diff --git a/.buildkite/pipeline-resource-definitions/kibana-chrome-forward-testing.yml b/.buildkite/pipeline-resource-definitions/kibana-chrome-forward-testing.yml new file mode 100644 index 000000000000..3df81d900f8c --- /dev/null +++ b/.buildkite/pipeline-resource-definitions/kibana-chrome-forward-testing.yml @@ -0,0 +1,53 @@ +# yaml-language-server: $schema=https://gist.githubusercontent.com/elasticmachine/988b80dae436cafea07d9a4a460a011d/raw/rre.schema.json +apiVersion: backstage.io/v1alpha1 +kind: Resource +metadata: + name: bk-kibana-chrome-forward-testing + description: 'Chrome Forward Testing for Kibana' + links: + - url: 'https://buildkite.com/elastic/kibana-chrome-forward-testing' + title: Pipeline link +spec: + type: buildkite-pipeline + system: buildkite + owner: 'group:kibana-operations' + implementation: + apiVersion: buildkite.elastic.dev/v1 + kind: Pipeline + metadata: + name: kibana / chrome forward testing + description: 'Testing Kibana against upcoming versions of Chrome' + spec: + env: + # This is what will switch the FTRs pipeline to use Chrome Beta + USE_CHROME_BETA: 'true' + # Unit-tests don't depend on Chrome's versions, integration tests , so we don't need to run those + LIMIT_CONFIG_TYPE: 'functional' + SLACK_NOTIFICATIONS_CHANNEL: '#kibana-operations-alerts' + ELASTIC_SLACK_NOTIFICATIONS_ENABLED: 'true' + + allow_rebuilds: true + branch_configuration: main + default_branch: main + repository: elastic/kibana + pipeline_file: .buildkite/scripts/pipelines/pull_request/pipeline.sh + skip_intermediate_builds: true + provider_settings: + prefix_pull_request_fork_branch_names: false + skip_pull_request_builds_for_existing_commits: true + trigger_mode: none + teams: + kibana-operations: + access_level: MANAGE_BUILD_AND_READ + appex-qa: + access_level: MANAGE_BUILD_AND_READ + kibana-tech-leads: + access_level: MANAGE_BUILD_AND_READ + everyone: + access_level: BUILD_AND_READ + # Scheduled runs for the pipeline + schedules: + Daily 12 pm UTC: + cronline: 0 12 * * * + message: Daily Chrome Forward Testing + branch: main diff --git a/.buildkite/pipeline-resource-definitions/locations.yml b/.buildkite/pipeline-resource-definitions/locations.yml index 5144982a0627..ab584690ca8d 100644 --- a/.buildkite/pipeline-resource-definitions/locations.yml +++ b/.buildkite/pipeline-resource-definitions/locations.yml @@ -13,6 +13,8 @@ spec: - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-artifacts-snapshot.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-artifacts-staging.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-artifacts-trigger.yml + - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-chrome-forward-testing.yml + - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-codeql.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-coverage-daily.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-es-forward-testing.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-es-serverless-snapshots.yml @@ -26,11 +28,12 @@ spec: - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-on-merge.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-performance-daily.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-performance-data-set-extraction-daily.yml + - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-pointer-compression.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-pr.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-purge-cloud-deployments.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-emergency-release.yml - - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-quality-gates.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-quality-gates-emergency.yml + - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-quality-gates.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-release-testing.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-serverless-release.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/scalability_testing-daily.yml @@ -43,5 +46,3 @@ spec: - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/security-solution-quality-gate/kibana-serverless-security-solution-quality-gate-investigations.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/security-solution-quality-gate/kibana-serverless-security-solution-quality-gate-rule-management.yml - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/trigger-version-dependent-jobs.yml - - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-pointer-compression.yml - - https://github.com/elastic/kibana/blob/main/.buildkite/pipeline-resource-definitions/kibana-codeql.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index e8d82c1388cd..66d55e6b7e7b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1777,6 +1777,7 @@ x-pack/plugins/osquery @elastic/security-defend-workflows /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/components/cloud_security_posture @elastic/fleet @elastic/kibana-cloud-security-posture /x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/single_page_layout/hooks/setup_technology.* @elastic/fleet @elastic/kibana-cloud-security-posture /x-pack/plugins/security_solution/public/cloud_security_posture @elastic/kibana-cloud-security-posture +/x-pack/test/security_solution_cypress/cypress/e2e/explore/hosts/vulnerabilities_contextual_flyout.cy.ts @elastic/kibana-cloud-security-posture # Security Solution onboarding tour /x-pack/plugins/security_solution/public/common/components/guided_onboarding @elastic/security-threat-hunting-explore diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx index 43dbc3a676b6..d56029340aba 100644 --- a/api_docs/actions.mdx +++ b/api_docs/actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions title: "actions" image: https://source.unsplash.com/400x175/?github description: API docs for the actions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions'] --- import actionsObj from './actions.devdocs.json'; diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx index a64c66aa9959..20860883e6ba 100644 --- a/api_docs/advanced_settings.mdx +++ b/api_docs/advanced_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings title: "advancedSettings" image: https://source.unsplash.com/400x175/?github description: API docs for the advancedSettings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings'] --- import advancedSettingsObj from './advanced_settings.devdocs.json'; diff --git a/api_docs/ai_assistant_management_selection.mdx b/api_docs/ai_assistant_management_selection.mdx index 2a799dcf6b77..b5213e8f3e83 100644 --- a/api_docs/ai_assistant_management_selection.mdx +++ b/api_docs/ai_assistant_management_selection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiAssistantManagementSelection title: "aiAssistantManagementSelection" image: https://source.unsplash.com/400x175/?github description: API docs for the aiAssistantManagementSelection plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiAssistantManagementSelection'] --- import aiAssistantManagementSelectionObj from './ai_assistant_management_selection.devdocs.json'; diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx index 7cf00ff640da..fd4957d1c445 100644 --- a/api_docs/aiops.mdx +++ b/api_docs/aiops.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops title: "aiops" image: https://source.unsplash.com/400x175/?github description: API docs for the aiops plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops'] --- import aiopsObj from './aiops.devdocs.json'; diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx index 1e32d80d130c..a043121ca41f 100644 --- a/api_docs/alerting.mdx +++ b/api_docs/alerting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting title: "alerting" image: https://source.unsplash.com/400x175/?github description: API docs for the alerting plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting'] --- import alertingObj from './alerting.devdocs.json'; diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx index 78d56db0c3fe..70f16b5ae466 100644 --- a/api_docs/apm.mdx +++ b/api_docs/apm.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm title: "apm" image: https://source.unsplash.com/400x175/?github description: API docs for the apm plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm'] --- import apmObj from './apm.devdocs.json'; diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx index 4d2f329c67b1..55162b99b8f5 100644 --- a/api_docs/apm_data_access.mdx +++ b/api_docs/apm_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess title: "apmDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the apmDataAccess plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess'] --- import apmDataAccessObj from './apm_data_access.devdocs.json'; diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx index 3e5f11bedf0d..b533e4902cf7 100644 --- a/api_docs/banners.mdx +++ b/api_docs/banners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners title: "banners" image: https://source.unsplash.com/400x175/?github description: API docs for the banners plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners'] --- import bannersObj from './banners.devdocs.json'; diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx index 390c5fcfbb25..53590eab0d56 100644 --- a/api_docs/bfetch.mdx +++ b/api_docs/bfetch.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch title: "bfetch" image: https://source.unsplash.com/400x175/?github description: API docs for the bfetch plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch'] --- import bfetchObj from './bfetch.devdocs.json'; diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx index a06b5f0d7f8a..bb3c833755d0 100644 --- a/api_docs/canvas.mdx +++ b/api_docs/canvas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas title: "canvas" image: https://source.unsplash.com/400x175/?github description: API docs for the canvas plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas'] --- import canvasObj from './canvas.devdocs.json'; diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx index 41f276e28139..625027f9716a 100644 --- a/api_docs/cases.mdx +++ b/api_docs/cases.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases title: "cases" image: https://source.unsplash.com/400x175/?github description: API docs for the cases plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases'] --- import casesObj from './cases.devdocs.json'; diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx index 233d2d55c441..cbb8bf96fc52 100644 --- a/api_docs/charts.mdx +++ b/api_docs/charts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts title: "charts" image: https://source.unsplash.com/400x175/?github description: API docs for the charts plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts'] --- import chartsObj from './charts.devdocs.json'; diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx index 62ee13dfa2d7..f9a711d6e0bf 100644 --- a/api_docs/cloud.mdx +++ b/api_docs/cloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud title: "cloud" image: https://source.unsplash.com/400x175/?github description: API docs for the cloud plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud'] --- import cloudObj from './cloud.devdocs.json'; diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx index 3bc9176721f1..fa67c11a3218 100644 --- a/api_docs/cloud_data_migration.mdx +++ b/api_docs/cloud_data_migration.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration title: "cloudDataMigration" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDataMigration plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration'] --- import cloudDataMigrationObj from './cloud_data_migration.devdocs.json'; diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx index 2d5e0d2850aa..d7fa6638d9f7 100644 --- a/api_docs/cloud_defend.mdx +++ b/api_docs/cloud_defend.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend title: "cloudDefend" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDefend plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend'] --- import cloudDefendObj from './cloud_defend.devdocs.json'; diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx index 12da2b0f06aa..1d84ebd444b6 100644 --- a/api_docs/cloud_security_posture.mdx +++ b/api_docs/cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture title: "cloudSecurityPosture" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudSecurityPosture plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture'] --- import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json'; diff --git a/api_docs/console.mdx b/api_docs/console.mdx index bc34a63729fb..f03556268ac6 100644 --- a/api_docs/console.mdx +++ b/api_docs/console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console title: "console" image: https://source.unsplash.com/400x175/?github description: API docs for the console plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console'] --- import consoleObj from './console.devdocs.json'; diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx index 5f449e784659..54fa54a49ac0 100644 --- a/api_docs/content_management.mdx +++ b/api_docs/content_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement title: "contentManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the contentManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement'] --- import contentManagementObj from './content_management.devdocs.json'; diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx index dddd053640e9..b92a7a543da6 100644 --- a/api_docs/controls.mdx +++ b/api_docs/controls.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls title: "controls" image: https://source.unsplash.com/400x175/?github description: API docs for the controls plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls'] --- import controlsObj from './controls.devdocs.json'; diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx index 4cdaf074294e..7ff9be3ae665 100644 --- a/api_docs/custom_integrations.mdx +++ b/api_docs/custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations title: "customIntegrations" image: https://source.unsplash.com/400x175/?github description: API docs for the customIntegrations plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations'] --- import customIntegrationsObj from './custom_integrations.devdocs.json'; diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx index 284f1c921bcc..f9590d17b2da 100644 --- a/api_docs/dashboard.mdx +++ b/api_docs/dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard title: "dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboard plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard'] --- import dashboardObj from './dashboard.devdocs.json'; diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx index ed86e5aecee7..d050db9f1019 100644 --- a/api_docs/dashboard_enhanced.mdx +++ b/api_docs/dashboard_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced title: "dashboardEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboardEnhanced plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced'] --- import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json'; diff --git a/api_docs/data.mdx b/api_docs/data.mdx index e31b471e96ce..a7652437464c 100644 --- a/api_docs/data.mdx +++ b/api_docs/data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data title: "data" image: https://source.unsplash.com/400x175/?github description: API docs for the data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data'] --- import dataObj from './data.devdocs.json'; diff --git a/api_docs/data_quality.mdx b/api_docs/data_quality.mdx index 7a42a0cfc24e..637a24671ac9 100644 --- a/api_docs/data_quality.mdx +++ b/api_docs/data_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataQuality title: "dataQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the dataQuality plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataQuality'] --- import dataQualityObj from './data_quality.devdocs.json'; diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx index 4df4d7b6e2c1..91bebf9c4b4b 100644 --- a/api_docs/data_query.mdx +++ b/api_docs/data_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query title: "data.query" image: https://source.unsplash.com/400x175/?github description: API docs for the data.query plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query'] --- import dataQueryObj from './data_query.devdocs.json'; diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx index d58ab4aeaa5d..8ea2e1815075 100644 --- a/api_docs/data_search.mdx +++ b/api_docs/data_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search title: "data.search" image: https://source.unsplash.com/400x175/?github description: API docs for the data.search plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search'] --- import dataSearchObj from './data_search.devdocs.json'; diff --git a/api_docs/data_usage.mdx b/api_docs/data_usage.mdx index a172adef631a..306c297e9a5a 100644 --- a/api_docs/data_usage.mdx +++ b/api_docs/data_usage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataUsage title: "dataUsage" image: https://source.unsplash.com/400x175/?github description: API docs for the dataUsage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataUsage'] --- import dataUsageObj from './data_usage.devdocs.json'; diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx index df50945d1be0..9f8acea48def 100644 --- a/api_docs/data_view_editor.mdx +++ b/api_docs/data_view_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor title: "dataViewEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewEditor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor'] --- import dataViewEditorObj from './data_view_editor.devdocs.json'; diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx index 39cea276d52b..95ad0787f1d2 100644 --- a/api_docs/data_view_field_editor.mdx +++ b/api_docs/data_view_field_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor title: "dataViewFieldEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewFieldEditor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor'] --- import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json'; diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx index 814c557ce7da..a643b0d468b6 100644 --- a/api_docs/data_view_management.mdx +++ b/api_docs/data_view_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement title: "dataViewManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement'] --- import dataViewManagementObj from './data_view_management.devdocs.json'; diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx index 3dd815cee9ce..926c0e0839a7 100644 --- a/api_docs/data_views.mdx +++ b/api_docs/data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews title: "dataViews" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViews plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews'] --- import dataViewsObj from './data_views.devdocs.json'; diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx index b2797fd4b421..9381e3d74657 100644 --- a/api_docs/data_visualizer.mdx +++ b/api_docs/data_visualizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer title: "dataVisualizer" image: https://source.unsplash.com/400x175/?github description: API docs for the dataVisualizer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer'] --- import dataVisualizerObj from './data_visualizer.devdocs.json'; diff --git a/api_docs/dataset_quality.devdocs.json b/api_docs/dataset_quality.devdocs.json index 817935610f57..6ab79f43aaa3 100644 --- a/api_docs/dataset_quality.devdocs.json +++ b/api_docs/dataset_quality.devdocs.json @@ -247,6 +247,30 @@ "DatasetQualityRouteHandlerResources", ", { integrations: ({ name: string; } & { title?: string | undefined; version?: string | undefined; icons?: ({ src: string; } & { path?: string | undefined; size?: string | undefined; title?: string | undefined; type?: string | undefined; })[] | undefined; datasets?: { [x: string]: string; } | undefined; })[]; }, ", "DatasetQualityRouteCreateOptions", + ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/degraded_field/{degradedField}/analyze\": ", + { + "pluginId": "@kbn/server-route-repository-utils", + "scope": "common", + "docId": "kibKbnServerRouteRepositoryUtilsPluginApi", + "section": "def-common.ServerRoute", + "text": "ServerRoute" + }, + "<\"GET /internal/dataset_quality/data_streams/{dataStream}/degraded_field/{degradedField}/analyze\", ", + "TypeC", + "<{ path: ", + "TypeC", + "<{ dataStream: ", + "StringC", + "; degradedField: ", + "StringC", + "; }>; query: ", + "TypeC", + "<{ lastBackingIndex: ", + "StringC", + "; }>; }>, ", + "DatasetQualityRouteHandlerResources", + ", { isFieldLimitIssue: boolean; fieldCount: number; totalFieldLimit: number; } & { ignoreMalformed?: boolean | undefined; nestedFieldLimit?: number | undefined; fieldMapping?: { type?: string | undefined; ignore_above?: number | undefined; } | undefined; }, ", + "DatasetQualityRouteCreateOptions", ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/settings\": ", { "pluginId": "@kbn/server-route-repository-utils", @@ -263,7 +287,7 @@ "StringC", "; }>; }>, ", "DatasetQualityRouteHandlerResources", - ", { createdOn?: number | null | undefined; integration?: string | undefined; datasetUserPrivileges?: ({ canMonitor: boolean; } & { canRead: boolean; canViewIntegrations: boolean; }) | undefined; }, ", + ", { lastBackingIndexName: string; } & { createdOn?: number | null | undefined; integration?: string | undefined; datasetUserPrivileges?: ({ canMonitor: boolean; } & { canRead: boolean; canViewIntegrations: boolean; }) | undefined; }, ", "DatasetQualityRouteCreateOptions", ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/details\": ", { @@ -331,7 +355,7 @@ "Type", "; }>; }>, ", "DatasetQualityRouteHandlerResources", - ", { degradedFields: { name: string; count: number; lastOccurrence: number | null; timeSeries: { x: number; y: number; }[]; }[]; }, ", + ", { degradedFields: { name: string; count: number; lastOccurrence: number | null; timeSeries: { x: number; y: number; }[]; indexFieldWasLastPresentIn: string; }[]; }, ", "DatasetQualityRouteCreateOptions", ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/non_aggregatable\": ", { @@ -524,6 +548,30 @@ "DatasetQualityRouteHandlerResources", ", { integrations: ({ name: string; } & { title?: string | undefined; version?: string | undefined; icons?: ({ src: string; } & { path?: string | undefined; size?: string | undefined; title?: string | undefined; type?: string | undefined; })[] | undefined; datasets?: { [x: string]: string; } | undefined; })[]; }, ", "DatasetQualityRouteCreateOptions", + ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/degraded_field/{degradedField}/analyze\": ", + { + "pluginId": "@kbn/server-route-repository-utils", + "scope": "common", + "docId": "kibKbnServerRouteRepositoryUtilsPluginApi", + "section": "def-common.ServerRoute", + "text": "ServerRoute" + }, + "<\"GET /internal/dataset_quality/data_streams/{dataStream}/degraded_field/{degradedField}/analyze\", ", + "TypeC", + "<{ path: ", + "TypeC", + "<{ dataStream: ", + "StringC", + "; degradedField: ", + "StringC", + "; }>; query: ", + "TypeC", + "<{ lastBackingIndex: ", + "StringC", + "; }>; }>, ", + "DatasetQualityRouteHandlerResources", + ", { isFieldLimitIssue: boolean; fieldCount: number; totalFieldLimit: number; } & { ignoreMalformed?: boolean | undefined; nestedFieldLimit?: number | undefined; fieldMapping?: { type?: string | undefined; ignore_above?: number | undefined; } | undefined; }, ", + "DatasetQualityRouteCreateOptions", ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/settings\": ", { "pluginId": "@kbn/server-route-repository-utils", @@ -540,7 +588,7 @@ "StringC", "; }>; }>, ", "DatasetQualityRouteHandlerResources", - ", { createdOn?: number | null | undefined; integration?: string | undefined; datasetUserPrivileges?: ({ canMonitor: boolean; } & { canRead: boolean; canViewIntegrations: boolean; }) | undefined; }, ", + ", { lastBackingIndexName: string; } & { createdOn?: number | null | undefined; integration?: string | undefined; datasetUserPrivileges?: ({ canMonitor: boolean; } & { canRead: boolean; canViewIntegrations: boolean; }) | undefined; }, ", "DatasetQualityRouteCreateOptions", ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/details\": ", { @@ -608,7 +656,7 @@ "Type", "; }>; }>, ", "DatasetQualityRouteHandlerResources", - ", { degradedFields: { name: string; count: number; lastOccurrence: number | null; timeSeries: { x: number; y: number; }[]; }[]; }, ", + ", { degradedFields: { name: string; count: number; lastOccurrence: number | null; timeSeries: { x: number; y: number; }[]; indexFieldWasLastPresentIn: string; }[]; }, ", "DatasetQualityRouteCreateOptions", ">; \"GET /internal/dataset_quality/data_streams/{dataStream}/non_aggregatable\": ", { diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx index 2cfe503e4b55..a2cd0ee48742 100644 --- a/api_docs/dataset_quality.mdx +++ b/api_docs/dataset_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality title: "datasetQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the datasetQuality plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality'] --- import datasetQualityObj from './dataset_quality.devdocs.json'; diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx index 729b0c30a439..60a62994c6e2 100644 --- a/api_docs/deprecations_by_api.mdx +++ b/api_docs/deprecations_by_api.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api title: Deprecated API usage by API description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx index 1db2f2d0ce38..6bb8558a96bc 100644 --- a/api_docs/deprecations_by_plugin.mdx +++ b/api_docs/deprecations_by_plugin.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin title: Deprecated API usage by plugin description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx index 4ec4ec68ea47..548814bd617d 100644 --- a/api_docs/deprecations_by_team.mdx +++ b/api_docs/deprecations_by_team.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam slug: /kibana-dev-docs/api-meta/deprecations-due-by-team title: Deprecated APIs due to be removed, by team description: Lists the teams that are referencing deprecated APIs with a remove by date. -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx index 44ee6a451149..9341a3a54647 100644 --- a/api_docs/dev_tools.mdx +++ b/api_docs/dev_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools title: "devTools" image: https://source.unsplash.com/400x175/?github description: API docs for the devTools plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools'] --- import devToolsObj from './dev_tools.devdocs.json'; diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx index f0db0bd34bcc..f7dd22338aba 100644 --- a/api_docs/discover.mdx +++ b/api_docs/discover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover title: "discover" image: https://source.unsplash.com/400x175/?github description: API docs for the discover plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover'] --- import discoverObj from './discover.devdocs.json'; diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx index 525d999a8d95..0a74498268f0 100644 --- a/api_docs/discover_enhanced.mdx +++ b/api_docs/discover_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced title: "discoverEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverEnhanced plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced'] --- import discoverEnhancedObj from './discover_enhanced.devdocs.json'; diff --git a/api_docs/discover_shared.mdx b/api_docs/discover_shared.mdx index 4a90a2428995..a59e1b941982 100644 --- a/api_docs/discover_shared.mdx +++ b/api_docs/discover_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverShared title: "discoverShared" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverShared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverShared'] --- import discoverSharedObj from './discover_shared.devdocs.json'; diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx index 4303d84b14e4..8828fd30bb3e 100644 --- a/api_docs/ecs_data_quality_dashboard.mdx +++ b/api_docs/ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard title: "ecsDataQualityDashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the ecsDataQualityDashboard plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard'] --- import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx index 0280bbfb271f..1a24dd2d21f3 100644 --- a/api_docs/elastic_assistant.mdx +++ b/api_docs/elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant title: "elasticAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the elasticAssistant plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant'] --- import elasticAssistantObj from './elastic_assistant.devdocs.json'; diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx index 9ff098490007..e1ef54537150 100644 --- a/api_docs/embeddable.mdx +++ b/api_docs/embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable title: "embeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddable plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable'] --- import embeddableObj from './embeddable.devdocs.json'; diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx index d52fdbe1267c..6aac435fdba7 100644 --- a/api_docs/embeddable_enhanced.mdx +++ b/api_docs/embeddable_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced title: "embeddableEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddableEnhanced plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced'] --- import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json'; diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx index 94bd7bc445ef..32d991c5fd8f 100644 --- a/api_docs/encrypted_saved_objects.mdx +++ b/api_docs/encrypted_saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects title: "encryptedSavedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the encryptedSavedObjects plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects'] --- import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json'; diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx index 8057aa2cd564..8c1079871270 100644 --- a/api_docs/enterprise_search.mdx +++ b/api_docs/enterprise_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch title: "enterpriseSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the enterpriseSearch plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch'] --- import enterpriseSearchObj from './enterprise_search.devdocs.json'; diff --git a/api_docs/entities_data_access.mdx b/api_docs/entities_data_access.mdx index 1d372538e522..6637fca0181e 100644 --- a/api_docs/entities_data_access.mdx +++ b/api_docs/entities_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entitiesDataAccess title: "entitiesDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the entitiesDataAccess plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entitiesDataAccess'] --- import entitiesDataAccessObj from './entities_data_access.devdocs.json'; diff --git a/api_docs/entity_manager.mdx b/api_docs/entity_manager.mdx index 990b35fb648a..38e4962ebb7e 100644 --- a/api_docs/entity_manager.mdx +++ b/api_docs/entity_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entityManager title: "entityManager" image: https://source.unsplash.com/400x175/?github description: API docs for the entityManager plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entityManager'] --- import entityManagerObj from './entity_manager.devdocs.json'; diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx index 1bbfb2f76956..88cc420d938e 100644 --- a/api_docs/es_ui_shared.mdx +++ b/api_docs/es_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared title: "esUiShared" image: https://source.unsplash.com/400x175/?github description: API docs for the esUiShared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared'] --- import esUiSharedObj from './es_ui_shared.devdocs.json'; diff --git a/api_docs/esql.mdx b/api_docs/esql.mdx index 48494981242a..9bfcf6602426 100644 --- a/api_docs/esql.mdx +++ b/api_docs/esql.