
Update or create an entity in Entity Store.
@@ -1042,56 +1091,6 @@ paths:
summary: Upsert an entity in Entity Store
tags:
- Security Entity Analytics API
- /api/entity_store/entities/{entityType}/{entityId}:
- delete:
- description: >
- Delete a single entity in Entity Store.
-
- The entity will be immediately deleted from the latest index. It will
- remain available in historical snapshots if it has been snapshotted.
- The delete operation does not prevent the entity from being recreated if
- it is observed again in the future.
- operationId: DeleteSingleEntity
- parameters:
- - in: path
- name: entityType
- required: true
- schema:
- $ref: '#/components/schemas/EntityType'
- requestBody:
- content:
- application/json:
- schema:
- type: object
- properties:
- id:
- description: >-
- Identifier of the entity to be deleted, commonly entity.id
- value.
- type: string
- required:
- - id
- description: Schema for the deleting entity
- required: true
- responses:
- '200':
- content:
- application/json:
- schema:
- type: object
- properties:
- deleted:
- type: boolean
- description: Successful response. Entity deleted.
- '404':
- description: Entity Not Found. No entity with this ID and Type exists.
- '503':
- description: >-
- Operation on an uninitialized Engine or in a cluster without CRUD
- API Enabled
- summary: Delete an entity in Entity Store
- tags:
- - Security Entity Analytics API
/api/entity_store/entities/bulk:
put:
description: >