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esql title: "esql" image: https://source.unsplash.com/400x175/?github description: API docs for the esql plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esql'] --- import esqlObj from './esql.devdocs.json'; diff --git a/api_docs/esql_data_grid.mdx b/api_docs/esql_data_grid.mdx index 6e6a4d638b2c..1ef2d183619e 100644 --- a/api_docs/esql_data_grid.mdx +++ b/api_docs/esql_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esqlDataGrid title: "esqlDataGrid" image: https://source.unsplash.com/400x175/?github description: API docs for the esqlDataGrid plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esqlDataGrid'] --- import esqlDataGridObj from './esql_data_grid.devdocs.json'; diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx index 3d9b954f3970..4384355292d2 100644 --- a/api_docs/event_annotation.mdx +++ b/api_docs/event_annotation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation title: "eventAnnotation" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotation plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation'] --- import eventAnnotationObj from './event_annotation.devdocs.json'; diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx index 6ba837632aa4..0761310b28db 100644 --- a/api_docs/event_annotation_listing.mdx +++ b/api_docs/event_annotation_listing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing title: "eventAnnotationListing" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotationListing plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing'] --- import eventAnnotationListingObj from './event_annotation_listing.devdocs.json'; diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx index cb209482ab81..925cd20ff334 100644 --- a/api_docs/event_log.mdx +++ b/api_docs/event_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog title: "eventLog" image: https://source.unsplash.com/400x175/?github description: API docs for the eventLog plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog'] --- import eventLogObj from './event_log.devdocs.json'; diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx index 47aff5f3af9a..2e75cbbd7d80 100644 --- a/api_docs/exploratory_view.mdx +++ b/api_docs/exploratory_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView title: "exploratoryView" image: https://source.unsplash.com/400x175/?github description: API docs for the exploratoryView plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView'] --- import exploratoryViewObj from './exploratory_view.devdocs.json'; diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx index 7a14273a66e8..3f79582aaa77 100644 --- a/api_docs/expression_error.mdx +++ b/api_docs/expression_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError title: "expressionError" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionError plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError'] --- import expressionErrorObj from './expression_error.devdocs.json'; diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx index e26c4af70292..cefe9169aa96 100644 --- a/api_docs/expression_gauge.mdx +++ b/api_docs/expression_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge title: "expressionGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionGauge plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge'] --- import expressionGaugeObj from './expression_gauge.devdocs.json'; diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx index a7674d54f7c0..39c07890816d 100644 --- a/api_docs/expression_heatmap.mdx +++ b/api_docs/expression_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap title: "expressionHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionHeatmap plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap'] --- import expressionHeatmapObj from './expression_heatmap.devdocs.json'; diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx index a00dcb5e7574..6a193f2ecf48 100644 --- a/api_docs/expression_image.mdx +++ b/api_docs/expression_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage title: "expressionImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionImage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage'] --- import expressionImageObj from './expression_image.devdocs.json'; diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx index f84ca7620bbc..6a9ad118682e 100644 --- a/api_docs/expression_legacy_metric_vis.mdx +++ b/api_docs/expression_legacy_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis title: "expressionLegacyMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionLegacyMetricVis plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis'] --- import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json'; diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx index f2adbad2562c..e58bd9b81ffd 100644 --- a/api_docs/expression_metric.mdx +++ b/api_docs/expression_metric.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric title: "expressionMetric" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetric plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric'] --- import expressionMetricObj from './expression_metric.devdocs.json'; diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx index 7ba29c0beb14..193be80a6a3c 100644 --- a/api_docs/expression_metric_vis.mdx +++ b/api_docs/expression_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis title: "expressionMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetricVis plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis'] --- import expressionMetricVisObj from './expression_metric_vis.devdocs.json'; diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx index 340f75a50392..4c23876ee5e7 100644 --- a/api_docs/expression_partition_vis.mdx +++ b/api_docs/expression_partition_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis title: "expressionPartitionVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionPartitionVis plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis'] --- import expressionPartitionVisObj from './expression_partition_vis.devdocs.json'; diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx index 14ea2b7c455b..35d0f14d693e 100644 --- a/api_docs/expression_repeat_image.mdx +++ b/api_docs/expression_repeat_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage title: "expressionRepeatImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRepeatImage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage'] --- import expressionRepeatImageObj from './expression_repeat_image.devdocs.json'; diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx index e3ba508a582d..be3f26a550a7 100644 --- a/api_docs/expression_reveal_image.mdx +++ b/api_docs/expression_reveal_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage title: "expressionRevealImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRevealImage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage'] --- import expressionRevealImageObj from './expression_reveal_image.devdocs.json'; diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx index 55eec3863be0..ae7987bb3288 100644 --- a/api_docs/expression_shape.mdx +++ b/api_docs/expression_shape.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape title: "expressionShape" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionShape plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape'] --- import expressionShapeObj from './expression_shape.devdocs.json'; diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx index 8fd26db8f0e5..569e39703021 100644 --- a/api_docs/expression_tagcloud.mdx +++ b/api_docs/expression_tagcloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud title: "expressionTagcloud" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionTagcloud plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud'] --- import expressionTagcloudObj from './expression_tagcloud.devdocs.json'; diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx index e990ee31de19..e5f9e07423ec 100644 --- a/api_docs/expression_x_y.mdx +++ b/api_docs/expression_x_y.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY title: "expressionXY" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionXY plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY'] --- import expressionXYObj from './expression_x_y.devdocs.json'; diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx index 44a1a8b943ac..c836fbb2098c 100644 --- a/api_docs/expressions.mdx +++ b/api_docs/expressions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions title: "expressions" image: https://source.unsplash.com/400x175/?github description: API docs for the expressions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions'] --- import expressionsObj from './expressions.devdocs.json'; diff --git a/api_docs/features.mdx b/api_docs/features.mdx index 74a97fb68e42..2abc629187d3 100644 --- a/api_docs/features.mdx +++ b/api_docs/features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features title: "features" image: https://source.unsplash.com/400x175/?github description: API docs for the features plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features'] --- import featuresObj from './features.devdocs.json'; diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx index 8a3bda7681d8..4a503e599e61 100644 --- a/api_docs/field_formats.mdx +++ b/api_docs/field_formats.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats title: "fieldFormats" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldFormats plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats'] --- import fieldFormatsObj from './field_formats.devdocs.json'; diff --git a/api_docs/fields_metadata.mdx b/api_docs/fields_metadata.mdx index edfeefb1800f..2e9c817b8a98 100644 --- a/api_docs/fields_metadata.mdx +++ b/api_docs/fields_metadata.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldsMetadata title: "fieldsMetadata" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldsMetadata plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldsMetadata'] --- import fieldsMetadataObj from './fields_metadata.devdocs.json'; diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx index a2586aaff889..58bdd8b478da 100644 --- a/api_docs/file_upload.mdx +++ b/api_docs/file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload title: "fileUpload" image: https://source.unsplash.com/400x175/?github description: API docs for the fileUpload plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload'] --- import fileUploadObj from './file_upload.devdocs.json'; diff --git a/api_docs/files.mdx b/api_docs/files.mdx index f752813dd739..59108ca4fe85 100644 --- a/api_docs/files.mdx +++ b/api_docs/files.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files title: "files" image: https://source.unsplash.com/400x175/?github description: API docs for the files plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files'] --- import filesObj from './files.devdocs.json'; diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx index 5cddc43fcee0..f3306519a738 100644 --- a/api_docs/files_management.mdx +++ b/api_docs/files_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement title: "filesManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the filesManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement'] --- import filesManagementObj from './files_management.devdocs.json'; diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx index 2f4806c2ef2c..0813e0f134b8 100644 --- a/api_docs/fleet.mdx +++ b/api_docs/fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet title: "fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the fleet plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet'] --- import fleetObj from './fleet.devdocs.json'; diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx index 49959a0353c5..8dabf285b642 100644 --- a/api_docs/global_search.mdx +++ b/api_docs/global_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch title: "globalSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the globalSearch plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch'] --- import globalSearchObj from './global_search.devdocs.json'; diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx index 26f6452528dd..50a5944ad6aa 100644 --- a/api_docs/guided_onboarding.mdx +++ b/api_docs/guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding title: "guidedOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the guidedOnboarding plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding'] --- import guidedOnboardingObj from './guided_onboarding.devdocs.json'; diff --git a/api_docs/home.mdx b/api_docs/home.mdx index a4b712e5fecb..c33ef2c975d7 100644 --- a/api_docs/home.mdx +++ b/api_docs/home.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home title: "home" image: https://source.unsplash.com/400x175/?github description: API docs for the home plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home'] --- import homeObj from './home.devdocs.json'; diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx index dc53092e430d..4ab6f5400c67 100644 --- a/api_docs/image_embeddable.mdx +++ b/api_docs/image_embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable title: "imageEmbeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the imageEmbeddable plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable'] --- import imageEmbeddableObj from './image_embeddable.devdocs.json'; diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx index f4555718e2b3..587efefc1b26 100644 --- a/api_docs/index_lifecycle_management.mdx +++ b/api_docs/index_lifecycle_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement title: "indexLifecycleManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexLifecycleManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement'] --- import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json'; diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx index 8abeb2ef8280..059e0774ecc7 100644 --- a/api_docs/index_management.mdx +++ b/api_docs/index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement title: "indexManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement'] --- import indexManagementObj from './index_management.devdocs.json'; diff --git a/api_docs/inference.mdx b/api_docs/inference.mdx index b7a711f2fc48..11fd265859c8 100644 --- a/api_docs/inference.mdx +++ b/api_docs/inference.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inference title: "inference" image: https://source.unsplash.com/400x175/?github description: API docs for the inference plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inference'] --- import inferenceObj from './inference.devdocs.json'; diff --git a/api_docs/infra.devdocs.json b/api_docs/infra.devdocs.json index 45fef4d09c08..550f704efb51 100644 --- a/api_docs/infra.devdocs.json +++ b/api_docs/infra.devdocs.json @@ -272,6 +272,26 @@ "trackAdoption": false, "children": [], "returnComment": [] + }, + { + "parentPluginId": "infra", + "id": "def-server.InfraRequestHandlerContext.entityManager", + "type": "Object", + "tags": [], + "label": "entityManager", + "description": [], + "signature": [ + { + "pluginId": "entityManager", + "scope": "server", + "docId": "kibEntityManagerPluginApi", + "section": "def-server.EntityManagerServerPluginStart", + "text": "EntityManagerServerPluginStart" + } + ], + "path": "x-pack/plugins/observability_solution/infra/server/types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx index 2b271137a770..5bb7ee8008f1 100644 --- a/api_docs/infra.mdx +++ b/api_docs/infra.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra title: "infra" image: https://source.unsplash.com/400x175/?github description: API docs for the infra plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra'] --- import infraObj from './infra.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 23 | 0 | 23 | 5 | +| 24 | 0 | 24 | 5 | ## Client diff --git a/api_docs/ingest_pipelines.mdx b/api_docs/ingest_pipelines.mdx index f28c47b2cff0..6efd12d5db2b 100644 --- a/api_docs/ingest_pipelines.mdx +++ b/api_docs/ingest_pipelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ingestPipelines title: "ingestPipelines" image: https://source.unsplash.com/400x175/?github description: API docs for the ingestPipelines plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ingestPipelines'] --- import ingestPipelinesObj from './ingest_pipelines.devdocs.json'; diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx index 73c2b2f5f1f3..ec1ac65290ec 100644 --- a/api_docs/inspector.mdx +++ b/api_docs/inspector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector title: "inspector" image: https://source.unsplash.com/400x175/?github description: API docs for the inspector plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector'] --- import inspectorObj from './inspector.devdocs.json'; diff --git a/api_docs/integration_assistant.mdx b/api_docs/integration_assistant.mdx index 3c50de589f2e..295db0c7353a 100644 --- a/api_docs/integration_assistant.mdx +++ b/api_docs/integration_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/integrationAssistant title: "integrationAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the integrationAssistant plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'integrationAssistant'] --- import integrationAssistantObj from './integration_assistant.devdocs.json'; diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx index e9d938a736fe..15cb61644e65 100644 --- a/api_docs/interactive_setup.mdx +++ b/api_docs/interactive_setup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup title: "interactiveSetup" image: https://source.unsplash.com/400x175/?github description: API docs for the interactiveSetup plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup'] --- import interactiveSetupObj from './interactive_setup.devdocs.json'; diff --git a/api_docs/inventory.mdx b/api_docs/inventory.mdx index dacc69522337..e26ad4c51d26 100644 --- a/api_docs/inventory.mdx +++ b/api_docs/inventory.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inventory title: "inventory" image: https://source.unsplash.com/400x175/?github description: API docs for the inventory plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inventory'] --- import inventoryObj from './inventory.devdocs.json'; diff --git a/api_docs/investigate.mdx b/api_docs/investigate.mdx index 33632f679b26..b537cf96d5d6 100644 --- a/api_docs/investigate.mdx +++ b/api_docs/investigate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigate title: "investigate" image: https://source.unsplash.com/400x175/?github description: API docs for the investigate plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigate'] --- import investigateObj from './investigate.devdocs.json'; diff --git a/api_docs/investigate_app.devdocs.json b/api_docs/investigate_app.devdocs.json index 87c8a1b67033..7a64341aac33 100644 --- a/api_docs/investigate_app.devdocs.json +++ b/api_docs/investigate_app.devdocs.json @@ -74,6 +74,18 @@ "InvestigateAppRouteHandlerResources", ", { count: Partial>; total: number; }, ", "InvestigateAppRouteCreateOptions", + ">; \"GET /api/observability/investigation/entities 2023-10-31\": ", + { + "pluginId": "@kbn/server-route-repository-utils", + "scope": "common", + "docId": "kibKbnServerRouteRepositoryUtilsPluginApi", + "section": "def-common.ServerRoute", + "text": "ServerRoute" + }, + "<\"GET /api/observability/investigation/entities 2023-10-31\", Zod.ZodObject<{ query: Zod.ZodOptional; 'service.environment': Zod.ZodOptional; 'host.name': Zod.ZodOptional; 'container.id': Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }>>; }, \"strip\", Zod.ZodTypeAny, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }>, ", + "InvestigateAppRouteHandlerResources", + ", { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, ", + "InvestigateAppRouteCreateOptions", ">; \"GET /api/observability/events 2023-10-31\": ", { "pluginId": "@kbn/server-route-repository-utils", diff --git a/api_docs/investigate_app.mdx b/api_docs/investigate_app.mdx index 2135d95473d4..7911a4c02bd5 100644 --- a/api_docs/investigate_app.mdx +++ b/api_docs/investigate_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigateApp title: "investigateApp" image: https://source.unsplash.com/400x175/?github description: API docs for the investigateApp plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigateApp'] --- import investigateAppObj from './investigate_app.devdocs.json'; diff --git a/api_docs/kbn_ace.mdx b/api_docs/kbn_ace.mdx index a443d0942e66..a51ef3337770 100644 --- a/api_docs/kbn_ace.mdx +++ b/api_docs/kbn_ace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ace title: "@kbn/ace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ace plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ace'] --- import kbnAceObj from './kbn_ace.devdocs.json'; diff --git a/api_docs/kbn_actions_types.mdx b/api_docs/kbn_actions_types.mdx index b063620efea7..dd32f491aa3e 100644 --- a/api_docs/kbn_actions_types.mdx +++ b/api_docs/kbn_actions_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-actions-types title: "@kbn/actions-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/actions-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/actions-types'] --- import kbnActionsTypesObj from './kbn_actions_types.devdocs.json'; diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx index d8feef68a524..4c993279cf8e 100644 --- a/api_docs/kbn_aiops_components.mdx +++ b/api_docs/kbn_aiops_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components title: "@kbn/aiops-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components'] --- import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_pattern_analysis.mdx b/api_docs/kbn_aiops_log_pattern_analysis.mdx index 3ca55896d41f..40e2b1921fb9 100644 --- a/api_docs/kbn_aiops_log_pattern_analysis.mdx +++ b/api_docs/kbn_aiops_log_pattern_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-pattern-analysis title: "@kbn/aiops-log-pattern-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-pattern-analysis plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-pattern-analysis'] --- import kbnAiopsLogPatternAnalysisObj from './kbn_aiops_log_pattern_analysis.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_rate_analysis.mdx b/api_docs/kbn_aiops_log_rate_analysis.mdx index 635f5b6a43f3..55027ec743a0 100644 --- a/api_docs/kbn_aiops_log_rate_analysis.mdx +++ b/api_docs/kbn_aiops_log_rate_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-rate-analysis title: "@kbn/aiops-log-rate-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-rate-analysis plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-rate-analysis'] --- import kbnAiopsLogRateAnalysisObj from './kbn_aiops_log_rate_analysis.devdocs.json'; diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx index b68f33aa7307..4e37bddc160a 100644 --- a/api_docs/kbn_alerting_api_integration_helpers.mdx +++ b/api_docs/kbn_alerting_api_integration_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers title: "@kbn/alerting-api-integration-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-api-integration-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers'] --- import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json'; diff --git a/api_docs/kbn_alerting_comparators.mdx b/api_docs/kbn_alerting_comparators.mdx index 5e3cf9549014..61cb6857875d 100644 --- a/api_docs/kbn_alerting_comparators.mdx +++ b/api_docs/kbn_alerting_comparators.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-comparators title: "@kbn/alerting-comparators" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-comparators plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-comparators'] --- import kbnAlertingComparatorsObj from './kbn_alerting_comparators.devdocs.json'; diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx index a58432f003c9..b29ff94f046e 100644 --- a/api_docs/kbn_alerting_state_types.mdx +++ b/api_docs/kbn_alerting_state_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types title: "@kbn/alerting-state-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-state-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types'] --- import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json'; diff --git a/api_docs/kbn_alerting_types.mdx b/api_docs/kbn_alerting_types.mdx index 83b81b144f3a..6c36e3f408ce 100644 --- a/api_docs/kbn_alerting_types.mdx +++ b/api_docs/kbn_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-types title: "@kbn/alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-types'] --- import kbnAlertingTypesObj from './kbn_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx index d4745fe6f494..f4e058d7eddb 100644 --- a/api_docs/kbn_alerts_as_data_utils.mdx +++ b/api_docs/kbn_alerts_as_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils title: "@kbn/alerts-as-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-as-data-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils'] --- import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json'; diff --git a/api_docs/kbn_alerts_grouping.mdx b/api_docs/kbn_alerts_grouping.mdx index de54cdb9aee7..f4d6cc1fcb75 100644 --- a/api_docs/kbn_alerts_grouping.mdx +++ b/api_docs/kbn_alerts_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-grouping title: "@kbn/alerts-grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-grouping plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-grouping'] --- import kbnAlertsGroupingObj from './kbn_alerts_grouping.devdocs.json'; diff --git a/api_docs/kbn_alerts_ui_shared.devdocs.json b/api_docs/kbn_alerts_ui_shared.devdocs.json index b2e1689c762f..c30709ffb3da 100644 --- a/api_docs/kbn_alerts_ui_shared.devdocs.json +++ b/api_docs/kbn_alerts_ui_shared.devdocs.json @@ -3602,6 +3602,20 @@ "path": "packages/kbn-alerts-ui-shared/src/alert_filter_controls/types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "@kbn/alerts-ui-shared", + "id": "def-public.FilterGroupProps.storageKey", + "type": "string", + "tags": [], + "label": "storageKey", + "description": [], + "signature": [ + "string | undefined" + ], + "path": "packages/kbn-alerts-ui-shared/src/alert_filter_controls/types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx index 3fc7fce41b21..a7a739cc261d 100644 --- a/api_docs/kbn_alerts_ui_shared.mdx +++ b/api_docs/kbn_alerts_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared title: "@kbn/alerts-ui-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-ui-shared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared'] --- import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-o | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 317 | 0 | 301 | 8 | +| 318 | 0 | 302 | 8 | ## Client diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx index e4cd4a2677cd..cedd3ce3255c 100644 --- a/api_docs/kbn_analytics.mdx +++ b/api_docs/kbn_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics title: "@kbn/analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics'] --- import kbnAnalyticsObj from './kbn_analytics.devdocs.json'; diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx index da77536b6b2a..4baf9391721d 100644 --- a/api_docs/kbn_analytics_collection_utils.mdx +++ b/api_docs/kbn_analytics_collection_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils title: "@kbn/analytics-collection-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-collection-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils'] --- import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json'; diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx index 3e010184a80d..036e044c9e80 100644 --- a/api_docs/kbn_apm_config_loader.mdx +++ b/api_docs/kbn_apm_config_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader title: "@kbn/apm-config-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-config-loader plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader'] --- import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json'; diff --git a/api_docs/kbn_apm_data_view.mdx b/api_docs/kbn_apm_data_view.mdx index 4f20864f70f7..e2776e306a1d 100644 --- a/api_docs/kbn_apm_data_view.mdx +++ b/api_docs/kbn_apm_data_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-data-view title: "@kbn/apm-data-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-data-view plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-data-view'] --- import kbnApmDataViewObj from './kbn_apm_data_view.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx index d74003c322ff..97e8e06fb824 100644 --- a/api_docs/kbn_apm_synthtrace.mdx +++ b/api_docs/kbn_apm_synthtrace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace title: "@kbn/apm-synthtrace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace'] --- import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx index 8f61abefc2ee..9ef517d0ad9c 100644 --- a/api_docs/kbn_apm_synthtrace_client.mdx +++ b/api_docs/kbn_apm_synthtrace_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client title: "@kbn/apm-synthtrace-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace-client plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client'] --- import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json'; diff --git a/api_docs/kbn_apm_types.mdx b/api_docs/kbn_apm_types.mdx index 2bf08e4dc36b..705bc0b07a33 100644 --- a/api_docs/kbn_apm_types.mdx +++ b/api_docs/kbn_apm_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-types title: "@kbn/apm-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-types'] --- import kbnApmTypesObj from './kbn_apm_types.devdocs.json'; diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx index d542939c0135..16735aa99bfc 100644 --- a/api_docs/kbn_apm_utils.mdx +++ b/api_docs/kbn_apm_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils title: "@kbn/apm-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils'] --- import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json'; diff --git a/api_docs/kbn_avc_banner.mdx b/api_docs/kbn_avc_banner.mdx index 21c100e0280a..3ab2c9c1ce0c 100644 --- a/api_docs/kbn_avc_banner.mdx +++ b/api_docs/kbn_avc_banner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-avc-banner title: "@kbn/avc-banner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/avc-banner plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/avc-banner'] --- import kbnAvcBannerObj from './kbn_avc_banner.devdocs.json'; diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx index ede15e8bc1e0..691997dd7b0b 100644 --- a/api_docs/kbn_axe_config.mdx +++ b/api_docs/kbn_axe_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config title: "@kbn/axe-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/axe-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config'] --- import kbnAxeConfigObj from './kbn_axe_config.devdocs.json'; diff --git a/api_docs/kbn_bfetch_error.mdx b/api_docs/kbn_bfetch_error.mdx index 9c0dd8c2a8af..23d931d773fa 100644 --- a/api_docs/kbn_bfetch_error.mdx +++ b/api_docs/kbn_bfetch_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-bfetch-error title: "@kbn/bfetch-error" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/bfetch-error plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/bfetch-error'] --- import kbnBfetchErrorObj from './kbn_bfetch_error.devdocs.json'; diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx index 544646eb58bb..1ee4785c9f87 100644 --- a/api_docs/kbn_calculate_auto.mdx +++ b/api_docs/kbn_calculate_auto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto title: "@kbn/calculate-auto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-auto plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto'] --- import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json'; diff --git a/api_docs/kbn_calculate_width_from_char_count.mdx b/api_docs/kbn_calculate_width_from_char_count.mdx index fe9060bd7fba..0ce1cb15d193 100644 --- a/api_docs/kbn_calculate_width_from_char_count.mdx +++ b/api_docs/kbn_calculate_width_from_char_count.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-width-from-char-count title: "@kbn/calculate-width-from-char-count" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-width-from-char-count plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-width-from-char-count'] --- import kbnCalculateWidthFromCharCountObj from './kbn_calculate_width_from_char_count.devdocs.json'; diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx index 8ffb8b2e0e16..17abbfc6d416 100644 --- a/api_docs/kbn_cases_components.mdx +++ b/api_docs/kbn_cases_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components title: "@kbn/cases-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cases-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components'] --- import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json'; diff --git a/api_docs/kbn_cbor.mdx b/api_docs/kbn_cbor.mdx index c8e9719340d6..325d8ed0832e 100644 --- a/api_docs/kbn_cbor.mdx +++ b/api_docs/kbn_cbor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cbor title: "@kbn/cbor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cbor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cbor'] --- import kbnCborObj from './kbn_cbor.devdocs.json'; diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx index 6e804fbd93b9..eef8608e787e 100644 --- a/api_docs/kbn_cell_actions.mdx +++ b/api_docs/kbn_cell_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions title: "@kbn/cell-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cell-actions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions'] --- import kbnCellActionsObj from './kbn_cell_actions.devdocs.json'; diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx index efb38723d780..f9e52513846d 100644 --- a/api_docs/kbn_chart_expressions_common.mdx +++ b/api_docs/kbn_chart_expressions_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common title: "@kbn/chart-expressions-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-expressions-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common'] --- import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json'; diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx index 79b5570202c5..139acf1155bb 100644 --- a/api_docs/kbn_chart_icons.mdx +++ b/api_docs/kbn_chart_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons title: "@kbn/chart-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-icons plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons'] --- import kbnChartIconsObj from './kbn_chart_icons.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx index 3c9460ca3947..4cef640fe691 100644 --- a/api_docs/kbn_ci_stats_core.mdx +++ b/api_docs/kbn_ci_stats_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core title: "@kbn/ci-stats-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-core plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core'] --- import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx index e2413ab4a630..897b58ab87b0 100644 --- a/api_docs/kbn_ci_stats_performance_metrics.mdx +++ b/api_docs/kbn_ci_stats_performance_metrics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics title: "@kbn/ci-stats-performance-metrics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-performance-metrics plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics'] --- import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx index 4d9c0ec14fce..2186a922d2ff 100644 --- a/api_docs/kbn_ci_stats_reporter.mdx +++ b/api_docs/kbn_ci_stats_reporter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter title: "@kbn/ci-stats-reporter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-reporter plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter'] --- import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json'; diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx index 2fac095dfb8c..18b245f1b240 100644 --- a/api_docs/kbn_cli_dev_mode.mdx +++ b/api_docs/kbn_cli_dev_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode title: "@kbn/cli-dev-mode" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cli-dev-mode plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode'] --- import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json'; diff --git a/api_docs/kbn_cloud_security_posture.devdocs.json b/api_docs/kbn_cloud_security_posture.devdocs.json index 4282c09f0c9a..f4d09de3a48a 100644 --- a/api_docs/kbn_cloud_security_posture.devdocs.json +++ b/api_docs/kbn_cloud_security_posture.devdocs.json @@ -102,6 +102,100 @@ "returnComment": [], "initialIsOpen": false }, + { + "parentPluginId": "@kbn/cloud-security-posture", + "id": "def-public.getSeverityStatusColor", + "type": "Function", + "tags": [], + "label": "getSeverityStatusColor", + "description": [], + "signature": [ + "(severity: ", + { + "pluginId": "@kbn/cloud-security-posture-common", + "scope": "common", + "docId": "kibKbnCloudSecurityPostureCommonPluginApi", + "section": "def-common.VulnSeverity", + "text": "VulnSeverity" + }, + ") => string" + ], + "path": "x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_colors.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/cloud-security-posture", + "id": "def-public.getSeverityStatusColor.$1", + "type": "CompoundType", + "tags": [], + "label": "severity", + "description": [], + "signature": [ + { + "pluginId": "@kbn/cloud-security-posture-common", + "scope": "common", + "docId": "kibKbnCloudSecurityPostureCommonPluginApi", + "section": "def-common.VulnSeverity", + "text": "VulnSeverity" + } + ], + "path": "x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_colors.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture", + "id": "def-public.getSeverityText", + "type": "Function", + "tags": [], + "label": "getSeverityText", + "description": [], + "signature": [ + "(severity: ", + { + "pluginId": "@kbn/cloud-security-posture-common", + "scope": "common", + "docId": "kibKbnCloudSecurityPostureCommonPluginApi", + "section": "def-common.VulnSeverity", + "text": "VulnSeverity" + }, + ") => string" + ], + "path": "x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/cloud-security-posture", + "id": "def-public.getSeverityText.$1", + "type": "CompoundType", + "tags": [], + "label": "severity", + "description": [], + "signature": [ + { + "pluginId": "@kbn/cloud-security-posture-common", + "scope": "common", + "docId": "kibKbnCloudSecurityPostureCommonPluginApi", + "section": "def-common.VulnSeverity", + "text": "VulnSeverity" + } + ], + "path": "x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/cloud-security-posture", "id": "def-public.showErrorToast", @@ -166,6 +260,36 @@ } ], "interfaces": [ + { + "parentPluginId": "@kbn/cloud-security-posture", + "id": "def-public.CspBaseEsQuery", + "type": "Interface", + "tags": [], + "label": "CspBaseEsQuery", + "description": [], + "path": "x-pack/packages/kbn-cloud-security-posture/type.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/cloud-security-posture", + "id": "def-public.CspBaseEsQuery.query", + "type": "Object", + "tags": [], + "label": "query", + "description": [], + "signature": [ + "{ bool: { filter: ", + "QueryDslQueryContainer", + "[]; }; } | undefined" + ], + "path": "x-pack/packages/kbn-cloud-security-posture/type.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/cloud-security-posture", "id": "def-public.CspClientPluginStartDeps", @@ -671,56 +795,26 @@ }, { "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.MisconfigurationBaseEsQuery", - "type": "Interface", - "tags": [], - "label": "MisconfigurationBaseEsQuery", - "description": [], - "path": "x-pack/packages/kbn-cloud-security-posture/type.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.MisconfigurationBaseEsQuery.query", - "type": "Object", - "tags": [], - "label": "query", - "description": [], - "signature": [ - "{ bool: { filter: ", - "QueryDslQueryContainer", - "[]; }; } | undefined" - ], - "path": "x-pack/packages/kbn-cloud-security-posture/type.ts", - "deprecated": false, - "trackAdoption": false - } - ], - "initialIsOpen": false - }, - { - "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.UseMisconfigurationOptions", + "id": "def-public.UseCspOptions", "type": "Interface", "tags": [], - "label": "UseMisconfigurationOptions", + "label": "UseCspOptions", "description": [], "signature": [ { "pluginId": "@kbn/cloud-security-posture", "scope": "public", "docId": "kibKbnCloudSecurityPosturePluginApi", - "section": "def-public.UseMisconfigurationOptions", - "text": "UseMisconfigurationOptions" + "section": "def-public.UseCspOptions", + "text": "UseCspOptions" }, " extends ", { "pluginId": "@kbn/cloud-security-posture", "scope": "public", "docId": "kibKbnCloudSecurityPosturePluginApi", - "section": "def-public.MisconfigurationBaseEsQuery", - "text": "MisconfigurationBaseEsQuery" + "section": "def-public.CspBaseEsQuery", + "text": "CspBaseEsQuery" } ], "path": "x-pack/packages/kbn-cloud-security-posture/type.ts", @@ -729,7 +823,7 @@ "children": [ { "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.UseMisconfigurationOptions.sort", + "id": "def-public.UseCspOptions.sort", "type": "Array", "tags": [], "label": "sort", @@ -743,7 +837,7 @@ }, { "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.UseMisconfigurationOptions.enabled", + "id": "def-public.UseCspOptions.enabled", "type": "boolean", "tags": [], "label": "enabled", @@ -754,7 +848,7 @@ }, { "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.UseMisconfigurationOptions.pageSize", + "id": "def-public.UseCspOptions.pageSize", "type": "number", "tags": [], "label": "pageSize", @@ -765,7 +859,7 @@ }, { "parentPluginId": "@kbn/cloud-security-posture", - "id": "def-public.UseMisconfigurationOptions.ignore_unavailable", + "id": "def-public.UseCspOptions.ignore_unavailable", "type": "CompoundType", "tags": [], "label": "ignore_unavailable", diff --git a/api_docs/kbn_cloud_security_posture.mdx b/api_docs/kbn_cloud_security_posture.mdx index 03823f8792ba..64d5bb547e2c 100644 --- a/api_docs/kbn_cloud_security_posture.mdx +++ b/api_docs/kbn_cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture title: "@kbn/cloud-security-posture" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cloud-security-posture plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture'] --- import kbnCloudSecurityPostureObj from './kbn_cloud_security_posture.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 74 | 1 | 74 | 0 | +| 78 | 1 | 78 | 0 | ## Client diff --git a/api_docs/kbn_cloud_security_posture_common.devdocs.json b/api_docs/kbn_cloud_security_posture_common.devdocs.json index 4a9fcaef28d0..861cdce4d1a8 100644 --- a/api_docs/kbn_cloud_security_posture_common.devdocs.json +++ b/api_docs/kbn_cloud_security_posture_common.devdocs.json @@ -135,7 +135,7 @@ "label": "buildEntityFlyoutPreviewQuery", "description": [], "signature": [ - "(field: string, queryValue?: string | undefined) => { bool: { filter: { bool: { should: { term: { [x: string]: { value: string; }; }; }[]; minimum_should_match: number; }; }[]; }; }" + "(field: string, queryValue?: string | undefined) => { bool: { filter: { bool: { should: { term: { [x: string]: string; }; }[]; minimum_should_match: number; }; }[]; }; }" ], "path": "x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.ts", "deprecated": false, @@ -658,6 +658,20 @@ "deprecated": false, "trackAdoption": false }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspFinding.observer", + "type": "Object", + "tags": [], + "label": "observer", + "description": [], + "signature": [ + "EcsObserver" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/types/findings.ts", + "deprecated": false, + "trackAdoption": false + }, { "parentPluginId": "@kbn/cloud-security-posture-common", "id": "def-common.CspFinding.agent", @@ -745,6 +759,185 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding", + "type": "Interface", + "tags": [], + "label": "CspVulnerabilityFinding", + "description": [], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.timestamp", + "type": "string", + "tags": [], + "label": "'@timestamp'", + "description": [], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.resource", + "type": "Object", + "tags": [], + "label": "resource", + "description": [], + "signature": [ + "{ id: string; name: string; } | undefined" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.event", + "type": "Object", + "tags": [], + "label": "event", + "description": [], + "signature": [ + "EcsEvent" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.vulnerability", + "type": "Object", + "tags": [], + "label": "vulnerability", + "description": [], + "signature": [ + "Vulnerability" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.ecs", + "type": "Object", + "tags": [], + "label": "ecs", + "description": [], + "signature": [ + "{ version: string; }" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.host", + "type": "Object", + "tags": [], + "label": "host", + "description": [], + "signature": [ + "{ os: { name: string; kernel: string; codename: string; type: string; platform: string; version: string; family: string; }; id: string; name: string; containerized: boolean; ip: string[]; mac: string[]; hostname: string; architecture: string; }" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.agent", + "type": "Object", + "tags": [], + "label": "agent", + "description": [], + "signature": [ + "{ ephemeral_id: string; id: string; name: string; type: string; version: string; }" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.cloud", + "type": "Object", + "tags": [], + "label": "cloud", + "description": [], + "signature": [ + "{ image?: { id: string; } | undefined; provider?: string | undefined; instance?: { id: string; } | undefined; machine?: { type: string; } | undefined; region: string; availability_zone?: string | undefined; service?: { name: string; } | undefined; account?: { id: string; } | undefined; }" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.cloudbeat", + "type": "Object", + "tags": [], + "label": "cloudbeat", + "description": [], + "signature": [ + "{ version: string; commit_sha: string; commit_time: string; }" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.package", + "type": "Object", + "tags": [], + "label": "package", + "description": [], + "signature": [ + "{ version?: string | undefined; name?: string | undefined; fixed_version?: string | undefined; }" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.data_stream", + "type": "Object", + "tags": [], + "label": "data_stream", + "description": [], + "signature": [ + "EcsDataStream" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.CspVulnerabilityFinding.observer", + "type": "Object", + "tags": [], + "label": "observer", + "description": [], + "signature": [ + "EcsObserver" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/cloud-security-posture-common", "id": "def-common.IndexDetails", @@ -1150,6 +1343,91 @@ "initialIsOpen": false } ], - "objects": [] + "objects": [ + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.VULNERABILITIES_SEVERITY", + "type": "Object", + "tags": [], + "label": "VULNERABILITIES_SEVERITY", + "description": [], + "path": "x-pack/packages/kbn-cloud-security-posture-common/constants.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.VULNERABILITIES_SEVERITY.LOW", + "type": "string", + "tags": [], + "label": "LOW", + "description": [], + "signature": [ + "\"LOW\"" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.VULNERABILITIES_SEVERITY.MEDIUM", + "type": "string", + "tags": [], + "label": "MEDIUM", + "description": [], + "signature": [ + "\"MEDIUM\"" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.VULNERABILITIES_SEVERITY.HIGH", + "type": "string", + "tags": [], + "label": "HIGH", + "description": [], + "signature": [ + "\"HIGH\"" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.VULNERABILITIES_SEVERITY.CRITICAL", + "type": "string", + "tags": [], + "label": "CRITICAL", + "description": [], + "signature": [ + "\"CRITICAL\"" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/constants.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/cloud-security-posture-common", + "id": "def-common.VULNERABILITIES_SEVERITY.UNKNOWN", + "type": "string", + "tags": [], + "label": "UNKNOWN", + "description": [], + "signature": [ + "\"UNKNOWN\"" + ], + "path": "x-pack/packages/kbn-cloud-security-posture-common/constants.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + } + ] } } \ No newline at end of file diff --git a/api_docs/kbn_cloud_security_posture_common.mdx b/api_docs/kbn_cloud_security_posture_common.mdx index bfd3788b8ffb..b31eeec45ad3 100644 --- a/api_docs/kbn_cloud_security_posture_common.mdx +++ b/api_docs/kbn_cloud_security_posture_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture-common title: "@kbn/cloud-security-posture-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cloud-security-posture-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture-common'] --- import kbnCloudSecurityPostureCommonObj from './kbn_cloud_security_posture_common.devdocs.json'; @@ -21,10 +21,13 @@ Contact [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 74 | 0 | 72 | 0 | +| 94 | 0 | 92 | 1 | ## Common +### Objects + + ### Functions diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx index f5aab040c163..d1173c6729c7 100644 --- a/api_docs/kbn_code_editor.mdx +++ b/api_docs/kbn_code_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor title: "@kbn/code-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor'] --- import kbnCodeEditorObj from './kbn_code_editor.devdocs.json'; diff --git a/api_docs/kbn_code_editor_mock.mdx b/api_docs/kbn_code_editor_mock.mdx index 9ba0851cceac..737130c767bc 100644 --- a/api_docs/kbn_code_editor_mock.mdx +++ b/api_docs/kbn_code_editor_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor-mock title: "@kbn/code-editor-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor-mock plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor-mock'] --- import kbnCodeEditorMockObj from './kbn_code_editor_mock.devdocs.json'; diff --git a/api_docs/kbn_code_owners.mdx b/api_docs/kbn_code_owners.mdx index c35c11dc7328..fffbad9363e7 100644 --- a/api_docs/kbn_code_owners.mdx +++ b/api_docs/kbn_code_owners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-owners title: "@kbn/code-owners" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-owners plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-owners'] --- import kbnCodeOwnersObj from './kbn_code_owners.devdocs.json'; diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx index 962fb22b4b23..b67775f9b111 100644 --- a/api_docs/kbn_coloring.mdx +++ b/api_docs/kbn_coloring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring title: "@kbn/coloring" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/coloring plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring'] --- import kbnColoringObj from './kbn_coloring.devdocs.json'; diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx index 15426291751f..dac435d3be58 100644 --- a/api_docs/kbn_config.mdx +++ b/api_docs/kbn_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config title: "@kbn/config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config'] --- import kbnConfigObj from './kbn_config.devdocs.json'; diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx index 45cd45af1b38..9815387cd62f 100644 --- a/api_docs/kbn_config_mocks.mdx +++ b/api_docs/kbn_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks title: "@kbn/config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks'] --- import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx index 706b2a398ed6..004485b6368f 100644 --- a/api_docs/kbn_config_schema.mdx +++ b/api_docs/kbn_config_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema title: "@kbn/config-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-schema plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema'] --- import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx index 98ef8012c174..90591465de76 100644 --- a/api_docs/kbn_content_management_content_editor.mdx +++ b/api_docs/kbn_content_management_content_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor title: "@kbn/content-management-content-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-editor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor'] --- import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_insights_public.mdx b/api_docs/kbn_content_management_content_insights_public.mdx index 6e946201cf40..899c4e751a0c 100644 --- a/api_docs/kbn_content_management_content_insights_public.mdx +++ b/api_docs/kbn_content_management_content_insights_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-public title: "@kbn/content-management-content-insights-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-insights-public plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-public'] --- import kbnContentManagementContentInsightsPublicObj from './kbn_content_management_content_insights_public.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_insights_server.mdx b/api_docs/kbn_content_management_content_insights_server.mdx index e87e6f28b138..ac6008407b9d 100644 --- a/api_docs/kbn_content_management_content_insights_server.mdx +++ b/api_docs/kbn_content_management_content_insights_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-server title: "@kbn/content-management-content-insights-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-insights-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-server'] --- import kbnContentManagementContentInsightsServerObj from './kbn_content_management_content_insights_server.devdocs.json'; diff --git a/api_docs/kbn_content_management_favorites_public.mdx b/api_docs/kbn_content_management_favorites_public.mdx index 019db568d5bc..c1074de232e1 100644 --- a/api_docs/kbn_content_management_favorites_public.mdx +++ b/api_docs/kbn_content_management_favorites_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-public title: "@kbn/content-management-favorites-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-favorites-public plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-public'] --- import kbnContentManagementFavoritesPublicObj from './kbn_content_management_favorites_public.devdocs.json'; diff --git a/api_docs/kbn_content_management_favorites_server.mdx b/api_docs/kbn_content_management_favorites_server.mdx index 308069c689e9..5907f161e7eb 100644 --- a/api_docs/kbn_content_management_favorites_server.mdx +++ b/api_docs/kbn_content_management_favorites_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-server title: "@kbn/content-management-favorites-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-favorites-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-server'] --- import kbnContentManagementFavoritesServerObj from './kbn_content_management_favorites_server.devdocs.json'; diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx index 78cb265b8bb8..cd18ba4944b1 100644 --- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx +++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view title: "@kbn/content-management-tabbed-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-tabbed-table-list-view plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view'] --- import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx index 794ee1283340..12294535dcc0 100644 --- a/api_docs/kbn_content_management_table_list_view.mdx +++ b/api_docs/kbn_content_management_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view title: "@kbn/content-management-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view'] --- import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_common.mdx b/api_docs/kbn_content_management_table_list_view_common.mdx index 24ab99bd7a27..c9d3ff9cadea 100644 --- a/api_docs/kbn_content_management_table_list_view_common.mdx +++ b/api_docs/kbn_content_management_table_list_view_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-common title: "@kbn/content-management-table-list-view-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-common'] --- import kbnContentManagementTableListViewCommonObj from './kbn_content_management_table_list_view_common.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx index 132639002121..e7693e671493 100644 --- a/api_docs/kbn_content_management_table_list_view_table.mdx +++ b/api_docs/kbn_content_management_table_list_view_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table title: "@kbn/content-management-table-list-view-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-table plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table'] --- import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json'; diff --git a/api_docs/kbn_content_management_user_profiles.mdx b/api_docs/kbn_content_management_user_profiles.mdx index d5101770dd05..f56d19c9d66f 100644 --- a/api_docs/kbn_content_management_user_profiles.mdx +++ b/api_docs/kbn_content_management_user_profiles.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-user-profiles title: "@kbn/content-management-user-profiles" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-user-profiles plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-user-profiles'] --- import kbnContentManagementUserProfilesObj from './kbn_content_management_user_profiles.devdocs.json'; diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx index 05570050dbde..10fef036b9ec 100644 --- a/api_docs/kbn_content_management_utils.mdx +++ b/api_docs/kbn_content_management_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils title: "@kbn/content-management-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils'] --- import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx index 64c049381944..7a7296e7c0be 100644 --- a/api_docs/kbn_core_analytics_browser.mdx +++ b/api_docs/kbn_core_analytics_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser title: "@kbn/core-analytics-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser'] --- import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx index d4b83d4050f2..942b36b4fe22 100644 --- a/api_docs/kbn_core_analytics_browser_internal.mdx +++ b/api_docs/kbn_core_analytics_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal title: "@kbn/core-analytics-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal'] --- import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx index 365ad8ccb843..699a9b6dac35 100644 --- a/api_docs/kbn_core_analytics_browser_mocks.mdx +++ b/api_docs/kbn_core_analytics_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks title: "@kbn/core-analytics-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks'] --- import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx index cff796f4eac3..00f6f8905067 100644 --- a/api_docs/kbn_core_analytics_server.mdx +++ b/api_docs/kbn_core_analytics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server title: "@kbn/core-analytics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server'] --- import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx index 6becc15e9cb4..dffeabd111c4 100644 --- a/api_docs/kbn_core_analytics_server_internal.mdx +++ b/api_docs/kbn_core_analytics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal title: "@kbn/core-analytics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal'] --- import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx index ca729867ce02..2379bd10d3f6 100644 --- a/api_docs/kbn_core_analytics_server_mocks.mdx +++ b/api_docs/kbn_core_analytics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks title: "@kbn/core-analytics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks'] --- import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx index e9ee5a63d3ae..310689c5240f 100644 --- a/api_docs/kbn_core_application_browser.mdx +++ b/api_docs/kbn_core_application_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser title: "@kbn/core-application-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser'] --- import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx index 5496fcd17eda..d7f0f1d44564 100644 --- a/api_docs/kbn_core_application_browser_internal.mdx +++ b/api_docs/kbn_core_application_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal title: "@kbn/core-application-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal'] --- import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx index a0472992db61..edbcb3127552 100644 --- a/api_docs/kbn_core_application_browser_mocks.mdx +++ b/api_docs/kbn_core_application_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks title: "@kbn/core-application-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks'] --- import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx index d9c4aeb32050..72c763674bdd 100644 --- a/api_docs/kbn_core_application_common.mdx +++ b/api_docs/kbn_core_application_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common title: "@kbn/core-application-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common'] --- import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx index 0af75312eb65..1c123711288a 100644 --- a/api_docs/kbn_core_apps_browser_internal.mdx +++ b/api_docs/kbn_core_apps_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal title: "@kbn/core-apps-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal'] --- import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx index d039329a7b27..783897755745 100644 --- a/api_docs/kbn_core_apps_browser_mocks.mdx +++ b/api_docs/kbn_core_apps_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks title: "@kbn/core-apps-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks'] --- import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx index 21a270476848..131c64780183 100644 --- a/api_docs/kbn_core_apps_server_internal.mdx +++ b/api_docs/kbn_core_apps_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal title: "@kbn/core-apps-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal'] --- import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx index c244e9e83830..547d2eec0b89 100644 --- a/api_docs/kbn_core_base_browser_mocks.mdx +++ b/api_docs/kbn_core_base_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks title: "@kbn/core-base-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks'] --- import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx index 1890d5b7c96a..e78d8574aee4 100644 --- a/api_docs/kbn_core_base_common.mdx +++ b/api_docs/kbn_core_base_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common title: "@kbn/core-base-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common'] --- import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx index fc25d6f543ea..b3aeb2c6bbb8 100644 --- a/api_docs/kbn_core_base_server_internal.mdx +++ b/api_docs/kbn_core_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal title: "@kbn/core-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal'] --- import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx index e0b81abc17cb..c07364ccdc66 100644 --- a/api_docs/kbn_core_base_server_mocks.mdx +++ b/api_docs/kbn_core_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks title: "@kbn/core-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks'] --- import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx index 04e404b09c19..6f946998bcb1 100644 --- a/api_docs/kbn_core_capabilities_browser_mocks.mdx +++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks title: "@kbn/core-capabilities-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks'] --- import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx index 6dd424f7ce75..d26c8113c9b9 100644 --- a/api_docs/kbn_core_capabilities_common.mdx +++ b/api_docs/kbn_core_capabilities_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common title: "@kbn/core-capabilities-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common'] --- import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx index 81c58804a336..24123bb36691 100644 --- a/api_docs/kbn_core_capabilities_server.mdx +++ b/api_docs/kbn_core_capabilities_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server title: "@kbn/core-capabilities-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server'] --- import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx index cb58a7e4f130..2d9dd7bbddba 100644 --- a/api_docs/kbn_core_capabilities_server_mocks.mdx +++ b/api_docs/kbn_core_capabilities_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks title: "@kbn/core-capabilities-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks'] --- import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx index 0690744ef364..59440f289675 100644 --- a/api_docs/kbn_core_chrome_browser.mdx +++ b/api_docs/kbn_core_chrome_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser title: "@kbn/core-chrome-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser'] --- import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx index 811567028ccb..d324c54b01d6 100644 --- a/api_docs/kbn_core_chrome_browser_mocks.mdx +++ b/api_docs/kbn_core_chrome_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks title: "@kbn/core-chrome-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks'] --- import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx index 41b284b83581..e2d48459ccd5 100644 --- a/api_docs/kbn_core_config_server_internal.mdx +++ b/api_docs/kbn_core_config_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal title: "@kbn/core-config-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-config-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal'] --- import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx index e0825768b65f..a735805a7bb2 100644 --- a/api_docs/kbn_core_custom_branding_browser.mdx +++ b/api_docs/kbn_core_custom_branding_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser title: "@kbn/core-custom-branding-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser'] --- import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx index 94d481f7ed4b..66a265c75685 100644 --- a/api_docs/kbn_core_custom_branding_browser_internal.mdx +++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal title: "@kbn/core-custom-branding-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal'] --- import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx index 3a6db03cd546..2598fb041321 100644 --- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks title: "@kbn/core-custom-branding-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks'] --- import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx index 084688849c96..deb49fae2183 100644 --- a/api_docs/kbn_core_custom_branding_common.mdx +++ b/api_docs/kbn_core_custom_branding_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common title: "@kbn/core-custom-branding-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common'] --- import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx index 01c9441a9bf3..e1eaad7a9e52 100644 --- a/api_docs/kbn_core_custom_branding_server.mdx +++ b/api_docs/kbn_core_custom_branding_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server title: "@kbn/core-custom-branding-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server'] --- import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx index 43669e9953c1..cbee05730fa2 100644 --- a/api_docs/kbn_core_custom_branding_server_internal.mdx +++ b/api_docs/kbn_core_custom_branding_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal title: "@kbn/core-custom-branding-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal'] --- import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx index 954001b10797..503a12c714ff 100644 --- a/api_docs/kbn_core_custom_branding_server_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks title: "@kbn/core-custom-branding-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks'] --- import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx index 18c0f287ca31..f310414aa596 100644 --- a/api_docs/kbn_core_deprecations_browser.mdx +++ b/api_docs/kbn_core_deprecations_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser title: "@kbn/core-deprecations-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser'] --- import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx index 4f523d89a974..e105c7f3670e 100644 --- a/api_docs/kbn_core_deprecations_browser_internal.mdx +++ b/api_docs/kbn_core_deprecations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal title: "@kbn/core-deprecations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal'] --- import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx index 46a991f918b1..3fa52d84af85 100644 --- a/api_docs/kbn_core_deprecations_browser_mocks.mdx +++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks title: "@kbn/core-deprecations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks'] --- import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx index 7b938552a9c7..5172d723fbb1 100644 --- a/api_docs/kbn_core_deprecations_common.mdx +++ b/api_docs/kbn_core_deprecations_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common title: "@kbn/core-deprecations-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common'] --- import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx index 764229fa6505..c939f7141b91 100644 --- a/api_docs/kbn_core_deprecations_server.mdx +++ b/api_docs/kbn_core_deprecations_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server title: "@kbn/core-deprecations-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server'] --- import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx index 21aebf7ac709..4f4eda9eb5ee 100644 --- a/api_docs/kbn_core_deprecations_server_internal.mdx +++ b/api_docs/kbn_core_deprecations_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal title: "@kbn/core-deprecations-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal'] --- import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx index be38bf55aaf5..3df364c548f1 100644 --- a/api_docs/kbn_core_deprecations_server_mocks.mdx +++ b/api_docs/kbn_core_deprecations_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks title: "@kbn/core-deprecations-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks'] --- import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx index 6f0de990f262..92bc37909d20 100644 --- a/api_docs/kbn_core_doc_links_browser.mdx +++ b/api_docs/kbn_core_doc_links_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser title: "@kbn/core-doc-links-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser'] --- import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx index c5c3e3beaf65..24f64af5583c 100644 --- a/api_docs/kbn_core_doc_links_browser_mocks.mdx +++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks title: "@kbn/core-doc-links-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks'] --- import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx index b78c773d9e51..c284b3348936 100644 --- a/api_docs/kbn_core_doc_links_server.mdx +++ b/api_docs/kbn_core_doc_links_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server title: "@kbn/core-doc-links-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server'] --- import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx index dd282cecb8fc..d97447a0bdc0 100644 --- a/api_docs/kbn_core_doc_links_server_mocks.mdx +++ b/api_docs/kbn_core_doc_links_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks title: "@kbn/core-doc-links-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks'] --- import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx index 708346a339d0..905f8609b862 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal title: "@kbn/core-elasticsearch-client-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal'] --- import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx index 660a94683c45..1da6c1a7c583 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks title: "@kbn/core-elasticsearch-client-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks'] --- import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx index c7456856956b..327ac088d4eb 100644 --- a/api_docs/kbn_core_elasticsearch_server.mdx +++ b/api_docs/kbn_core_elasticsearch_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server title: "@kbn/core-elasticsearch-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server'] --- import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx index a4d15e84a1bd..6d7c6ef97853 100644 --- a/api_docs/kbn_core_elasticsearch_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal title: "@kbn/core-elasticsearch-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal'] --- import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx index 24f437a4f095..d087e91e6719 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks title: "@kbn/core-elasticsearch-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks'] --- import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx index a08c18e805db..91ce03b6e794 100644 --- a/api_docs/kbn_core_environment_server_internal.mdx +++ b/api_docs/kbn_core_environment_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal title: "@kbn/core-environment-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal'] --- import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx index 1f7594d1603f..79cf70deb0e9 100644 --- a/api_docs/kbn_core_environment_server_mocks.mdx +++ b/api_docs/kbn_core_environment_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks title: "@kbn/core-environment-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks'] --- import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx index 43b267795b39..c89db848e47f 100644 --- a/api_docs/kbn_core_execution_context_browser.mdx +++ b/api_docs/kbn_core_execution_context_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser title: "@kbn/core-execution-context-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser'] --- import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx index 738f72b06651..d2f68c125a84 100644 --- a/api_docs/kbn_core_execution_context_browser_internal.mdx +++ b/api_docs/kbn_core_execution_context_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal title: "@kbn/core-execution-context-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal'] --- import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx index 99a18af5719b..0b1f343b3856 100644 --- a/api_docs/kbn_core_execution_context_browser_mocks.mdx +++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks title: "@kbn/core-execution-context-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks'] --- import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx index bd848cef0f03..02a491631c0a 100644 --- a/api_docs/kbn_core_execution_context_common.mdx +++ b/api_docs/kbn_core_execution_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common title: "@kbn/core-execution-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common'] --- import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx index fd82893c6bee..6a438281fc64 100644 --- a/api_docs/kbn_core_execution_context_server.mdx +++ b/api_docs/kbn_core_execution_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server title: "@kbn/core-execution-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server'] --- import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx index 57aff1e80a24..c42f30446a82 100644 --- a/api_docs/kbn_core_execution_context_server_internal.mdx +++ b/api_docs/kbn_core_execution_context_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal title: "@kbn/core-execution-context-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal'] --- import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx index 9f691b8ed8ab..860405a9330d 100644 --- a/api_docs/kbn_core_execution_context_server_mocks.mdx +++ b/api_docs/kbn_core_execution_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks title: "@kbn/core-execution-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks'] --- import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx index 94f9a43fdf00..df108713def3 100644 --- a/api_docs/kbn_core_fatal_errors_browser.mdx +++ b/api_docs/kbn_core_fatal_errors_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser title: "@kbn/core-fatal-errors-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser'] --- import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx index 7723943c00ad..10485d13deaa 100644 --- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx +++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks title: "@kbn/core-fatal-errors-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks'] --- import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser.mdx b/api_docs/kbn_core_feature_flags_browser.mdx index 1be95bd79915..7fe1df40e8e2 100644 --- a/api_docs/kbn_core_feature_flags_browser.mdx +++ b/api_docs/kbn_core_feature_flags_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser title: "@kbn/core-feature-flags-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser'] --- import kbnCoreFeatureFlagsBrowserObj from './kbn_core_feature_flags_browser.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser_internal.mdx b/api_docs/kbn_core_feature_flags_browser_internal.mdx index 8a8ab1fdb268..356aa5dc2d22 100644 --- a/api_docs/kbn_core_feature_flags_browser_internal.mdx +++ b/api_docs/kbn_core_feature_flags_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-internal title: "@kbn/core-feature-flags-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-internal'] --- import kbnCoreFeatureFlagsBrowserInternalObj from './kbn_core_feature_flags_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser_mocks.mdx b/api_docs/kbn_core_feature_flags_browser_mocks.mdx index 7ea500bb4b61..94dc081a185e 100644 --- a/api_docs/kbn_core_feature_flags_browser_mocks.mdx +++ b/api_docs/kbn_core_feature_flags_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-mocks title: "@kbn/core-feature-flags-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-mocks'] --- import kbnCoreFeatureFlagsBrowserMocksObj from './kbn_core_feature_flags_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server.mdx b/api_docs/kbn_core_feature_flags_server.mdx index 9459c8d38bc5..34e1d517a33f 100644 --- a/api_docs/kbn_core_feature_flags_server.mdx +++ b/api_docs/kbn_core_feature_flags_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server title: "@kbn/core-feature-flags-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server'] --- import kbnCoreFeatureFlagsServerObj from './kbn_core_feature_flags_server.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server_internal.mdx b/api_docs/kbn_core_feature_flags_server_internal.mdx index 3caad023b417..4e069ec776f7 100644 --- a/api_docs/kbn_core_feature_flags_server_internal.mdx +++ b/api_docs/kbn_core_feature_flags_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-internal title: "@kbn/core-feature-flags-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-internal'] --- import kbnCoreFeatureFlagsServerInternalObj from './kbn_core_feature_flags_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server_mocks.mdx b/api_docs/kbn_core_feature_flags_server_mocks.mdx index 4d0d484ee25d..fc12aa3c5bfe 100644 --- a/api_docs/kbn_core_feature_flags_server_mocks.mdx +++ b/api_docs/kbn_core_feature_flags_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-mocks title: "@kbn/core-feature-flags-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-mocks'] --- import kbnCoreFeatureFlagsServerMocksObj from './kbn_core_feature_flags_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx index acecc654ad75..30e62dc90363 100644 --- a/api_docs/kbn_core_http_browser.mdx +++ b/api_docs/kbn_core_http_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser title: "@kbn/core-http-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser'] --- import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx index f09fbbdf9063..d20a977d16ae 100644 --- a/api_docs/kbn_core_http_browser_internal.mdx +++ b/api_docs/kbn_core_http_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal title: "@kbn/core-http-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal'] --- import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx index a6354b382d77..d44f11d487f0 100644 --- a/api_docs/kbn_core_http_browser_mocks.mdx +++ b/api_docs/kbn_core_http_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks title: "@kbn/core-http-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks'] --- import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx index 53ae019cd67f..3b620a2e67a6 100644 --- a/api_docs/kbn_core_http_common.mdx +++ b/api_docs/kbn_core_http_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common title: "@kbn/core-http-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common'] --- import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json'; diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx index 1a5710cda5d6..031f5e455a58 100644 --- a/api_docs/kbn_core_http_context_server_mocks.mdx +++ b/api_docs/kbn_core_http_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks title: "@kbn/core-http-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-context-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks'] --- import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx index b370911f6fa7..325b141c4145 100644 --- a/api_docs/kbn_core_http_request_handler_context_server.mdx +++ b/api_docs/kbn_core_http_request_handler_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server title: "@kbn/core-http-request-handler-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-request-handler-context-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server'] --- import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx index 0e30ef4c1574..7374c4a7ca77 100644 --- a/api_docs/kbn_core_http_resources_server.mdx +++ b/api_docs/kbn_core_http_resources_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server title: "@kbn/core-http-resources-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server'] --- import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx index ab064a8b27b8..e626dc2cc5bb 100644 --- a/api_docs/kbn_core_http_resources_server_internal.mdx +++ b/api_docs/kbn_core_http_resources_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal title: "@kbn/core-http-resources-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal'] --- import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx index ee78a2df2bb6..39a0938762c5 100644 --- a/api_docs/kbn_core_http_resources_server_mocks.mdx +++ b/api_docs/kbn_core_http_resources_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks title: "@kbn/core-http-resources-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks'] --- import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx index f1e3911546fa..51d54a237607 100644 --- a/api_docs/kbn_core_http_router_server_internal.mdx +++ b/api_docs/kbn_core_http_router_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal title: "@kbn/core-http-router-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal'] --- import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx index c3704fea8f20..b812151405a5 100644 --- a/api_docs/kbn_core_http_router_server_mocks.mdx +++ b/api_docs/kbn_core_http_router_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks title: "@kbn/core-http-router-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks'] --- import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx index 964f42bb971d..d772655fad79 100644 --- a/api_docs/kbn_core_http_server.mdx +++ b/api_docs/kbn_core_http_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server title: "@kbn/core-http-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server'] --- import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx index 496618e9ef40..ab6d7fb2f921 100644 --- a/api_docs/kbn_core_http_server_internal.mdx +++ b/api_docs/kbn_core_http_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal title: "@kbn/core-http-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal'] --- import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx index 0ab3d4401007..6bfb2cec895e 100644 --- a/api_docs/kbn_core_http_server_mocks.mdx +++ b/api_docs/kbn_core_http_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks title: "@kbn/core-http-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks'] --- import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx index 32b809f0f262..b63cb1a69856 100644 --- a/api_docs/kbn_core_i18n_browser.mdx +++ b/api_docs/kbn_core_i18n_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser title: "@kbn/core-i18n-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser'] --- import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx index 5b0272a44324..c7df3cb1b54b 100644 --- a/api_docs/kbn_core_i18n_browser_mocks.mdx +++ b/api_docs/kbn_core_i18n_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks title: "@kbn/core-i18n-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks'] --- import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx index 3817c7fa344f..7a5d4addfe31 100644 --- a/api_docs/kbn_core_i18n_server.mdx +++ b/api_docs/kbn_core_i18n_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server title: "@kbn/core-i18n-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server'] --- import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx index 459bdfb1083d..a261e66bf7d3 100644 --- a/api_docs/kbn_core_i18n_server_internal.mdx +++ b/api_docs/kbn_core_i18n_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal title: "@kbn/core-i18n-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal'] --- import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx index bbfa66b8069e..0c4063167a64 100644 --- a/api_docs/kbn_core_i18n_server_mocks.mdx +++ b/api_docs/kbn_core_i18n_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks title: "@kbn/core-i18n-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks'] --- import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx index 67ff409e7d68..560b2cc24b04 100644 --- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx +++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks title: "@kbn/core-injected-metadata-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks'] --- import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx index a352be9d9808..40b56180f23b 100644 --- a/api_docs/kbn_core_integrations_browser_internal.mdx +++ b/api_docs/kbn_core_integrations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal title: "@kbn/core-integrations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal'] --- import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx index fdb686b66283..e0f60928e9d7 100644 --- a/api_docs/kbn_core_integrations_browser_mocks.mdx +++ b/api_docs/kbn_core_integrations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks title: "@kbn/core-integrations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks'] --- import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx index f7c56c678751..235d6184db75 100644 --- a/api_docs/kbn_core_lifecycle_browser.mdx +++ b/api_docs/kbn_core_lifecycle_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser title: "@kbn/core-lifecycle-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser'] --- import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx index fa642e999ea2..2b0be2e35f08 100644 --- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks title: "@kbn/core-lifecycle-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks'] --- import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx index 2a1b718a238c..3e3d72d1c8ec 100644 --- a/api_docs/kbn_core_lifecycle_server.mdx +++ b/api_docs/kbn_core_lifecycle_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server title: "@kbn/core-lifecycle-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server'] --- import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx index 0afd19970435..1a85eb424032 100644 --- a/api_docs/kbn_core_lifecycle_server_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks title: "@kbn/core-lifecycle-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks'] --- import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx index dfd05e29e1da..51022dc6be37 100644 --- a/api_docs/kbn_core_logging_browser_mocks.mdx +++ b/api_docs/kbn_core_logging_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks title: "@kbn/core-logging-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks'] --- import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx index 763e03692a7c..6faea7d21a8e 100644 --- a/api_docs/kbn_core_logging_common_internal.mdx +++ b/api_docs/kbn_core_logging_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal title: "@kbn/core-logging-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-common-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal'] --- import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx index 34af2c49cbda..22a453a3384b 100644 --- a/api_docs/kbn_core_logging_server.mdx +++ b/api_docs/kbn_core_logging_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server title: "@kbn/core-logging-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server'] --- import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx index 11f2e8a69602..6c7916d6f73d 100644 --- a/api_docs/kbn_core_logging_server_internal.mdx +++ b/api_docs/kbn_core_logging_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal title: "@kbn/core-logging-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal'] --- import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx index abfd9f9fbdea..13d38bd5cf8d 100644 --- a/api_docs/kbn_core_logging_server_mocks.mdx +++ b/api_docs/kbn_core_logging_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks title: "@kbn/core-logging-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks'] --- import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx index 076c35111499..4a571036367b 100644 --- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal title: "@kbn/core-metrics-collectors-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal'] --- import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx index 5679d903df4d..6e8359d8e4e8 100644 --- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks title: "@kbn/core-metrics-collectors-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks'] --- import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx index d7f7e3174cef..a76087cf985f 100644 --- a/api_docs/kbn_core_metrics_server.mdx +++ b/api_docs/kbn_core_metrics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server title: "@kbn/core-metrics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server'] --- import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx index 31de27a4fb51..d10338fa2366 100644 --- a/api_docs/kbn_core_metrics_server_internal.mdx +++ b/api_docs/kbn_core_metrics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal title: "@kbn/core-metrics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal'] --- import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx index 3b67080466e4..084ac42ef20c 100644 --- a/api_docs/kbn_core_metrics_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks title: "@kbn/core-metrics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks'] --- import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx index 40c461ca7cee..6d01326bfc86 100644 --- a/api_docs/kbn_core_mount_utils_browser.mdx +++ b/api_docs/kbn_core_mount_utils_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser title: "@kbn/core-mount-utils-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-mount-utils-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser'] --- import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json'; diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx index 15c2ef3a0b73..270ce433cc68 100644 --- a/api_docs/kbn_core_node_server.mdx +++ b/api_docs/kbn_core_node_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server title: "@kbn/core-node-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server'] --- import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx index f3b6d02a8f7b..ec07b4a51867 100644 --- a/api_docs/kbn_core_node_server_internal.mdx +++ b/api_docs/kbn_core_node_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal title: "@kbn/core-node-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal'] --- import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx index 95fe95cb646b..1f8660b9624c 100644 --- a/api_docs/kbn_core_node_server_mocks.mdx +++ b/api_docs/kbn_core_node_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks title: "@kbn/core-node-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks'] --- import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx index 8ed03bd0b498..b6df8fa0c099 100644 --- a/api_docs/kbn_core_notifications_browser.mdx +++ b/api_docs/kbn_core_notifications_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser title: "@kbn/core-notifications-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser'] --- import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx index 175e1c70bbb0..96c4a9cffecf 100644 --- a/api_docs/kbn_core_notifications_browser_internal.mdx +++ b/api_docs/kbn_core_notifications_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal title: "@kbn/core-notifications-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal'] --- import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx index 83f39fe692b9..d2375731244a 100644 --- a/api_docs/kbn_core_notifications_browser_mocks.mdx +++ b/api_docs/kbn_core_notifications_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks title: "@kbn/core-notifications-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks'] --- import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx index d949d6e662a2..28c66479a9d6 100644 --- a/api_docs/kbn_core_overlays_browser.mdx +++ b/api_docs/kbn_core_overlays_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser title: "@kbn/core-overlays-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser'] --- import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx index 76bee78a9cb2..42ae09c09b36 100644 --- a/api_docs/kbn_core_overlays_browser_internal.mdx +++ b/api_docs/kbn_core_overlays_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal title: "@kbn/core-overlays-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal'] --- import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx index a4f4cd855943..2e987e4fbef6 100644 --- a/api_docs/kbn_core_overlays_browser_mocks.mdx +++ b/api_docs/kbn_core_overlays_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks title: "@kbn/core-overlays-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks'] --- import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx index b77da95b5ede..b0ccca2ee975 100644 --- a/api_docs/kbn_core_plugins_browser.mdx +++ b/api_docs/kbn_core_plugins_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser title: "@kbn/core-plugins-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser'] --- import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx index 929a0ebbc28a..30d0f384d282 100644 --- a/api_docs/kbn_core_plugins_browser_mocks.mdx +++ b/api_docs/kbn_core_plugins_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks title: "@kbn/core-plugins-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks'] --- import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx index 6c7d206c18fe..15b89a6ba37f 100644 --- a/api_docs/kbn_core_plugins_contracts_browser.mdx +++ b/api_docs/kbn_core_plugins_contracts_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser title: "@kbn/core-plugins-contracts-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser'] --- import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx index 1cb22ec9f979..627a7bdcc156 100644 --- a/api_docs/kbn_core_plugins_contracts_server.mdx +++ b/api_docs/kbn_core_plugins_contracts_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server title: "@kbn/core-plugins-contracts-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server'] --- import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx index 619d44681135..479b07eb6212 100644 --- a/api_docs/kbn_core_plugins_server.mdx +++ b/api_docs/kbn_core_plugins_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server title: "@kbn/core-plugins-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server'] --- import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx index af9c803db837..c8516a132a44 100644 --- a/api_docs/kbn_core_plugins_server_mocks.mdx +++ b/api_docs/kbn_core_plugins_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks title: "@kbn/core-plugins-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks'] --- import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx index f4d24c14265e..820b9335e5a6 100644 --- a/api_docs/kbn_core_preboot_server.mdx +++ b/api_docs/kbn_core_preboot_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server title: "@kbn/core-preboot-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server'] --- import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx index 807afb4b254c..5bba932fb2ad 100644 --- a/api_docs/kbn_core_preboot_server_mocks.mdx +++ b/api_docs/kbn_core_preboot_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks title: "@kbn/core-preboot-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks'] --- import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx index b7b13e749735..d1e587f93aa3 100644 --- a/api_docs/kbn_core_rendering_browser_mocks.mdx +++ b/api_docs/kbn_core_rendering_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks title: "@kbn/core-rendering-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks'] --- import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx index c39603bf942c..b03f919df0ac 100644 --- a/api_docs/kbn_core_rendering_server_internal.mdx +++ b/api_docs/kbn_core_rendering_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal title: "@kbn/core-rendering-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal'] --- import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx index dd824f72d385..64b291131729 100644 --- a/api_docs/kbn_core_rendering_server_mocks.mdx +++ b/api_docs/kbn_core_rendering_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks title: "@kbn/core-rendering-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks'] --- import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx index a38fae00301e..945339202f3b 100644 --- a/api_docs/kbn_core_root_server_internal.mdx +++ b/api_docs/kbn_core_root_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal title: "@kbn/core-root-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-root-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal'] --- import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx index 8504e5f31148..19bbcae795c7 100644 --- a/api_docs/kbn_core_saved_objects_api_browser.mdx +++ b/api_docs/kbn_core_saved_objects_api_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser title: "@kbn/core-saved-objects-api-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser'] --- import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx index 61839dfa6d6f..30faac237398 100644 --- a/api_docs/kbn_core_saved_objects_api_server.mdx +++ b/api_docs/kbn_core_saved_objects_api_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server title: "@kbn/core-saved-objects-api-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server'] --- import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx index 1a05aed06dee..d1bfa2155607 100644 --- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks title: "@kbn/core-saved-objects-api-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks'] --- import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx index c5181ad57baf..1b4d56496995 100644 --- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal title: "@kbn/core-saved-objects-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal'] --- import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx index d34102ed8c49..fbf78519afbd 100644 --- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks title: "@kbn/core-saved-objects-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks'] --- import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx index a03c308a5904..4bf8adcdb4c1 100644 --- a/api_docs/kbn_core_saved_objects_browser.mdx +++ b/api_docs/kbn_core_saved_objects_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser title: "@kbn/core-saved-objects-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser'] --- import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx index 3da90c5300fc..2cf7b18734ba 100644 --- a/api_docs/kbn_core_saved_objects_browser_internal.mdx +++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal title: "@kbn/core-saved-objects-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal'] --- import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx index a4ca8ee0ddd6..eded29c048c4 100644 --- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks title: "@kbn/core-saved-objects-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks'] --- import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx index 34a0234c42ce..78e72fef1618 100644 --- a/api_docs/kbn_core_saved_objects_common.mdx +++ b/api_docs/kbn_core_saved_objects_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common title: "@kbn/core-saved-objects-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common'] --- import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx index e7fbda0081e8..d2538ec60c79 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal title: "@kbn/core-saved-objects-import-export-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal'] --- import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx index 7878f297187c..400e75eb100d 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks title: "@kbn/core-saved-objects-import-export-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks'] --- import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx index cd515832752c..56a3e157b6a8 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal title: "@kbn/core-saved-objects-migration-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal'] --- import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx index 89ac7214f0b9..acdbf0baa96b 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks title: "@kbn/core-saved-objects-migration-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks'] --- import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx index bb3f3783162e..d1ad114b8441 100644 --- a/api_docs/kbn_core_saved_objects_server.mdx +++ b/api_docs/kbn_core_saved_objects_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server title: "@kbn/core-saved-objects-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server'] --- import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx index da9470a9d88b..d4aefe61e9df 100644 --- a/api_docs/kbn_core_saved_objects_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal title: "@kbn/core-saved-objects-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal'] --- import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx index a0803b97d8e5..11be88534bd3 100644 --- a/api_docs/kbn_core_saved_objects_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks title: "@kbn/core-saved-objects-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks'] --- import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx index 05db75320f72..4ef6d6f230a3 100644 --- a/api_docs/kbn_core_saved_objects_utils_server.mdx +++ b/api_docs/kbn_core_saved_objects_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server title: "@kbn/core-saved-objects-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-utils-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server'] --- import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser.mdx b/api_docs/kbn_core_security_browser.mdx index d8270c2356da..593fed51d048 100644 --- a/api_docs/kbn_core_security_browser.mdx +++ b/api_docs/kbn_core_security_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser title: "@kbn/core-security-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser'] --- import kbnCoreSecurityBrowserObj from './kbn_core_security_browser.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_internal.mdx b/api_docs/kbn_core_security_browser_internal.mdx index 4a415eadb74b..776af0fe2e85 100644 --- a/api_docs/kbn_core_security_browser_internal.mdx +++ b/api_docs/kbn_core_security_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-internal title: "@kbn/core-security-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-internal'] --- import kbnCoreSecurityBrowserInternalObj from './kbn_core_security_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_mocks.mdx b/api_docs/kbn_core_security_browser_mocks.mdx index 65c34d8aaca1..d8989d8e6294 100644 --- a/api_docs/kbn_core_security_browser_mocks.mdx +++ b/api_docs/kbn_core_security_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-mocks title: "@kbn/core-security-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-mocks'] --- import kbnCoreSecurityBrowserMocksObj from './kbn_core_security_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_security_common.mdx b/api_docs/kbn_core_security_common.mdx index 67c48b20ad67..63543ced3213 100644 --- a/api_docs/kbn_core_security_common.mdx +++ b/api_docs/kbn_core_security_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-common title: "@kbn/core-security-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-common'] --- import kbnCoreSecurityCommonObj from './kbn_core_security_common.devdocs.json'; diff --git a/api_docs/kbn_core_security_server.mdx b/api_docs/kbn_core_security_server.mdx index 5381721f161d..ea2c03c7be52 100644 --- a/api_docs/kbn_core_security_server.mdx +++ b/api_docs/kbn_core_security_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server title: "@kbn/core-security-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server'] --- import kbnCoreSecurityServerObj from './kbn_core_security_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_internal.mdx b/api_docs/kbn_core_security_server_internal.mdx index a9280231c76b..a8872ad061a2 100644 --- a/api_docs/kbn_core_security_server_internal.mdx +++ b/api_docs/kbn_core_security_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-internal title: "@kbn/core-security-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-internal'] --- import kbnCoreSecurityServerInternalObj from './kbn_core_security_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_mocks.mdx b/api_docs/kbn_core_security_server_mocks.mdx index 04caadfcdecf..53441938019b 100644 --- a/api_docs/kbn_core_security_server_mocks.mdx +++ b/api_docs/kbn_core_security_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-mocks title: "@kbn/core-security-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-mocks'] --- import kbnCoreSecurityServerMocksObj from './kbn_core_security_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx index f231a662c32f..30ddd9ec6b06 100644 --- a/api_docs/kbn_core_status_common.mdx +++ b/api_docs/kbn_core_status_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common title: "@kbn/core-status-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common'] --- import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json'; diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx index f07d5fe5b3a2..29dbac53c7d9 100644 --- a/api_docs/kbn_core_status_common_internal.mdx +++ b/api_docs/kbn_core_status_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal title: "@kbn/core-status-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal'] --- import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx index 42547f2491be..da6aa7653d15 100644 --- a/api_docs/kbn_core_status_server.mdx +++ b/api_docs/kbn_core_status_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server title: "@kbn/core-status-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server'] --- import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx index 6e2ced67bc82..8ae16f3b7e62 100644 --- a/api_docs/kbn_core_status_server_internal.mdx +++ b/api_docs/kbn_core_status_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal title: "@kbn/core-status-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal'] --- import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx index f49f0ea535bd..7882459c889d 100644 --- a/api_docs/kbn_core_status_server_mocks.mdx +++ b/api_docs/kbn_core_status_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks title: "@kbn/core-status-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks'] --- import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx index 6b4f8d8a15db..6ebb9f75434e 100644 --- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx +++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters title: "@kbn/core-test-helpers-deprecations-getters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters'] --- import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx index 2c3e7df514b3..c0076367babc 100644 --- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx +++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser title: "@kbn/core-test-helpers-http-setup-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser'] --- import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx index 7310ce2237d3..ec13f31d3868 100644 --- a/api_docs/kbn_core_test_helpers_kbn_server.mdx +++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server title: "@kbn/core-test-helpers-kbn-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-kbn-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server'] --- import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx index fa52224e358d..bcbb3688c50c 100644 --- a/api_docs/kbn_core_test_helpers_model_versions.mdx +++ b/api_docs/kbn_core_test_helpers_model_versions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions title: "@kbn/core-test-helpers-model-versions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-model-versions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions'] --- import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx index 4434f30a923b..27705a5d6596 100644 --- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx +++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer title: "@kbn/core-test-helpers-so-type-serializer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer'] --- import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx index ce656fff3f05..31ba3217b995 100644 --- a/api_docs/kbn_core_test_helpers_test_utils.mdx +++ b/api_docs/kbn_core_test_helpers_test_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils title: "@kbn/core-test-helpers-test-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-test-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils'] --- import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx index dd701e43f89e..cb21e26ec98a 100644 --- a/api_docs/kbn_core_theme_browser.mdx +++ b/api_docs/kbn_core_theme_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser title: "@kbn/core-theme-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser'] --- import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx index ee57ec191b24..6edf44e8dbee 100644 --- a/api_docs/kbn_core_theme_browser_mocks.mdx +++ b/api_docs/kbn_core_theme_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks title: "@kbn/core-theme-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks'] --- import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx index a4c572b6abcc..112e2c393d16 100644 --- a/api_docs/kbn_core_ui_settings_browser.mdx +++ b/api_docs/kbn_core_ui_settings_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser title: "@kbn/core-ui-settings-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser'] --- import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx index 6f2e5361990a..7077b40fc35a 100644 --- a/api_docs/kbn_core_ui_settings_browser_internal.mdx +++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal title: "@kbn/core-ui-settings-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal'] --- import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx index 7372cec921d4..a7f6d5b4a5ee 100644 --- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks title: "@kbn/core-ui-settings-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks'] --- import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx index dcfc19a59f8a..424f52668143 100644 --- a/api_docs/kbn_core_ui_settings_common.mdx +++ b/api_docs/kbn_core_ui_settings_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common title: "@kbn/core-ui-settings-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common'] --- import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx index d485391e5976..2a620c31a3d7 100644 --- a/api_docs/kbn_core_ui_settings_server.mdx +++ b/api_docs/kbn_core_ui_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server title: "@kbn/core-ui-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server'] --- import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx index cce9d0bcb41f..ae2a024af1fb 100644 --- a/api_docs/kbn_core_ui_settings_server_internal.mdx +++ b/api_docs/kbn_core_ui_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal title: "@kbn/core-ui-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal'] --- import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx index f7f84eb029ef..35eaa618fd0b 100644 --- a/api_docs/kbn_core_ui_settings_server_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks title: "@kbn/core-ui-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks'] --- import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx index 9fb0f157d7a9..4c1b8c3b94be 100644 --- a/api_docs/kbn_core_usage_data_server.mdx +++ b/api_docs/kbn_core_usage_data_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server title: "@kbn/core-usage-data-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server'] --- import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx index 15bfb0473a89..8efb8aec5c18 100644 --- a/api_docs/kbn_core_usage_data_server_internal.mdx +++ b/api_docs/kbn_core_usage_data_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal title: "@kbn/core-usage-data-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal'] --- import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx index c3a68f09474f..cfb459929b2f 100644 --- a/api_docs/kbn_core_usage_data_server_mocks.mdx +++ b/api_docs/kbn_core_usage_data_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks title: "@kbn/core-usage-data-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks'] --- import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser.mdx b/api_docs/kbn_core_user_profile_browser.mdx index e1b2fc5fafca..375dea72562c 100644 --- a/api_docs/kbn_core_user_profile_browser.mdx +++ b/api_docs/kbn_core_user_profile_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser title: "@kbn/core-user-profile-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser'] --- import kbnCoreUserProfileBrowserObj from './kbn_core_user_profile_browser.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_internal.mdx b/api_docs/kbn_core_user_profile_browser_internal.mdx index 8750b7587646..cd21921c6214 100644 --- a/api_docs/kbn_core_user_profile_browser_internal.mdx +++ b/api_docs/kbn_core_user_profile_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-internal title: "@kbn/core-user-profile-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-internal'] --- import kbnCoreUserProfileBrowserInternalObj from './kbn_core_user_profile_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_mocks.mdx b/api_docs/kbn_core_user_profile_browser_mocks.mdx index ca22017592f2..a795c4559de0 100644 --- a/api_docs/kbn_core_user_profile_browser_mocks.mdx +++ b/api_docs/kbn_core_user_profile_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-mocks title: "@kbn/core-user-profile-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-mocks'] --- import kbnCoreUserProfileBrowserMocksObj from './kbn_core_user_profile_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_common.mdx b/api_docs/kbn_core_user_profile_common.mdx index 2b9e49bcf65a..f7a511e6c7c7 100644 --- a/api_docs/kbn_core_user_profile_common.mdx +++ b/api_docs/kbn_core_user_profile_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-common title: "@kbn/core-user-profile-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-common'] --- import kbnCoreUserProfileCommonObj from './kbn_core_user_profile_common.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server.mdx b/api_docs/kbn_core_user_profile_server.mdx index d1bedab0a65f..89fed169d754 100644 --- a/api_docs/kbn_core_user_profile_server.mdx +++ b/api_docs/kbn_core_user_profile_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server title: "@kbn/core-user-profile-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server'] --- import kbnCoreUserProfileServerObj from './kbn_core_user_profile_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_internal.mdx b/api_docs/kbn_core_user_profile_server_internal.mdx index 8f7390f55669..411d91a5255e 100644 --- a/api_docs/kbn_core_user_profile_server_internal.mdx +++ b/api_docs/kbn_core_user_profile_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-internal title: "@kbn/core-user-profile-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-internal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-internal'] --- import kbnCoreUserProfileServerInternalObj from './kbn_core_user_profile_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_mocks.mdx b/api_docs/kbn_core_user_profile_server_mocks.mdx index c70d21055c6e..e2af83c2f7da 100644 --- a/api_docs/kbn_core_user_profile_server_mocks.mdx +++ b/api_docs/kbn_core_user_profile_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-mocks title: "@kbn/core-user-profile-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-mocks'] --- import kbnCoreUserProfileServerMocksObj from './kbn_core_user_profile_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx index c7283f852070..80df4aeb8fb7 100644 --- a/api_docs/kbn_core_user_settings_server.mdx +++ b/api_docs/kbn_core_user_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server title: "@kbn/core-user-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server'] --- import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx index 54ee94fd3025..3077176d2392 100644 --- a/api_docs/kbn_core_user_settings_server_mocks.mdx +++ b/api_docs/kbn_core_user_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks title: "@kbn/core-user-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks'] --- import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx index 497b6e1d76e3..1840ac53317a 100644 --- a/api_docs/kbn_crypto.mdx +++ b/api_docs/kbn_crypto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto title: "@kbn/crypto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto'] --- import kbnCryptoObj from './kbn_crypto.devdocs.json'; diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx index cb50f024548d..a9781f6162fa 100644 --- a/api_docs/kbn_crypto_browser.mdx +++ b/api_docs/kbn_crypto_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser title: "@kbn/crypto-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser'] --- import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json'; diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx index 8595e357d3e5..923867e1697f 100644 --- a/api_docs/kbn_custom_icons.mdx +++ b/api_docs/kbn_custom_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-icons title: "@kbn/custom-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-icons plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons'] --- import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json'; diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx index f224bc7e5d46..c082eeafb5a4 100644 --- a/api_docs/kbn_custom_integrations.mdx +++ b/api_docs/kbn_custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations title: "@kbn/custom-integrations" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-integrations plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations'] --- import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json'; diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx index ee0ffefdf4c2..5beffc6258af 100644 --- a/api_docs/kbn_cypress_config.mdx +++ b/api_docs/kbn_cypress_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config title: "@kbn/cypress-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cypress-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config'] --- import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json'; diff --git a/api_docs/kbn_data_forge.mdx b/api_docs/kbn_data_forge.mdx index e9b82cc9fd0b..e0c9448673dd 100644 --- a/api_docs/kbn_data_forge.mdx +++ b/api_docs/kbn_data_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-forge title: "@kbn/data-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-forge plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-forge'] --- import kbnDataForgeObj from './kbn_data_forge.devdocs.json'; diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx index a07a88c36088..221948c51fb0 100644 --- a/api_docs/kbn_data_service.mdx +++ b/api_docs/kbn_data_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service title: "@kbn/data-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-service plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service'] --- import kbnDataServiceObj from './kbn_data_service.devdocs.json'; diff --git a/api_docs/kbn_data_stream_adapter.mdx b/api_docs/kbn_data_stream_adapter.mdx index da6fe7fd0e24..b5b88d41ef27 100644 --- a/api_docs/kbn_data_stream_adapter.mdx +++ b/api_docs/kbn_data_stream_adapter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-stream-adapter title: "@kbn/data-stream-adapter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-stream-adapter plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-stream-adapter'] --- import kbnDataStreamAdapterObj from './kbn_data_stream_adapter.devdocs.json'; diff --git a/api_docs/kbn_data_view_utils.mdx b/api_docs/kbn_data_view_utils.mdx index a4cd30fe6a7f..fb63db5c12c2 100644 --- a/api_docs/kbn_data_view_utils.mdx +++ b/api_docs/kbn_data_view_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-view-utils title: "@kbn/data-view-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-view-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-view-utils'] --- import kbnDataViewUtilsObj from './kbn_data_view_utils.devdocs.json'; diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx index 05a6fad94eb8..e9639ffa579f 100644 --- a/api_docs/kbn_datemath.mdx +++ b/api_docs/kbn_datemath.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath title: "@kbn/datemath" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/datemath plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath'] --- import kbnDatemathObj from './kbn_datemath.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx index ac462ec37c19..61d416bde67d 100644 --- a/api_docs/kbn_deeplinks_analytics.mdx +++ b/api_docs/kbn_deeplinks_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics title: "@kbn/deeplinks-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-analytics plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics'] --- import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx index 574328d6c74f..d86ca3db268d 100644 --- a/api_docs/kbn_deeplinks_devtools.mdx +++ b/api_docs/kbn_deeplinks_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools title: "@kbn/deeplinks-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-devtools plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools'] --- import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_fleet.mdx b/api_docs/kbn_deeplinks_fleet.mdx index 5244ab46cf5f..9d542782639c 100644 --- a/api_docs/kbn_deeplinks_fleet.mdx +++ b/api_docs/kbn_deeplinks_fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-fleet title: "@kbn/deeplinks-fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-fleet plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-fleet'] --- import kbnDeeplinksFleetObj from './kbn_deeplinks_fleet.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx index ad15213eed15..43e0177ebe81 100644 --- a/api_docs/kbn_deeplinks_management.mdx +++ b/api_docs/kbn_deeplinks_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management title: "@kbn/deeplinks-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-management plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management'] --- import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx index dfad20423750..e84ca55f9d6b 100644 --- a/api_docs/kbn_deeplinks_ml.mdx +++ b/api_docs/kbn_deeplinks_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml title: "@kbn/deeplinks-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-ml plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml'] --- import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_observability.devdocs.json b/api_docs/kbn_deeplinks_observability.devdocs.json index 7c0c1af2b668..bb9e832ebbb0 100644 --- a/api_docs/kbn_deeplinks_observability.devdocs.json +++ b/api_docs/kbn_deeplinks_observability.devdocs.json @@ -114,6 +114,20 @@ "path": "packages/deeplinks/observability/locators/dataset_quality_details.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "@kbn/deeplinks-observability", + "id": "def-common.DataQualityDetailsLocatorParams.showCurrentQualityIssues", + "type": "CompoundType", + "tags": [], + "label": "showCurrentQualityIssues", + "description": [], + "signature": [ + "boolean | undefined" + ], + "path": "packages/deeplinks/observability/locators/dataset_quality_details.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx index 6e93015cd2da..3216699269e5 100644 --- a/api_docs/kbn_deeplinks_observability.mdx +++ b/api_docs/kbn_deeplinks_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability title: "@kbn/deeplinks-observability" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-observability plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability'] --- import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 62 | 0 | 50 | 0 | +| 63 | 0 | 51 | 0 | ## Common diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx index d36d2608ee38..546810c6d9ce 100644 --- a/api_docs/kbn_deeplinks_search.mdx +++ b/api_docs/kbn_deeplinks_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search title: "@kbn/deeplinks-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-search plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search'] --- import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_security.mdx b/api_docs/kbn_deeplinks_security.mdx index b7ece7737da8..4a0797b1bc8b 100644 --- a/api_docs/kbn_deeplinks_security.mdx +++ b/api_docs/kbn_deeplinks_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-security title: "@kbn/deeplinks-security" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-security plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-security'] --- import kbnDeeplinksSecurityObj from './kbn_deeplinks_security.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_shared.mdx b/api_docs/kbn_deeplinks_shared.mdx index ebf826ea3fe2..ff8b3f836143 100644 --- a/api_docs/kbn_deeplinks_shared.mdx +++ b/api_docs/kbn_deeplinks_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-shared title: "@kbn/deeplinks-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-shared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-shared'] --- import kbnDeeplinksSharedObj from './kbn_deeplinks_shared.devdocs.json'; diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx index 42e7f8a2fc18..5d1859b12a57 100644 --- a/api_docs/kbn_default_nav_analytics.mdx +++ b/api_docs/kbn_default_nav_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics title: "@kbn/default-nav-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-analytics plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics'] --- import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json'; diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx index 49d1dfcef057..dec9904016ae 100644 --- a/api_docs/kbn_default_nav_devtools.mdx +++ b/api_docs/kbn_default_nav_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools title: "@kbn/default-nav-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-devtools plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools'] --- import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json'; diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx index 67c3a85b12c9..d0525e795212 100644 --- a/api_docs/kbn_default_nav_management.mdx +++ b/api_docs/kbn_default_nav_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management title: "@kbn/default-nav-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-management plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management'] --- import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json'; diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx index 435b50a4d732..469e055cd70b 100644 --- a/api_docs/kbn_default_nav_ml.mdx +++ b/api_docs/kbn_default_nav_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml title: "@kbn/default-nav-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-ml plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml'] --- import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx index c4a4c471a095..bfb07f8657c4 100644 --- a/api_docs/kbn_dev_cli_errors.mdx +++ b/api_docs/kbn_dev_cli_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors title: "@kbn/dev-cli-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-errors plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors'] --- import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx index 84dd052bda96..20b28a2d4dc8 100644 --- a/api_docs/kbn_dev_cli_runner.mdx +++ b/api_docs/kbn_dev_cli_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner title: "@kbn/dev-cli-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-runner plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner'] --- import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx index d2abf01a3f4d..091ffba56585 100644 --- a/api_docs/kbn_dev_proc_runner.mdx +++ b/api_docs/kbn_dev_proc_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner title: "@kbn/dev-proc-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-proc-runner plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner'] --- import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx index 1e764d67c136..5657e0d8434e 100644 --- a/api_docs/kbn_dev_utils.mdx +++ b/api_docs/kbn_dev_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils title: "@kbn/dev-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils'] --- import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json'; diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx index 43659f8eb8ff..07229ee9ba80 100644 --- a/api_docs/kbn_discover_utils.mdx +++ b/api_docs/kbn_discover_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils title: "@kbn/discover-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/discover-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils'] --- import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json'; diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx index 80f302a42c18..fa32337f8464 100644 --- a/api_docs/kbn_doc_links.mdx +++ b/api_docs/kbn_doc_links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links title: "@kbn/doc-links" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/doc-links plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links'] --- import kbnDocLinksObj from './kbn_doc_links.devdocs.json'; diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx index 38dafe84a45e..a4790dae36d8 100644 --- a/api_docs/kbn_docs_utils.mdx +++ b/api_docs/kbn_docs_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils title: "@kbn/docs-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/docs-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils'] --- import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json'; diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx index a894d568047e..10dfddd00765 100644 --- a/api_docs/kbn_dom_drag_drop.mdx +++ b/api_docs/kbn_dom_drag_drop.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop title: "@kbn/dom-drag-drop" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dom-drag-drop plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop'] --- import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json'; diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx index d51b0ccbf087..bdf488357d04 100644 --- a/api_docs/kbn_ebt_tools.mdx +++ b/api_docs/kbn_ebt_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools title: "@kbn/ebt-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt-tools plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools'] --- import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json'; diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx index f637da0ee41d..707cbed90a0d 100644 --- a/api_docs/kbn_ecs_data_quality_dashboard.mdx +++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard title: "@kbn/ecs-data-quality-dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs-data-quality-dashboard plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard'] --- import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx index 213cb18f0e4b..a8c501d028b6 100644 --- a/api_docs/kbn_elastic_agent_utils.mdx +++ b/api_docs/kbn_elastic_agent_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-agent-utils title: "@kbn/elastic-agent-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-agent-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils'] --- import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx index 54456c0e5865..b6afdb6b36cd 100644 --- a/api_docs/kbn_elastic_assistant.mdx +++ b/api_docs/kbn_elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant title: "@kbn/elastic-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant'] --- import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant_common.mdx b/api_docs/kbn_elastic_assistant_common.mdx index 96b03a3d6373..9d4c552f66b7 100644 --- a/api_docs/kbn_elastic_assistant_common.mdx +++ b/api_docs/kbn_elastic_assistant_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant-common title: "@kbn/elastic-assistant-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant-common'] --- import kbnElasticAssistantCommonObj from './kbn_elastic_assistant_common.devdocs.json'; diff --git a/api_docs/kbn_entities_schema.devdocs.json b/api_docs/kbn_entities_schema.devdocs.json index 7ab3229f2173..88e3a79d5b1c 100644 --- a/api_docs/kbn_entities_schema.devdocs.json +++ b/api_docs/kbn_entities_schema.devdocs.json @@ -515,7 +515,7 @@ "label": "entityBaseSchema", "description": [], "signature": [ - "Zod.ZodObject<{ id: Zod.ZodString; type: Zod.ZodString; identityFields: Zod.ZodArray; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; }>" + "Zod.ZodObject<{ id: Zod.ZodString; type: Zod.ZodString; identityFields: Zod.ZodArray; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }>" ], "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts", "deprecated": false, @@ -672,7 +672,7 @@ "label": "entityHistorySchema", "description": [], "signature": [ - "Zod.ZodIntersection; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; }>; }, \"strip\", Zod.ZodTypeAny, { '@timestamp': string; entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; }; }, { '@timestamp': string; entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; }; }>, Zod.ZodType>" + "Zod.ZodIntersection; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }>; }, \"strip\", Zod.ZodTypeAny, { '@timestamp': string; entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }; }, { '@timestamp': string; entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; schemaVersion: string; }; }>, Zod.ZodType>" ], "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts", "deprecated": false, @@ -687,7 +687,7 @@ "label": "entityLatestSchema", "description": [], "signature": [ - "Zod.ZodIntersection; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, { lastSeenTimestamp: Zod.ZodString; firstSeenTimestamp: Zod.ZodString; }>, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; lastSeenTimestamp: string; firstSeenTimestamp: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; lastSeenTimestamp: string; firstSeenTimestamp: string; }>; }, \"strip\", Zod.ZodTypeAny, { entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; lastSeenTimestamp: string; firstSeenTimestamp: string; }; }, { entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionVersion: string; schemaVersion: string; definitionId: string; lastSeenTimestamp: string; firstSeenTimestamp: string; }; }>, Zod.ZodType>" + "Zod.ZodIntersection; displayName: Zod.ZodString; metrics: Zod.ZodRecord; definitionVersion: Zod.ZodString; schemaVersion: Zod.ZodString; definitionId: Zod.ZodString; }, { lastSeenTimestamp: Zod.ZodString; firstSeenTimestamp: Zod.ZodString; }>, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>; }, \"strip\", Zod.ZodTypeAny, { entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }; }, { entity: { id: string; type: string; metrics: Record; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }; }>, Zod.ZodType>" ], "path": "x-pack/packages/kbn-entities-schema/src/schema/entity.ts", "deprecated": false, diff --git a/api_docs/kbn_entities_schema.mdx b/api_docs/kbn_entities_schema.mdx index adab2eb2cb8e..0e4d4fa4c1dd 100644 --- a/api_docs/kbn_entities_schema.mdx +++ b/api_docs/kbn_entities_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-entities-schema title: "@kbn/entities-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/entities-schema plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/entities-schema'] --- import kbnEntitiesSchemaObj from './kbn_entities_schema.devdocs.json'; diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx index 3b46267fce25..d7c9751415e4 100644 --- a/api_docs/kbn_es.mdx +++ b/api_docs/kbn_es.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es title: "@kbn/es" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es'] --- import kbnEsObj from './kbn_es.devdocs.json'; diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx index 79d1174fc91f..96cd5019da8a 100644 --- a/api_docs/kbn_es_archiver.mdx +++ b/api_docs/kbn_es_archiver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver title: "@kbn/es-archiver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-archiver plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver'] --- import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json'; diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx index bee20fdbe061..02e7ee6deeb5 100644 --- a/api_docs/kbn_es_errors.mdx +++ b/api_docs/kbn_es_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors title: "@kbn/es-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-errors plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors'] --- import kbnEsErrorsObj from './kbn_es_errors.devdocs.json'; diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx index c57c3b10527e..3d9cf28ef065 100644 --- a/api_docs/kbn_es_query.mdx +++ b/api_docs/kbn_es_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query title: "@kbn/es-query" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-query plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query'] --- import kbnEsQueryObj from './kbn_es_query.devdocs.json'; diff --git a/api_docs/kbn_es_types.devdocs.json b/api_docs/kbn_es_types.devdocs.json index a385619aa6bd..4852b7767600 100644 --- a/api_docs/kbn_es_types.devdocs.json +++ b/api_docs/kbn_es_types.devdocs.json @@ -210,6 +210,20 @@ "path": "packages/kbn-es-types/src/search.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "@kbn/es-types", + "id": "def-common.ESQLSearchResponse.took", + "type": "number", + "tags": [], + "label": "took", + "description": [], + "signature": [ + "number | undefined" + ], + "path": "packages/kbn-es-types/src/search.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx index 7c1a245f115d..bc3d8f5fa6e1 100644 --- a/api_docs/kbn_es_types.mdx +++ b/api_docs/kbn_es_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types title: "@kbn/es-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types'] --- import kbnEsTypesObj from './kbn_es_types.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 27 | 0 | 27 | 1 | +| 28 | 0 | 28 | 1 | ## Common diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx index b8a0af85c432..bd8ff451cd7f 100644 --- a/api_docs/kbn_eslint_plugin_imports.mdx +++ b/api_docs/kbn_eslint_plugin_imports.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports title: "@kbn/eslint-plugin-imports" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/eslint-plugin-imports plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports'] --- import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json'; diff --git a/api_docs/kbn_esql_ast.mdx b/api_docs/kbn_esql_ast.mdx index 9816c27f7523..e46a0eaf6022 100644 --- a/api_docs/kbn_esql_ast.mdx +++ b/api_docs/kbn_esql_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-ast title: "@kbn/esql-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-ast plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-ast'] --- import kbnEsqlAstObj from './kbn_esql_ast.devdocs.json'; diff --git a/api_docs/kbn_esql_editor.mdx b/api_docs/kbn_esql_editor.mdx index 39650d90c407..bd2081143e53 100644 --- a/api_docs/kbn_esql_editor.mdx +++ b/api_docs/kbn_esql_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-editor title: "@kbn/esql-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-editor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-editor'] --- import kbnEsqlEditorObj from './kbn_esql_editor.devdocs.json'; diff --git a/api_docs/kbn_esql_utils.mdx b/api_docs/kbn_esql_utils.mdx index 777615a80b87..d35371784311 100644 --- a/api_docs/kbn_esql_utils.mdx +++ b/api_docs/kbn_esql_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-utils title: "@kbn/esql-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-utils'] --- import kbnEsqlUtilsObj from './kbn_esql_utils.devdocs.json'; diff --git a/api_docs/kbn_esql_validation_autocomplete.mdx b/api_docs/kbn_esql_validation_autocomplete.mdx index e2570bc92e66..f8c4cfd2f386 100644 --- a/api_docs/kbn_esql_validation_autocomplete.mdx +++ b/api_docs/kbn_esql_validation_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-validation-autocomplete title: "@kbn/esql-validation-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-validation-autocomplete plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-validation-autocomplete'] --- import kbnEsqlValidationAutocompleteObj from './kbn_esql_validation_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx index 3e6c1e02d0db..5809cffd1061 100644 --- a/api_docs/kbn_event_annotation_common.mdx +++ b/api_docs/kbn_event_annotation_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common title: "@kbn/event-annotation-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common'] --- import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx index 9a6efee6c370..49f7c9763c85 100644 --- a/api_docs/kbn_event_annotation_components.mdx +++ b/api_docs/kbn_event_annotation_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components title: "@kbn/event-annotation-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components'] --- import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json'; diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx index d063c3b7ba45..6e98c6c36777 100644 --- a/api_docs/kbn_expandable_flyout.mdx +++ b/api_docs/kbn_expandable_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout title: "@kbn/expandable-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/expandable-flyout plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout'] --- import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json'; diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx index 7ae57e3937ef..51974c586ed8 100644 --- a/api_docs/kbn_field_types.mdx +++ b/api_docs/kbn_field_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types title: "@kbn/field-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types'] --- import kbnFieldTypesObj from './kbn_field_types.devdocs.json'; diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx index 394163abfdd6..24613995bfac 100644 --- a/api_docs/kbn_field_utils.mdx +++ b/api_docs/kbn_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils title: "@kbn/field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils'] --- import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json'; diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx index 4cfa7080b0e7..8d4295da8659 100644 --- a/api_docs/kbn_find_used_node_modules.mdx +++ b/api_docs/kbn_find_used_node_modules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules title: "@kbn/find-used-node-modules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/find-used-node-modules plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules'] --- import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json'; diff --git a/api_docs/kbn_formatters.mdx b/api_docs/kbn_formatters.mdx index d689cf606af6..0941c76a1891 100644 --- a/api_docs/kbn_formatters.mdx +++ b/api_docs/kbn_formatters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-formatters title: "@kbn/formatters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/formatters plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/formatters'] --- import kbnFormattersObj from './kbn_formatters.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx index 06caedb7f5c9..a77f09d6f034 100644 --- a/api_docs/kbn_ftr_common_functional_services.mdx +++ b/api_docs/kbn_ftr_common_functional_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services title: "@kbn/ftr-common-functional-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-services plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services'] --- import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_ui_services.mdx b/api_docs/kbn_ftr_common_functional_ui_services.mdx index 0638b76e1f1b..6707224f0c38 100644 --- a/api_docs/kbn_ftr_common_functional_ui_services.mdx +++ b/api_docs/kbn_ftr_common_functional_ui_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-ui-services title: "@kbn/ftr-common-functional-ui-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-ui-services plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-ui-services'] --- import kbnFtrCommonFunctionalUiServicesObj from './kbn_ftr_common_functional_ui_services.devdocs.json'; diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx index 82ec0c2d6e12..d8b645729510 100644 --- a/api_docs/kbn_generate.mdx +++ b/api_docs/kbn_generate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate title: "@kbn/generate" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate'] --- import kbnGenerateObj from './kbn_generate.devdocs.json'; diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx index 65782a121eac..c306b164109b 100644 --- a/api_docs/kbn_generate_console_definitions.mdx +++ b/api_docs/kbn_generate_console_definitions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions title: "@kbn/generate-console-definitions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-console-definitions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions'] --- import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json'; diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx index 53cea7be5719..7ba94edaef50 100644 --- a/api_docs/kbn_generate_csv.mdx +++ b/api_docs/kbn_generate_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv title: "@kbn/generate-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-csv plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv'] --- import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json'; diff --git a/api_docs/kbn_grid_layout.mdx b/api_docs/kbn_grid_layout.mdx index 620eeaa96247..4502343bd9cd 100644 --- a/api_docs/kbn_grid_layout.mdx +++ b/api_docs/kbn_grid_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grid-layout title: "@kbn/grid-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grid-layout plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grid-layout'] --- import kbnGridLayoutObj from './kbn_grid_layout.devdocs.json'; diff --git a/api_docs/kbn_grouping.mdx b/api_docs/kbn_grouping.mdx index 369ecfb68ce8..2078f8fc832b 100644 --- a/api_docs/kbn_grouping.mdx +++ b/api_docs/kbn_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grouping title: "@kbn/grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grouping plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grouping'] --- import kbnGroupingObj from './kbn_grouping.devdocs.json'; diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx index a9c4abbc1a2e..dc10e449e751 100644 --- a/api_docs/kbn_guided_onboarding.mdx +++ b/api_docs/kbn_guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding title: "@kbn/guided-onboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/guided-onboarding plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding'] --- import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json'; diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx index 53c81a461021..0d2178268913 100644 --- a/api_docs/kbn_handlebars.mdx +++ b/api_docs/kbn_handlebars.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars title: "@kbn/handlebars" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/handlebars plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars'] --- import kbnHandlebarsObj from './kbn_handlebars.devdocs.json'; diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx index 9eade7b1413c..22424a8f4f0b 100644 --- a/api_docs/kbn_hapi_mocks.mdx +++ b/api_docs/kbn_hapi_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks title: "@kbn/hapi-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/hapi-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks'] --- import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json'; diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx index aa4ed28c8e05..fdb75a96e793 100644 --- a/api_docs/kbn_health_gateway_server.mdx +++ b/api_docs/kbn_health_gateway_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server title: "@kbn/health-gateway-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/health-gateway-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server'] --- import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx index b90e8c619aed..90edb6cf314a 100644 --- a/api_docs/kbn_home_sample_data_card.mdx +++ b/api_docs/kbn_home_sample_data_card.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card title: "@kbn/home-sample-data-card" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-card plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card'] --- import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx index 90a13f2f3332..6bb128e4e303 100644 --- a/api_docs/kbn_home_sample_data_tab.mdx +++ b/api_docs/kbn_home_sample_data_tab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab title: "@kbn/home-sample-data-tab" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-tab plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab'] --- import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json'; diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx index 9a8dfc3948b5..3ff3aec0cfa8 100644 --- a/api_docs/kbn_i18n.mdx +++ b/api_docs/kbn_i18n.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n title: "@kbn/i18n" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n'] --- import kbnI18nObj from './kbn_i18n.devdocs.json'; diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx index bb8d567d646a..dd9aba61cb19 100644 --- a/api_docs/kbn_i18n_react.mdx +++ b/api_docs/kbn_i18n_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react title: "@kbn/i18n-react" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n-react plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react'] --- import kbnI18nReactObj from './kbn_i18n_react.devdocs.json'; diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx index 7de8fc0a40d6..df703e96eba1 100644 --- a/api_docs/kbn_import_resolver.mdx +++ b/api_docs/kbn_import_resolver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver title: "@kbn/import-resolver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/import-resolver plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver'] --- import kbnImportResolverObj from './kbn_import_resolver.devdocs.json'; diff --git a/api_docs/kbn_index_management_shared_types.mdx b/api_docs/kbn_index_management_shared_types.mdx index 1b35db0cd229..8dcf587f15b5 100644 --- a/api_docs/kbn_index_management_shared_types.mdx +++ b/api_docs/kbn_index_management_shared_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-management-shared-types title: "@kbn/index-management-shared-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/index-management-shared-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-management-shared-types'] --- import kbnIndexManagementSharedTypesObj from './kbn_index_management_shared_types.devdocs.json'; diff --git a/api_docs/kbn_inference_integration_flyout.mdx b/api_docs/kbn_inference_integration_flyout.mdx index 259d74401e8c..bd25ef22a03e 100644 --- a/api_docs/kbn_inference_integration_flyout.mdx +++ b/api_docs/kbn_inference_integration_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference_integration_flyout title: "@kbn/inference_integration_flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/inference_integration_flyout plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference_integration_flyout'] --- import kbnInferenceIntegrationFlyoutObj from './kbn_inference_integration_flyout.devdocs.json'; diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx index 9b744b52851a..55755096e804 100644 --- a/api_docs/kbn_infra_forge.mdx +++ b/api_docs/kbn_infra_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge title: "@kbn/infra-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/infra-forge plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge'] --- import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json'; diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx index 5e87235eb312..bd7d12bce6ed 100644 --- a/api_docs/kbn_interpreter.mdx +++ b/api_docs/kbn_interpreter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter title: "@kbn/interpreter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/interpreter plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter'] --- import kbnInterpreterObj from './kbn_interpreter.devdocs.json'; diff --git a/api_docs/kbn_investigation_shared.devdocs.json b/api_docs/kbn_investigation_shared.devdocs.json index 8845c6011ce8..cb596b4e3af4 100644 --- a/api_docs/kbn_investigation_shared.devdocs.json +++ b/api_docs/kbn_investigation_shared.devdocs.json @@ -157,6 +157,36 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.EntitySource", + "type": "Type", + "tags": [], + "label": "EntitySource", + "description": [], + "signature": [ + "{ dataStream?: string | undefined; }" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.EntityWithSource", + "type": "Type", + "tags": [], + "label": "EntityWithSource", + "description": [], + "signature": [ + "{ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; }" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/investigation-shared", "id": "def-common.EventResponse", @@ -232,6 +262,36 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.GetEntitiesParams", + "type": "Type", + "tags": [], + "label": "GetEntitiesParams", + "description": [], + "signature": [ + "{ 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.GetEntitiesResponse", + "type": "Type", + "tags": [], + "label": "GetEntitiesResponse", + "description": [], + "signature": [ + "{ entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/investigation-shared", "id": "def-common.GetEventsParams", @@ -669,6 +729,36 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.entitySchema", + "type": "Object", + "tags": [], + "label": "entitySchema", + "description": [], + "signature": [ + "Zod.ZodObject<{ id: Zod.ZodString; definitionId: Zod.ZodString; definitionVersion: Zod.ZodString; displayName: Zod.ZodString; firstSeenTimestamp: Zod.ZodString; lastSeenTimestamp: Zod.ZodString; identityFields: Zod.ZodArray; schemaVersion: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.entityWithSourceSchema", + "type": "Object", + "tags": [], + "label": "entityWithSourceSchema", + "description": [], + "signature": [ + "Zod.ZodIntersection; schemaVersion: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>, Zod.ZodObject<{ sources: Zod.ZodArray; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/entity.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/investigation-shared", "id": "def-common.eventResponseSchema", @@ -789,6 +879,36 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.getEntitiesParamsSchema", + "type": "Object", + "tags": [], + "label": "getEntitiesParamsSchema", + "description": [], + "signature": [ + "Zod.ZodObject<{ query: Zod.ZodOptional; 'service.environment': Zod.ZodOptional; 'host.name': Zod.ZodOptional; 'container.id': Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }, { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; }>>; }, \"strip\", Zod.ZodTypeAny, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }, { query?: { 'container.id'?: string | undefined; 'host.name'?: string | undefined; 'service.environment'?: string | undefined; 'service.name'?: string | undefined; } | undefined; }>" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/investigation-shared", + "id": "def-common.getEntitiesResponseSchema", + "type": "Object", + "tags": [], + "label": "getEntitiesResponseSchema", + "description": [], + "signature": [ + "Zod.ZodObject<{ entities: Zod.ZodArray; schemaVersion: Zod.ZodString; type: Zod.ZodString; metrics: Zod.ZodObject<{ failedTransactionRate: Zod.ZodOptional; latency: Zod.ZodOptional; throughput: Zod.ZodOptional; logErrorRate: Zod.ZodOptional; logRate: Zod.ZodOptional; }, \"strip\", Zod.ZodTypeAny, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }, { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }>; }, \"strip\", Zod.ZodTypeAny, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }, { id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; }>, Zod.ZodObject<{ sources: Zod.ZodArray; }, \"strip\", Zod.ZodTypeAny, { dataStream?: string | undefined; }, { dataStream?: string | undefined; }>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { sources: { dataStream?: string | undefined; }[]; }, { sources: { dataStream?: string | undefined; }[]; }>>, \"many\">; }, \"strip\", Zod.ZodTypeAny, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }, { entities: ({ id: string; type: string; metrics: { latency?: number | undefined; throughput?: number | undefined; failedTransactionRate?: number | undefined; logRate?: number | undefined; logErrorRate?: number | undefined; }; displayName: string; identityFields: string[]; definitionId: string; definitionVersion: string; firstSeenTimestamp: string; lastSeenTimestamp: string; schemaVersion: string; } & { sources: { dataStream?: string | undefined; }[]; })[]; }>" + ], + "path": "packages/kbn-investigation-shared/src/rest_specs/get_entities.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "@kbn/investigation-shared", "id": "def-common.getEventsParamsSchema", diff --git a/api_docs/kbn_investigation_shared.mdx b/api_docs/kbn_investigation_shared.mdx index ecbae870096a..0bc8b170c6be 100644 --- a/api_docs/kbn_investigation_shared.mdx +++ b/api_docs/kbn_investigation_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-investigation-shared title: "@kbn/investigation-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/investigation-shared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/investigation-shared'] --- import kbnInvestigationSharedObj from './kbn_investigation_shared.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 73 | 0 | 73 | 0 | +| 81 | 0 | 81 | 0 | ## Common diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx index b6fdd59c50ce..562237a1f3cc 100644 --- a/api_docs/kbn_io_ts_utils.mdx +++ b/api_docs/kbn_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils title: "@kbn/io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/io-ts-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils'] --- import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_ipynb.mdx b/api_docs/kbn_ipynb.mdx index 7f6ac8ded163..8eadc048c939 100644 --- a/api_docs/kbn_ipynb.mdx +++ b/api_docs/kbn_ipynb.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ipynb title: "@kbn/ipynb" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ipynb plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ipynb'] --- import kbnIpynbObj from './kbn_ipynb.devdocs.json'; diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx index 794ce157e525..3689bc573625 100644 --- a/api_docs/kbn_jest_serializers.mdx +++ b/api_docs/kbn_jest_serializers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers title: "@kbn/jest-serializers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/jest-serializers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers'] --- import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json'; diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx index 3383ed9964eb..9564b0696aba 100644 --- a/api_docs/kbn_journeys.mdx +++ b/api_docs/kbn_journeys.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys title: "@kbn/journeys" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/journeys plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys'] --- import kbnJourneysObj from './kbn_journeys.devdocs.json'; diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx index c3f00e0d44b4..aa2bffbdef3f 100644 --- a/api_docs/kbn_json_ast.mdx +++ b/api_docs/kbn_json_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast title: "@kbn/json-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-ast plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast'] --- import kbnJsonAstObj from './kbn_json_ast.devdocs.json'; diff --git a/api_docs/kbn_json_schemas.mdx b/api_docs/kbn_json_schemas.mdx index 59844f740473..3e964139794b 100644 --- a/api_docs/kbn_json_schemas.mdx +++ b/api_docs/kbn_json_schemas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-schemas title: "@kbn/json-schemas" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-schemas plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-schemas'] --- import kbnJsonSchemasObj from './kbn_json_schemas.devdocs.json'; diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx index 3ec23ee44281..fd25faee33f3 100644 --- a/api_docs/kbn_kibana_manifest_schema.mdx +++ b/api_docs/kbn_kibana_manifest_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema title: "@kbn/kibana-manifest-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/kibana-manifest-schema plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema'] --- import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json'; diff --git a/api_docs/kbn_language_documentation.mdx b/api_docs/kbn_language_documentation.mdx index 45469b501a5f..0dab6dfcf68f 100644 --- a/api_docs/kbn_language_documentation.mdx +++ b/api_docs/kbn_language_documentation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation title: "@kbn/language-documentation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/language-documentation plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation'] --- import kbnLanguageDocumentationObj from './kbn_language_documentation.devdocs.json'; diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx index b6813c90c1d3..d9959e198c8e 100644 --- a/api_docs/kbn_lens_embeddable_utils.mdx +++ b/api_docs/kbn_lens_embeddable_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils title: "@kbn/lens-embeddable-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-embeddable-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils'] --- import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json'; diff --git a/api_docs/kbn_lens_formula_docs.mdx b/api_docs/kbn_lens_formula_docs.mdx index 84cf7b0b665f..b282b4dd9298 100644 --- a/api_docs/kbn_lens_formula_docs.mdx +++ b/api_docs/kbn_lens_formula_docs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-formula-docs title: "@kbn/lens-formula-docs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-formula-docs plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-formula-docs'] --- import kbnLensFormulaDocsObj from './kbn_lens_formula_docs.devdocs.json'; diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx index c97ce768f477..a8f07baf2489 100644 --- a/api_docs/kbn_logging.mdx +++ b/api_docs/kbn_logging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging title: "@kbn/logging" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging'] --- import kbnLoggingObj from './kbn_logging.devdocs.json'; diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx index 2c6f69cb3965..47255372d5db 100644 --- a/api_docs/kbn_logging_mocks.mdx +++ b/api_docs/kbn_logging_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks title: "@kbn/logging-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks'] --- import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json'; diff --git a/api_docs/kbn_managed_content_badge.mdx b/api_docs/kbn_managed_content_badge.mdx index 3627a92f1266..d689481dcdb4 100644 --- a/api_docs/kbn_managed_content_badge.mdx +++ b/api_docs/kbn_managed_content_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-content-badge title: "@kbn/managed-content-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-content-badge plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-content-badge'] --- import kbnManagedContentBadgeObj from './kbn_managed_content_badge.devdocs.json'; diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx index 910de719dec8..772c902940ae 100644 --- a/api_docs/kbn_managed_vscode_config.mdx +++ b/api_docs/kbn_managed_vscode_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config title: "@kbn/managed-vscode-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-vscode-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config'] --- import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json'; diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx index 8b552e7b0d79..76f5d2a6a39c 100644 --- a/api_docs/kbn_management_cards_navigation.mdx +++ b/api_docs/kbn_management_cards_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation title: "@kbn/management-cards-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-cards-navigation plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation'] --- import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json'; diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx index 652b50df9416..c1747d0ab6a0 100644 --- a/api_docs/kbn_management_settings_application.mdx +++ b/api_docs/kbn_management_settings_application.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application title: "@kbn/management-settings-application" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-application plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application'] --- import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_category.devdocs.json b/api_docs/kbn_management_settings_components_field_category.devdocs.json index 15e17ede31ca..8c7e3f4645d9 100644 --- a/api_docs/kbn_management_settings_components_field_category.devdocs.json +++ b/api_docs/kbn_management_settings_components_field_category.devdocs.json @@ -401,7 +401,7 @@ "section": "def-public.ClearQueryLinkProps", "text": "ClearQueryLinkProps" }, - ", \"onClearQuery\" | \"fieldCount\">" + ", \"fieldCount\" | \"onClearQuery\">" ], "path": "packages/kbn-management/settings/components/field_category/category.tsx", "deprecated": false, diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx index 1dc2e9b317db..b46d26d9f273 100644 --- a/api_docs/kbn_management_settings_components_field_category.mdx +++ b/api_docs/kbn_management_settings_components_field_category.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category title: "@kbn/management-settings-components-field-category" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-category plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category'] --- import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx index 5e3081a0d3d3..0caf1cea1cd1 100644 --- a/api_docs/kbn_management_settings_components_field_input.mdx +++ b/api_docs/kbn_management_settings_components_field_input.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input title: "@kbn/management-settings-components-field-input" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-input plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input'] --- import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx index 37ce47c71426..e7d1ebaf580e 100644 --- a/api_docs/kbn_management_settings_components_field_row.mdx +++ b/api_docs/kbn_management_settings_components_field_row.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row title: "@kbn/management-settings-components-field-row" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-row plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row'] --- import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx index eed4224d2466..b92dcc7f1a90 100644 --- a/api_docs/kbn_management_settings_components_form.mdx +++ b/api_docs/kbn_management_settings_components_form.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form title: "@kbn/management-settings-components-form" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-form plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form'] --- import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json'; diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx index c720b1f20107..70c5ce41fedf 100644 --- a/api_docs/kbn_management_settings_field_definition.mdx +++ b/api_docs/kbn_management_settings_field_definition.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition title: "@kbn/management-settings-field-definition" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-field-definition plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition'] --- import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json'; diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx index dcada159a809..d586683b1176 100644 --- a/api_docs/kbn_management_settings_ids.mdx +++ b/api_docs/kbn_management_settings_ids.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids title: "@kbn/management-settings-ids" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-ids plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids'] --- import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json'; diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx index 6a6659d69194..8591b80ce5f0 100644 --- a/api_docs/kbn_management_settings_section_registry.mdx +++ b/api_docs/kbn_management_settings_section_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry title: "@kbn/management-settings-section-registry" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-section-registry plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry'] --- import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json'; diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx index 49dd50b251a9..dff7b36a8ed7 100644 --- a/api_docs/kbn_management_settings_types.mdx +++ b/api_docs/kbn_management_settings_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types title: "@kbn/management-settings-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types'] --- import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json'; diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx index 28fa9287fe9c..7c1b5ba9e071 100644 --- a/api_docs/kbn_management_settings_utilities.mdx +++ b/api_docs/kbn_management_settings_utilities.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities title: "@kbn/management-settings-utilities" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-utilities plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities'] --- import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json'; diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx index d142791a1ff2..6638b14fd17f 100644 --- a/api_docs/kbn_management_storybook_config.mdx +++ b/api_docs/kbn_management_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config title: "@kbn/management-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-storybook-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config'] --- import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx index 9272675565a9..588fc10c1b88 100644 --- a/api_docs/kbn_mapbox_gl.mdx +++ b/api_docs/kbn_mapbox_gl.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl title: "@kbn/mapbox-gl" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mapbox-gl plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl'] --- import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json'; diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx index a547d94fa6df..b3c043bb8096 100644 --- a/api_docs/kbn_maps_vector_tile_utils.mdx +++ b/api_docs/kbn_maps_vector_tile_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils title: "@kbn/maps-vector-tile-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/maps-vector-tile-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils'] --- import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx index 02a062a087ff..52ff1e029374 100644 --- a/api_docs/kbn_ml_agg_utils.mdx +++ b/api_docs/kbn_ml_agg_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils title: "@kbn/ml-agg-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-agg-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils'] --- import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx index 3912bd1b1dfa..685189eda72a 100644 --- a/api_docs/kbn_ml_anomaly_utils.mdx +++ b/api_docs/kbn_ml_anomaly_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils title: "@kbn/ml-anomaly-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-anomaly-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils'] --- import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_cancellable_search.mdx b/api_docs/kbn_ml_cancellable_search.mdx index e16fcc7e3246..98dc9a76bbb4 100644 --- a/api_docs/kbn_ml_cancellable_search.mdx +++ b/api_docs/kbn_ml_cancellable_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-cancellable-search title: "@kbn/ml-cancellable-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-cancellable-search plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-cancellable-search'] --- import kbnMlCancellableSearchObj from './kbn_ml_cancellable_search.devdocs.json'; diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx index 380dedbb4a64..9b7eccd5f5e9 100644 --- a/api_docs/kbn_ml_category_validator.mdx +++ b/api_docs/kbn_ml_category_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator title: "@kbn/ml-category-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-category-validator plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator'] --- import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json'; diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx index c19d54a941b5..3cee20832f15 100644 --- a/api_docs/kbn_ml_chi2test.mdx +++ b/api_docs/kbn_ml_chi2test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test title: "@kbn/ml-chi2test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-chi2test plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test'] --- import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json'; diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx index 62a40e331806..02fbd5f1d41e 100644 --- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx +++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils title: "@kbn/ml-data-frame-analytics-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-frame-analytics-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils'] --- import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx index 635559338298..ccc5a2ffea35 100644 --- a/api_docs/kbn_ml_data_grid.mdx +++ b/api_docs/kbn_ml_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid title: "@kbn/ml-data-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-grid plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid'] --- import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json'; diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx index f63c8ce04dd5..a10c01e9304f 100644 --- a/api_docs/kbn_ml_date_picker.mdx +++ b/api_docs/kbn_ml_date_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker title: "@kbn/ml-date-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-picker plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker'] --- import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json'; diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx index fc39d42afd57..9eb6ec4c1a3d 100644 --- a/api_docs/kbn_ml_date_utils.mdx +++ b/api_docs/kbn_ml_date_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils title: "@kbn/ml-date-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils'] --- import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx index a44e50135be3..89a8705d6b69 100644 --- a/api_docs/kbn_ml_error_utils.mdx +++ b/api_docs/kbn_ml_error_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils title: "@kbn/ml-error-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-error-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils'] --- import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_field_stats_flyout.mdx b/api_docs/kbn_ml_field_stats_flyout.mdx index 75093aae9989..98260eba872f 100644 --- a/api_docs/kbn_ml_field_stats_flyout.mdx +++ b/api_docs/kbn_ml_field_stats_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-field-stats-flyout title: "@kbn/ml-field-stats-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-field-stats-flyout plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-field-stats-flyout'] --- import kbnMlFieldStatsFlyoutObj from './kbn_ml_field_stats_flyout.devdocs.json'; diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx index fd920e051341..545fab15a78f 100644 --- a/api_docs/kbn_ml_in_memory_table.mdx +++ b/api_docs/kbn_ml_in_memory_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table title: "@kbn/ml-in-memory-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-in-memory-table plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table'] --- import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json'; diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx index 6d8623c3eaee..093cc37a81a9 100644 --- a/api_docs/kbn_ml_is_defined.mdx +++ b/api_docs/kbn_ml_is_defined.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined title: "@kbn/ml-is-defined" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-defined plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined'] --- import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json'; diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx index 51ffc6a4f305..58d152e370e4 100644 --- a/api_docs/kbn_ml_is_populated_object.mdx +++ b/api_docs/kbn_ml_is_populated_object.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object title: "@kbn/ml-is-populated-object" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-populated-object plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object'] --- import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json'; diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx index 5a4c6497b070..358f73099b8c 100644 --- a/api_docs/kbn_ml_kibana_theme.mdx +++ b/api_docs/kbn_ml_kibana_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme title: "@kbn/ml-kibana-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-kibana-theme plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme'] --- import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json'; diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx index 7f1c83a56b88..1e734b7d9928 100644 --- a/api_docs/kbn_ml_local_storage.mdx +++ b/api_docs/kbn_ml_local_storage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage title: "@kbn/ml-local-storage" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-local-storage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage'] --- import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json'; diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx index 042532d4a5d5..384aed77a869 100644 --- a/api_docs/kbn_ml_nested_property.mdx +++ b/api_docs/kbn_ml_nested_property.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property title: "@kbn/ml-nested-property" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-nested-property plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property'] --- import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json'; diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx index f092c83aa9bd..f7381d7af757 100644 --- a/api_docs/kbn_ml_number_utils.mdx +++ b/api_docs/kbn_ml_number_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils title: "@kbn/ml-number-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-number-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils'] --- import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_parse_interval.mdx b/api_docs/kbn_ml_parse_interval.mdx index ce8512675a78..a8316379ff1f 100644 --- a/api_docs/kbn_ml_parse_interval.mdx +++ b/api_docs/kbn_ml_parse_interval.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-parse-interval title: "@kbn/ml-parse-interval" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-parse-interval plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-parse-interval'] --- import kbnMlParseIntervalObj from './kbn_ml_parse_interval.devdocs.json'; diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx index e665c85d742b..0e97a3e79ca9 100644 --- a/api_docs/kbn_ml_query_utils.mdx +++ b/api_docs/kbn_ml_query_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils title: "@kbn/ml-query-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-query-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils'] --- import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx index f631aeed553d..57afc64c245f 100644 --- a/api_docs/kbn_ml_random_sampler_utils.mdx +++ b/api_docs/kbn_ml_random_sampler_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils title: "@kbn/ml-random-sampler-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-random-sampler-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils'] --- import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx index 6bf315690e78..aaccec9b9b66 100644 --- a/api_docs/kbn_ml_route_utils.mdx +++ b/api_docs/kbn_ml_route_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils title: "@kbn/ml-route-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-route-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils'] --- import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx index 1e9f667424a1..92cdd0fcf358 100644 --- a/api_docs/kbn_ml_runtime_field_utils.mdx +++ b/api_docs/kbn_ml_runtime_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils title: "@kbn/ml-runtime-field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-runtime-field-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils'] --- import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx index 030b26809222..2ff85f187821 100644 --- a/api_docs/kbn_ml_string_hash.mdx +++ b/api_docs/kbn_ml_string_hash.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash title: "@kbn/ml-string-hash" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-string-hash plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash'] --- import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json'; diff --git a/api_docs/kbn_ml_time_buckets.mdx b/api_docs/kbn_ml_time_buckets.mdx index 14eec13cb452..0b7e619c1d49 100644 --- a/api_docs/kbn_ml_time_buckets.mdx +++ b/api_docs/kbn_ml_time_buckets.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-time-buckets title: "@kbn/ml-time-buckets" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-time-buckets plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-time-buckets'] --- import kbnMlTimeBucketsObj from './kbn_ml_time_buckets.devdocs.json'; diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx index eb89f20c3269..9c6464f8a37c 100644 --- a/api_docs/kbn_ml_trained_models_utils.mdx +++ b/api_docs/kbn_ml_trained_models_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils title: "@kbn/ml-trained-models-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-trained-models-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils'] --- import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_ui_actions.mdx b/api_docs/kbn_ml_ui_actions.mdx index 2dcae5ba3e0d..70eef9c64df0 100644 --- a/api_docs/kbn_ml_ui_actions.mdx +++ b/api_docs/kbn_ml_ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-ui-actions title: "@kbn/ml-ui-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-ui-actions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-ui-actions'] --- import kbnMlUiActionsObj from './kbn_ml_ui_actions.devdocs.json'; diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx index d706562e546f..000961b765b7 100644 --- a/api_docs/kbn_ml_url_state.mdx +++ b/api_docs/kbn_ml_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state title: "@kbn/ml-url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-url-state plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state'] --- import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json'; diff --git a/api_docs/kbn_ml_validators.mdx b/api_docs/kbn_ml_validators.mdx index 98a6c010228c..bf70b42c6bff 100644 --- a/api_docs/kbn_ml_validators.mdx +++ b/api_docs/kbn_ml_validators.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-validators title: "@kbn/ml-validators" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-validators plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-validators'] --- import kbnMlValidatorsObj from './kbn_ml_validators.devdocs.json'; diff --git a/api_docs/kbn_mock_idp_utils.mdx b/api_docs/kbn_mock_idp_utils.mdx index 937fa51cc921..f0ddb2425597 100644 --- a/api_docs/kbn_mock_idp_utils.mdx +++ b/api_docs/kbn_mock_idp_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mock-idp-utils title: "@kbn/mock-idp-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mock-idp-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mock-idp-utils'] --- import kbnMockIdpUtilsObj from './kbn_mock_idp_utils.devdocs.json'; diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx index 25ca3deca850..3eef8040fe34 100644 --- a/api_docs/kbn_monaco.mdx +++ b/api_docs/kbn_monaco.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco title: "@kbn/monaco" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/monaco plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco'] --- import kbnMonacoObj from './kbn_monaco.devdocs.json'; diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx index b23c2199e887..81731da8612e 100644 --- a/api_docs/kbn_object_versioning.mdx +++ b/api_docs/kbn_object_versioning.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning title: "@kbn/object-versioning" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning'] --- import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json'; diff --git a/api_docs/kbn_object_versioning_utils.mdx b/api_docs/kbn_object_versioning_utils.mdx index a50bf191332d..24494ffa2b5b 100644 --- a/api_docs/kbn_object_versioning_utils.mdx +++ b/api_docs/kbn_object_versioning_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning-utils title: "@kbn/object-versioning-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning-utils'] --- import kbnObjectVersioningUtilsObj from './kbn_object_versioning_utils.devdocs.json'; diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx index d94fae58d5fd..c0b183feaa41 100644 --- a/api_docs/kbn_observability_alert_details.mdx +++ b/api_docs/kbn_observability_alert_details.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details title: "@kbn/observability-alert-details" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alert-details plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details'] --- import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_rule_utils.mdx b/api_docs/kbn_observability_alerting_rule_utils.mdx index ef2d35736948..ddc5fefa167e 100644 --- a/api_docs/kbn_observability_alerting_rule_utils.mdx +++ b/api_docs/kbn_observability_alerting_rule_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-rule-utils title: "@kbn/observability-alerting-rule-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-rule-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-rule-utils'] --- import kbnObservabilityAlertingRuleUtilsObj from './kbn_observability_alerting_rule_utils.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx index 034c534f232b..84a5e3df8267 100644 --- a/api_docs/kbn_observability_alerting_test_data.mdx +++ b/api_docs/kbn_observability_alerting_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data title: "@kbn/observability-alerting-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-test-data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data'] --- import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json'; diff --git a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx index c69daf7f29a6..d6c72cc67c34 100644 --- a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx +++ b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-get-padded-alert-time-range-util title: "@kbn/observability-get-padded-alert-time-range-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-get-padded-alert-time-range-util plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-get-padded-alert-time-range-util'] --- import kbnObservabilityGetPaddedAlertTimeRangeUtilObj from './kbn_observability_get_padded_alert_time_range_util.devdocs.json'; diff --git a/api_docs/kbn_observability_synthetics_test_data.mdx b/api_docs/kbn_observability_synthetics_test_data.mdx index 20609070411d..460092f8f58b 100644 --- a/api_docs/kbn_observability_synthetics_test_data.mdx +++ b/api_docs/kbn_observability_synthetics_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-synthetics-test-data title: "@kbn/observability-synthetics-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-synthetics-test-data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-synthetics-test-data'] --- import kbnObservabilitySyntheticsTestDataObj from './kbn_observability_synthetics_test_data.devdocs.json'; diff --git a/api_docs/kbn_openapi_bundler.mdx b/api_docs/kbn_openapi_bundler.mdx index ce265102cc97..2ea3e88962b8 100644 --- a/api_docs/kbn_openapi_bundler.mdx +++ b/api_docs/kbn_openapi_bundler.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-bundler title: "@kbn/openapi-bundler" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-bundler plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-bundler'] --- import kbnOpenapiBundlerObj from './kbn_openapi_bundler.devdocs.json'; diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx index 84f0f0e1da15..1a7345ddaaae 100644 --- a/api_docs/kbn_openapi_generator.mdx +++ b/api_docs/kbn_openapi_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator title: "@kbn/openapi-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-generator plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator'] --- import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json'; diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx index 1d70d737e645..4247dbe65fc6 100644 --- a/api_docs/kbn_optimizer.mdx +++ b/api_docs/kbn_optimizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer title: "@kbn/optimizer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer'] --- import kbnOptimizerObj from './kbn_optimizer.devdocs.json'; diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx index df68d89e27bd..01d00759e4c1 100644 --- a/api_docs/kbn_optimizer_webpack_helpers.mdx +++ b/api_docs/kbn_optimizer_webpack_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers title: "@kbn/optimizer-webpack-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer-webpack-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers'] --- import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json'; diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx index eb5d046d0339..99cab425c98a 100644 --- a/api_docs/kbn_osquery_io_ts_types.mdx +++ b/api_docs/kbn_osquery_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types title: "@kbn/osquery-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/osquery-io-ts-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types'] --- import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_panel_loader.mdx b/api_docs/kbn_panel_loader.mdx index 20225bdf1cdd..2e9532bf0445 100644 --- a/api_docs/kbn_panel_loader.mdx +++ b/api_docs/kbn_panel_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-panel-loader title: "@kbn/panel-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/panel-loader plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/panel-loader'] --- import kbnPanelLoaderObj from './kbn_panel_loader.devdocs.json'; diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx index bf6fdebf20d1..fd2ada244f2e 100644 --- a/api_docs/kbn_performance_testing_dataset_extractor.mdx +++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor title: "@kbn/performance-testing-dataset-extractor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/performance-testing-dataset-extractor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor'] --- import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json'; diff --git a/api_docs/kbn_plugin_check.mdx b/api_docs/kbn_plugin_check.mdx index a1c8fce1afdd..1e7c508d3c5b 100644 --- a/api_docs/kbn_plugin_check.mdx +++ b/api_docs/kbn_plugin_check.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-check title: "@kbn/plugin-check" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-check plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-check'] --- import kbnPluginCheckObj from './kbn_plugin_check.devdocs.json'; diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx index 5dddfe040e71..cef6c9e408b4 100644 --- a/api_docs/kbn_plugin_generator.mdx +++ b/api_docs/kbn_plugin_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator title: "@kbn/plugin-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-generator plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator'] --- import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json'; diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx index 90c0efbee3a1..73559631cbba 100644 --- a/api_docs/kbn_plugin_helpers.mdx +++ b/api_docs/kbn_plugin_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers title: "@kbn/plugin-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers'] --- import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json'; diff --git a/api_docs/kbn_presentation_containers.mdx b/api_docs/kbn_presentation_containers.mdx index 0097825c65e8..9da99d16c318 100644 --- a/api_docs/kbn_presentation_containers.mdx +++ b/api_docs/kbn_presentation_containers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-containers title: "@kbn/presentation-containers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-containers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-containers'] --- import kbnPresentationContainersObj from './kbn_presentation_containers.devdocs.json'; diff --git a/api_docs/kbn_presentation_publishing.mdx b/api_docs/kbn_presentation_publishing.mdx index 8e8f821922d4..b20daa907274 100644 --- a/api_docs/kbn_presentation_publishing.mdx +++ b/api_docs/kbn_presentation_publishing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-publishing title: "@kbn/presentation-publishing" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-publishing plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-publishing'] --- import kbnPresentationPublishingObj from './kbn_presentation_publishing.devdocs.json'; diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx index a899797ed12e..7e88e34e7bcd 100644 --- a/api_docs/kbn_profiling_utils.mdx +++ b/api_docs/kbn_profiling_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils title: "@kbn/profiling-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/profiling-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils'] --- import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json'; diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx index 207a2c3c260d..dbdacde2ede9 100644 --- a/api_docs/kbn_random_sampling.mdx +++ b/api_docs/kbn_random_sampling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling title: "@kbn/random-sampling" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/random-sampling plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling'] --- import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json'; diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx index ba1b0b52651e..9d02b8f1fbb8 100644 --- a/api_docs/kbn_react_field.mdx +++ b/api_docs/kbn_react_field.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field title: "@kbn/react-field" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-field plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field'] --- import kbnReactFieldObj from './kbn_react_field.devdocs.json'; diff --git a/api_docs/kbn_react_hooks.mdx b/api_docs/kbn_react_hooks.mdx index 9f73dbc94f33..117c3d79442b 100644 --- a/api_docs/kbn_react_hooks.mdx +++ b/api_docs/kbn_react_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-hooks title: "@kbn/react-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-hooks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-hooks'] --- import kbnReactHooksObj from './kbn_react_hooks.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx index 769976274be4..7f0dd70c3154 100644 --- a/api_docs/kbn_react_kibana_context_common.mdx +++ b/api_docs/kbn_react_kibana_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common title: "@kbn/react-kibana-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common'] --- import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx index 558b70138ecd..4c644b916e2b 100644 --- a/api_docs/kbn_react_kibana_context_render.mdx +++ b/api_docs/kbn_react_kibana_context_render.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render title: "@kbn/react-kibana-context-render" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-render plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render'] --- import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx index 47652d7f0b9c..9acefb9fb622 100644 --- a/api_docs/kbn_react_kibana_context_root.mdx +++ b/api_docs/kbn_react_kibana_context_root.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root title: "@kbn/react-kibana-context-root" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-root plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root'] --- import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx index eaa632088c57..15d18d87c374 100644 --- a/api_docs/kbn_react_kibana_context_styled.mdx +++ b/api_docs/kbn_react_kibana_context_styled.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled title: "@kbn/react-kibana-context-styled" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-styled plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled'] --- import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx index 091349ef77ed..092821ccd1de 100644 --- a/api_docs/kbn_react_kibana_context_theme.mdx +++ b/api_docs/kbn_react_kibana_context_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme title: "@kbn/react-kibana-context-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-theme plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme'] --- import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx index d5b85be7cce3..e9b1c86ecf90 100644 --- a/api_docs/kbn_react_kibana_mount.mdx +++ b/api_docs/kbn_react_kibana_mount.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount title: "@kbn/react-kibana-mount" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-mount plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount'] --- import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json'; diff --git a/api_docs/kbn_recently_accessed.mdx b/api_docs/kbn_recently_accessed.mdx index db64e87b36f9..0d4757b457f4 100644 --- a/api_docs/kbn_recently_accessed.mdx +++ b/api_docs/kbn_recently_accessed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-recently-accessed title: "@kbn/recently-accessed" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/recently-accessed plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/recently-accessed'] --- import kbnRecentlyAccessedObj from './kbn_recently_accessed.devdocs.json'; diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx index f516f90d81c5..967172e8de40 100644 --- a/api_docs/kbn_repo_file_maps.mdx +++ b/api_docs/kbn_repo_file_maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps title: "@kbn/repo-file-maps" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-file-maps plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps'] --- import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json'; diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx index 6bd0206b4bcd..ef87c75a8512 100644 --- a/api_docs/kbn_repo_linter.mdx +++ b/api_docs/kbn_repo_linter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter title: "@kbn/repo-linter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-linter plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter'] --- import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json'; diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx index b9aa7ac78108..b0c63cea8fc7 100644 --- a/api_docs/kbn_repo_path.mdx +++ b/api_docs/kbn_repo_path.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path title: "@kbn/repo-path" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-path plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path'] --- import kbnRepoPathObj from './kbn_repo_path.devdocs.json'; diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx index fc391aa19d06..0639ef9d242b 100644 --- a/api_docs/kbn_repo_source_classifier.mdx +++ b/api_docs/kbn_repo_source_classifier.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier title: "@kbn/repo-source-classifier" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-source-classifier plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier'] --- import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json'; diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx index c19dca4d9cfb..cb2059a5dd08 100644 --- a/api_docs/kbn_reporting_common.mdx +++ b/api_docs/kbn_reporting_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common title: "@kbn/reporting-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common'] --- import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_csv_share_panel.mdx b/api_docs/kbn_reporting_csv_share_panel.mdx index 73cb7799b10f..9dd733f7c694 100644 --- a/api_docs/kbn_reporting_csv_share_panel.mdx +++ b/api_docs/kbn_reporting_csv_share_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-csv-share-panel title: "@kbn/reporting-csv-share-panel" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-csv-share-panel plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-csv-share-panel'] --- import kbnReportingCsvSharePanelObj from './kbn_reporting_csv_share_panel.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx index b91361fa1676..57241b2f9511 100644 --- a/api_docs/kbn_reporting_export_types_csv.mdx +++ b/api_docs/kbn_reporting_export_types_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv title: "@kbn/reporting-export-types-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv'] --- import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx index f7806a99fa97..d9d43f03e4ea 100644 --- a/api_docs/kbn_reporting_export_types_csv_common.mdx +++ b/api_docs/kbn_reporting_export_types_csv_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common title: "@kbn/reporting-export-types-csv-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common'] --- import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx index 899270815e64..c10884296c5b 100644 --- a/api_docs/kbn_reporting_export_types_pdf.mdx +++ b/api_docs/kbn_reporting_export_types_pdf.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf title: "@kbn/reporting-export-types-pdf" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf'] --- import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx index 5c753d775b72..7d876ad37691 100644 --- a/api_docs/kbn_reporting_export_types_pdf_common.mdx +++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common title: "@kbn/reporting-export-types-pdf-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common'] --- import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx index 4de485681b53..8abbdff24cfa 100644 --- a/api_docs/kbn_reporting_export_types_png.mdx +++ b/api_docs/kbn_reporting_export_types_png.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png title: "@kbn/reporting-export-types-png" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png'] --- import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx index 6bd263c1ef42..f35abb8c5a6c 100644 --- a/api_docs/kbn_reporting_export_types_png_common.mdx +++ b/api_docs/kbn_reporting_export_types_png_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common title: "@kbn/reporting-export-types-png-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common'] --- import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx index 3f3bdef3671f..f0489aecc0bb 100644 --- a/api_docs/kbn_reporting_mocks_server.mdx +++ b/api_docs/kbn_reporting_mocks_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server title: "@kbn/reporting-mocks-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-mocks-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server'] --- import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json'; diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx index 650105a7e1e1..6acd6ff7bff5 100644 --- a/api_docs/kbn_reporting_public.mdx +++ b/api_docs/kbn_reporting_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public title: "@kbn/reporting-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-public plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public'] --- import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json'; diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx index ca760c5caed5..b01971b00ca1 100644 --- a/api_docs/kbn_reporting_server.mdx +++ b/api_docs/kbn_reporting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server title: "@kbn/reporting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server'] --- import kbnReportingServerObj from './kbn_reporting_server.devdocs.json'; diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx index f51d7f4b7dbc..54608ca7863d 100644 --- a/api_docs/kbn_resizable_layout.mdx +++ b/api_docs/kbn_resizable_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout title: "@kbn/resizable-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/resizable-layout plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout'] --- import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json'; diff --git a/api_docs/kbn_response_ops_feature_flag_service.mdx b/api_docs/kbn_response_ops_feature_flag_service.mdx index b889848db029..4b905c361b95 100644 --- a/api_docs/kbn_response_ops_feature_flag_service.mdx +++ b/api_docs/kbn_response_ops_feature_flag_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-feature-flag-service title: "@kbn/response-ops-feature-flag-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/response-ops-feature-flag-service plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-feature-flag-service'] --- import kbnResponseOpsFeatureFlagServiceObj from './kbn_response_ops_feature_flag_service.devdocs.json'; diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx index 98b6214b309a..da12ba2d0140 100644 --- a/api_docs/kbn_rison.mdx +++ b/api_docs/kbn_rison.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison title: "@kbn/rison" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rison plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison'] --- import kbnRisonObj from './kbn_rison.devdocs.json'; diff --git a/api_docs/kbn_rollup.mdx b/api_docs/kbn_rollup.mdx index 1e2431351daf..22170f4b27ee 100644 --- a/api_docs/kbn_rollup.mdx +++ b/api_docs/kbn_rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rollup title: "@kbn/rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rollup plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rollup'] --- import kbnRollupObj from './kbn_rollup.devdocs.json'; diff --git a/api_docs/kbn_router_to_openapispec.mdx b/api_docs/kbn_router_to_openapispec.mdx index 4d65701e1e05..cdaa90aa70a2 100644 --- a/api_docs/kbn_router_to_openapispec.mdx +++ b/api_docs/kbn_router_to_openapispec.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-to-openapispec title: "@kbn/router-to-openapispec" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-to-openapispec plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-to-openapispec'] --- import kbnRouterToOpenapispecObj from './kbn_router_to_openapispec.devdocs.json'; diff --git a/api_docs/kbn_router_utils.mdx b/api_docs/kbn_router_utils.mdx index 517e41606675..09cc5fd59fd7 100644 --- a/api_docs/kbn_router_utils.mdx +++ b/api_docs/kbn_router_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-utils title: "@kbn/router-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-utils'] --- import kbnRouterUtilsObj from './kbn_router_utils.devdocs.json'; diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx index 4a77a415682e..57d28f62c3b8 100644 --- a/api_docs/kbn_rrule.mdx +++ b/api_docs/kbn_rrule.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule title: "@kbn/rrule" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rrule plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule'] --- import kbnRruleObj from './kbn_rrule.devdocs.json'; diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx index 429ab6e360eb..d7f584c5a952 100644 --- a/api_docs/kbn_rule_data_utils.mdx +++ b/api_docs/kbn_rule_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils title: "@kbn/rule-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rule-data-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils'] --- import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json'; diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx index 5aa3c5df2e7e..128bed148909 100644 --- a/api_docs/kbn_saved_objects_settings.mdx +++ b/api_docs/kbn_saved_objects_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings title: "@kbn/saved-objects-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/saved-objects-settings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings'] --- import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json'; diff --git a/api_docs/kbn_screenshotting_server.mdx b/api_docs/kbn_screenshotting_server.mdx index 122ed200107e..01f1405540f0 100644 --- a/api_docs/kbn_screenshotting_server.mdx +++ b/api_docs/kbn_screenshotting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-screenshotting-server title: "@kbn/screenshotting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/screenshotting-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/screenshotting-server'] --- import kbnScreenshottingServerObj from './kbn_screenshotting_server.devdocs.json'; diff --git a/api_docs/kbn_search_api_keys_components.mdx b/api_docs/kbn_search_api_keys_components.mdx index 9b5169bc633d..e0ae37b0f523 100644 --- a/api_docs/kbn_search_api_keys_components.mdx +++ b/api_docs/kbn_search_api_keys_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-keys-components title: "@kbn/search-api-keys-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-keys-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-keys-components'] --- import kbnSearchApiKeysComponentsObj from './kbn_search_api_keys_components.devdocs.json'; diff --git a/api_docs/kbn_search_api_keys_server.mdx b/api_docs/kbn_search_api_keys_server.mdx index 06ebe05f42cf..2a797b55c980 100644 --- a/api_docs/kbn_search_api_keys_server.mdx +++ b/api_docs/kbn_search_api_keys_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-keys-server title: "@kbn/search-api-keys-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-keys-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-keys-server'] --- import kbnSearchApiKeysServerObj from './kbn_search_api_keys_server.devdocs.json'; diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx index cb62813a9109..dd33603dd025 100644 --- a/api_docs/kbn_search_api_panels.mdx +++ b/api_docs/kbn_search_api_panels.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels title: "@kbn/search-api-panels" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-panels plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels'] --- import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json'; diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx index 446d9864c950..38200018061f 100644 --- a/api_docs/kbn_search_connectors.mdx +++ b/api_docs/kbn_search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors title: "@kbn/search-connectors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-connectors plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors'] --- import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json'; diff --git a/api_docs/kbn_search_errors.mdx b/api_docs/kbn_search_errors.mdx index 0d7bbdade910..29c0a3e1c950 100644 --- a/api_docs/kbn_search_errors.mdx +++ b/api_docs/kbn_search_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-errors title: "@kbn/search-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-errors plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-errors'] --- import kbnSearchErrorsObj from './kbn_search_errors.devdocs.json'; diff --git a/api_docs/kbn_search_index_documents.mdx b/api_docs/kbn_search_index_documents.mdx index 6f743725995e..bd80553da21f 100644 --- a/api_docs/kbn_search_index_documents.mdx +++ b/api_docs/kbn_search_index_documents.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-index-documents title: "@kbn/search-index-documents" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-index-documents plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-index-documents'] --- import kbnSearchIndexDocumentsObj from './kbn_search_index_documents.devdocs.json'; diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx index 6b6a49602223..94946b2b10d1 100644 --- a/api_docs/kbn_search_response_warnings.mdx +++ b/api_docs/kbn_search_response_warnings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings title: "@kbn/search-response-warnings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-response-warnings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings'] --- import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json'; diff --git a/api_docs/kbn_search_shared_ui.mdx b/api_docs/kbn_search_shared_ui.mdx index 56375ca0b22e..1bfeb5d5941c 100644 --- a/api_docs/kbn_search_shared_ui.mdx +++ b/api_docs/kbn_search_shared_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-shared-ui title: "@kbn/search-shared-ui" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-shared-ui plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-shared-ui'] --- import kbnSearchSharedUiObj from './kbn_search_shared_ui.devdocs.json'; diff --git a/api_docs/kbn_search_types.mdx b/api_docs/kbn_search_types.mdx index 55a091190858..6cfbc7bf3946 100644 --- a/api_docs/kbn_search_types.mdx +++ b/api_docs/kbn_search_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-types title: "@kbn/search-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-types'] --- import kbnSearchTypesObj from './kbn_search_types.devdocs.json'; diff --git a/api_docs/kbn_security_api_key_management.mdx b/api_docs/kbn_security_api_key_management.mdx index 2ec3e26b6c39..b84a35423fd5 100644 --- a/api_docs/kbn_security_api_key_management.mdx +++ b/api_docs/kbn_security_api_key_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-api-key-management title: "@kbn/security-api-key-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-api-key-management plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-api-key-management'] --- import kbnSecurityApiKeyManagementObj from './kbn_security_api_key_management.devdocs.json'; diff --git a/api_docs/kbn_security_authorization_core.mdx b/api_docs/kbn_security_authorization_core.mdx index 1c33bd2441be..695b07f5404f 100644 --- a/api_docs/kbn_security_authorization_core.mdx +++ b/api_docs/kbn_security_authorization_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-authorization-core title: "@kbn/security-authorization-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-authorization-core plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-authorization-core'] --- import kbnSecurityAuthorizationCoreObj from './kbn_security_authorization_core.devdocs.json'; diff --git a/api_docs/kbn_security_form_components.mdx b/api_docs/kbn_security_form_components.mdx index 5f7eccbb4b23..d4301ac047cc 100644 --- a/api_docs/kbn_security_form_components.mdx +++ b/api_docs/kbn_security_form_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-form-components title: "@kbn/security-form-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-form-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-form-components'] --- import kbnSecurityFormComponentsObj from './kbn_security_form_components.devdocs.json'; diff --git a/api_docs/kbn_security_hardening.mdx b/api_docs/kbn_security_hardening.mdx index a64edd0b145a..f4ea7dfaa55a 100644 --- a/api_docs/kbn_security_hardening.mdx +++ b/api_docs/kbn_security_hardening.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-hardening title: "@kbn/security-hardening" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-hardening plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-hardening'] --- import kbnSecurityHardeningObj from './kbn_security_hardening.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_common.mdx b/api_docs/kbn_security_plugin_types_common.mdx index 18f31ef800e6..843f6b89ba0e 100644 --- a/api_docs/kbn_security_plugin_types_common.mdx +++ b/api_docs/kbn_security_plugin_types_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-common title: "@kbn/security-plugin-types-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-common'] --- import kbnSecurityPluginTypesCommonObj from './kbn_security_plugin_types_common.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_public.mdx b/api_docs/kbn_security_plugin_types_public.mdx index 6edcd6baa04f..67dd04367402 100644 --- a/api_docs/kbn_security_plugin_types_public.mdx +++ b/api_docs/kbn_security_plugin_types_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-public title: "@kbn/security-plugin-types-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-public plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-public'] --- import kbnSecurityPluginTypesPublicObj from './kbn_security_plugin_types_public.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_server.mdx b/api_docs/kbn_security_plugin_types_server.mdx index 25f0b972f026..235abf9c3655 100644 --- a/api_docs/kbn_security_plugin_types_server.mdx +++ b/api_docs/kbn_security_plugin_types_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-server title: "@kbn/security-plugin-types-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-server'] --- import kbnSecurityPluginTypesServerObj from './kbn_security_plugin_types_server.devdocs.json'; diff --git a/api_docs/kbn_security_role_management_model.mdx b/api_docs/kbn_security_role_management_model.mdx index f42e055bd0d1..4692b0542939 100644 --- a/api_docs/kbn_security_role_management_model.mdx +++ b/api_docs/kbn_security_role_management_model.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-role-management-model title: "@kbn/security-role-management-model" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-role-management-model plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-role-management-model'] --- import kbnSecurityRoleManagementModelObj from './kbn_security_role_management_model.devdocs.json'; diff --git a/api_docs/kbn_security_solution_common.mdx b/api_docs/kbn_security_solution_common.mdx index 055c8da801fa..7344795b7a85 100644 --- a/api_docs/kbn_security_solution_common.mdx +++ b/api_docs/kbn_security_solution_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-common title: "@kbn/security-solution-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-common plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-common'] --- import kbnSecuritySolutionCommonObj from './kbn_security_solution_common.devdocs.json'; diff --git a/api_docs/kbn_security_solution_distribution_bar.mdx b/api_docs/kbn_security_solution_distribution_bar.mdx index e5dff41fa464..6be3c447979f 100644 --- a/api_docs/kbn_security_solution_distribution_bar.mdx +++ b/api_docs/kbn_security_solution_distribution_bar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-distribution-bar title: "@kbn/security-solution-distribution-bar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-distribution-bar plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-distribution-bar'] --- import kbnSecuritySolutionDistributionBarObj from './kbn_security_solution_distribution_bar.devdocs.json'; diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx index 2cc4cb6e95e9..54e3d7c52319 100644 --- a/api_docs/kbn_security_solution_features.mdx +++ b/api_docs/kbn_security_solution_features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features title: "@kbn/security-solution-features" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-features plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features'] --- import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json'; diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx index adf77c031835..341766329d03 100644 --- a/api_docs/kbn_security_solution_navigation.mdx +++ b/api_docs/kbn_security_solution_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation title: "@kbn/security-solution-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-navigation plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation'] --- import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json'; diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx index 2f6099a166c2..eee49844b138 100644 --- a/api_docs/kbn_security_solution_side_nav.mdx +++ b/api_docs/kbn_security_solution_side_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav title: "@kbn/security-solution-side-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-side-nav plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav'] --- import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json'; diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx index e8350fbc4eef..23cdb700ed01 100644 --- a/api_docs/kbn_security_solution_storybook_config.mdx +++ b/api_docs/kbn_security_solution_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config title: "@kbn/security-solution-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-storybook-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config'] --- import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_security_ui_components.mdx b/api_docs/kbn_security_ui_components.mdx index b805375daa8b..843da466a05b 100644 --- a/api_docs/kbn_security_ui_components.mdx +++ b/api_docs/kbn_security_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-ui-components title: "@kbn/security-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-ui-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-ui-components'] --- import kbnSecurityUiComponentsObj from './kbn_security_ui_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx index 6de712c6c34b..a2fa29b7f1fe 100644 --- a/api_docs/kbn_securitysolution_autocomplete.mdx +++ b/api_docs/kbn_securitysolution_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete title: "@kbn/securitysolution-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-autocomplete plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete'] --- import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx index f94070b38b02..1c31e3bec838 100644 --- a/api_docs/kbn_securitysolution_data_table.mdx +++ b/api_docs/kbn_securitysolution_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table title: "@kbn/securitysolution-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-data-table plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table'] --- import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx index 3ec2202b588e..abb6a0571a5a 100644 --- a/api_docs/kbn_securitysolution_ecs.mdx +++ b/api_docs/kbn_securitysolution_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs title: "@kbn/securitysolution-ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-ecs plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs'] --- import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx index 9bc4e27098f3..a18729fb6692 100644 --- a/api_docs/kbn_securitysolution_es_utils.mdx +++ b/api_docs/kbn_securitysolution_es_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils title: "@kbn/securitysolution-es-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-es-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils'] --- import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_exception_list_components.devdocs.json b/api_docs/kbn_securitysolution_exception_list_components.devdocs.json index 390b5a5c226c..e1106dd5c031 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.devdocs.json +++ b/api_docs/kbn_securitysolution_exception_list_components.devdocs.json @@ -414,6 +414,23 @@ ], "initialIsOpen": false }, + { + "parentPluginId": "@kbn/securitysolution-exception-list-components", + "id": "def-common.PartialCodeSignatureCallout", + "type": "Function", + "tags": [], + "label": "PartialCodeSignatureCallout", + "description": [], + "signature": [ + "() => React.JSX.Element" + ], + "path": "packages/kbn-securitysolution-exception-list-components/src/partial_code_signature_callout/index.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [], + "returnComment": [], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/securitysolution-exception-list-components", "id": "def-common.SearchBar", diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx index f8ff6d107ada..5f6a0a251368 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.mdx +++ b/api_docs/kbn_securitysolution_exception_list_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components title: "@kbn/securitysolution-exception-list-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-exception-list-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components'] --- import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-detection-engine](https://github.com/orgs/elastic/tea | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 106 | 0 | 95 | 1 | +| 107 | 0 | 96 | 1 | ## Common diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx index 033fa41ec154..af9203c5e32c 100644 --- a/api_docs/kbn_securitysolution_hook_utils.mdx +++ b/api_docs/kbn_securitysolution_hook_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils title: "@kbn/securitysolution-hook-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-hook-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils'] --- import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx index 541eaf6a84b4..9c6aadbb7624 100644 --- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types title: "@kbn/securitysolution-io-ts-alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types'] --- import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx index bf67cf2bd0fa..4a48223684b0 100644 --- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types title: "@kbn/securitysolution-io-ts-list-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-list-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types'] --- import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx index 766d3dbfda61..4e2def44a022 100644 --- a/api_docs/kbn_securitysolution_io_ts_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types title: "@kbn/securitysolution-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types'] --- import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx index c30c4ca01176..d261ac663759 100644 --- a/api_docs/kbn_securitysolution_io_ts_utils.mdx +++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils title: "@kbn/securitysolution-io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils'] --- import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx index 1ecf61b2860d..f95ae3bd28c3 100644 --- a/api_docs/kbn_securitysolution_list_api.mdx +++ b/api_docs/kbn_securitysolution_list_api.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api title: "@kbn/securitysolution-list-api" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-api plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api'] --- import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx index 02972e9dbd45..d52f2f3f9a69 100644 --- a/api_docs/kbn_securitysolution_list_constants.mdx +++ b/api_docs/kbn_securitysolution_list_constants.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants title: "@kbn/securitysolution-list-constants" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-constants plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants'] --- import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx index bf7f4ca1582c..d4b15f45a799 100644 --- a/api_docs/kbn_securitysolution_list_hooks.mdx +++ b/api_docs/kbn_securitysolution_list_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks title: "@kbn/securitysolution-list-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-hooks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks'] --- import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_utils.devdocs.json b/api_docs/kbn_securitysolution_list_utils.devdocs.json index 5cf64af6019c..418e2e278cea 100644 --- a/api_docs/kbn_securitysolution_list_utils.devdocs.json +++ b/api_docs/kbn_securitysolution_list_utils.devdocs.json @@ -2254,6 +2254,56 @@ "returnComment": [], "initialIsOpen": false }, + { + "parentPluginId": "@kbn/securitysolution-list-utils", + "id": "def-common.hasPartialCodeSignatureEntry", + "type": "Function", + "tags": [], + "label": "hasPartialCodeSignatureEntry", + "description": [ + "\nEvent filters helper where given an exceptions list,\ndetermine if both 'subject_name' and 'trusted' are\nincluded in an entry with 'code_signature'" + ], + "signature": [ + "(items: ", + { + "pluginId": "@kbn/securitysolution-list-utils", + "scope": "common", + "docId": "kibKbnSecuritysolutionListUtilsPluginApi", + "section": "def-common.ExceptionsBuilderReturnExceptionItem", + "text": "ExceptionsBuilderReturnExceptionItem" + }, + "[]) => boolean" + ], + "path": "packages/kbn-securitysolution-list-utils/src/helpers/index.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "@kbn/securitysolution-list-utils", + "id": "def-common.hasPartialCodeSignatureEntry.$1", + "type": "Array", + "tags": [], + "label": "items", + "description": [], + "signature": [ + { + "pluginId": "@kbn/securitysolution-list-utils", + "scope": "common", + "docId": "kibKbnSecuritysolutionListUtilsPluginApi", + "section": "def-common.ExceptionsBuilderReturnExceptionItem", + "text": "ExceptionsBuilderReturnExceptionItem" + }, + "[]" + ], + "path": "packages/kbn-securitysolution-list-utils/src/helpers/index.ts", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/securitysolution-list-utils", "id": "def-common.hasWrongOperatorWithWildcard", diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx index 59b13dee0b0f..bf9a10a10df5 100644 --- a/api_docs/kbn_securitysolution_list_utils.mdx +++ b/api_docs/kbn_securitysolution_list_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils title: "@kbn/securitysolution-list-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils'] --- import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/security-detection-engine](https://github.com/orgs/elastic/tea | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 209 | 0 | 161 | 0 | +| 211 | 0 | 162 | 0 | ## Common diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx index 1c83f0d6460f..6213bd497efe 100644 --- a/api_docs/kbn_securitysolution_rules.mdx +++ b/api_docs/kbn_securitysolution_rules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules title: "@kbn/securitysolution-rules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-rules plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules'] --- import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx index 6ce3cc4a5898..6dab8b4bb1d8 100644 --- a/api_docs/kbn_securitysolution_t_grid.mdx +++ b/api_docs/kbn_securitysolution_t_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid title: "@kbn/securitysolution-t-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-t-grid plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid'] --- import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx index 88da785d4d25..f55f2a68758d 100644 --- a/api_docs/kbn_securitysolution_utils.mdx +++ b/api_docs/kbn_securitysolution_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils title: "@kbn/securitysolution-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils'] --- import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json'; diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx index 41f13da62e70..cb48d4d57a31 100644 --- a/api_docs/kbn_server_http_tools.mdx +++ b/api_docs/kbn_server_http_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools title: "@kbn/server-http-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-http-tools plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools'] --- import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx index 4372c91b3bc3..b2c0ff133170 100644 --- a/api_docs/kbn_server_route_repository.mdx +++ b/api_docs/kbn_server_route_repository.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository title: "@kbn/server-route-repository" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository'] --- import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository_client.mdx b/api_docs/kbn_server_route_repository_client.mdx index 65821f10c0b0..63415ab8a903 100644 --- a/api_docs/kbn_server_route_repository_client.mdx +++ b/api_docs/kbn_server_route_repository_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-client title: "@kbn/server-route-repository-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository-client plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-client'] --- import kbnServerRouteRepositoryClientObj from './kbn_server_route_repository_client.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository_utils.mdx b/api_docs/kbn_server_route_repository_utils.mdx index 4e76d21aac2e..e963371659be 100644 --- a/api_docs/kbn_server_route_repository_utils.mdx +++ b/api_docs/kbn_server_route_repository_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-utils title: "@kbn/server-route-repository-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-utils'] --- import kbnServerRouteRepositoryUtilsObj from './kbn_server_route_repository_utils.devdocs.json'; diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx index 33ad54092175..1eb3e9ccfd78 100644 --- a/api_docs/kbn_serverless_common_settings.mdx +++ b/api_docs/kbn_serverless_common_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings title: "@kbn/serverless-common-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-common-settings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings'] --- import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx index 4e41bd71ece2..6e60db4f713f 100644 --- a/api_docs/kbn_serverless_observability_settings.mdx +++ b/api_docs/kbn_serverless_observability_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings title: "@kbn/serverless-observability-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-observability-settings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings'] --- import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx index b25431620f3e..828f5dec9a1a 100644 --- a/api_docs/kbn_serverless_project_switcher.mdx +++ b/api_docs/kbn_serverless_project_switcher.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher title: "@kbn/serverless-project-switcher" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-project-switcher plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher'] --- import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json'; diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx index 439c778c2533..7f04191947f2 100644 --- a/api_docs/kbn_serverless_search_settings.mdx +++ b/api_docs/kbn_serverless_search_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings title: "@kbn/serverless-search-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-search-settings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings'] --- import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx index dc050dcce767..b715dc66877e 100644 --- a/api_docs/kbn_serverless_security_settings.mdx +++ b/api_docs/kbn_serverless_security_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings title: "@kbn/serverless-security-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-security-settings plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings'] --- import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx index 60e2c544b85f..af63e5679fba 100644 --- a/api_docs/kbn_serverless_storybook_config.mdx +++ b/api_docs/kbn_serverless_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config title: "@kbn/serverless-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-storybook-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config'] --- import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx index 62fddf5a4f4e..6737e8d2f7dc 100644 --- a/api_docs/kbn_shared_svg.mdx +++ b/api_docs/kbn_shared_svg.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg title: "@kbn/shared-svg" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-svg plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg'] --- import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx index 4b9288a326f2..2d5baeef8042 100644 --- a/api_docs/kbn_shared_ux_avatar_solution.mdx +++ b/api_docs/kbn_shared_ux_avatar_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution title: "@kbn/shared-ux-avatar-solution" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-avatar-solution plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution'] --- import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx index 6f53340f0d06..9255a27446b7 100644 --- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx +++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen title: "@kbn/shared-ux-button-exit-full-screen" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen'] --- import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx index 1ffb111c517b..ce4ef9bb515a 100644 --- a/api_docs/kbn_shared_ux_button_toolbar.mdx +++ b/api_docs/kbn_shared_ux_button_toolbar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar title: "@kbn/shared-ux-button-toolbar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-toolbar plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar'] --- import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx index 8c4593dd75f6..68e52f8d13d5 100644 --- a/api_docs/kbn_shared_ux_card_no_data.mdx +++ b/api_docs/kbn_shared_ux_card_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data title: "@kbn/shared-ux-card-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data'] --- import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx index b1e6e2f76402..646f31f3fad0 100644 --- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks title: "@kbn/shared-ux-card-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks'] --- import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx index 3f5b7973fd18..434d9e35f733 100644 --- a/api_docs/kbn_shared_ux_chrome_navigation.mdx +++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation title: "@kbn/shared-ux-chrome-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-chrome-navigation plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation'] --- import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx index 7f49bd1aa847..6e663fef366c 100644 --- a/api_docs/kbn_shared_ux_error_boundary.mdx +++ b/api_docs/kbn_shared_ux_error_boundary.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary title: "@kbn/shared-ux-error-boundary" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-error-boundary plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary'] --- import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx index b13482f37604..6d51957688f0 100644 --- a/api_docs/kbn_shared_ux_file_context.mdx +++ b/api_docs/kbn_shared_ux_file_context.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context title: "@kbn/shared-ux-file-context" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-context plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context'] --- import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx index 544a268b4b50..898f896a1a20 100644 --- a/api_docs/kbn_shared_ux_file_image.mdx +++ b/api_docs/kbn_shared_ux_file_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image title: "@kbn/shared-ux-file-image" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image'] --- import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx index 16b5382bbcfd..e500573c7cfd 100644 --- a/api_docs/kbn_shared_ux_file_image_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks title: "@kbn/shared-ux-file-image-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks'] --- import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx index 98fbe6b35a9d..85050032390b 100644 --- a/api_docs/kbn_shared_ux_file_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks title: "@kbn/shared-ux-file-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks'] --- import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx index 05989c12c2ed..81c83ecbbb7d 100644 --- a/api_docs/kbn_shared_ux_file_picker.mdx +++ b/api_docs/kbn_shared_ux_file_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker title: "@kbn/shared-ux-file-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-picker plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker'] --- import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx index eb410d830992..0da62eaea3b5 100644 --- a/api_docs/kbn_shared_ux_file_types.mdx +++ b/api_docs/kbn_shared_ux_file_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types title: "@kbn/shared-ux-file-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types'] --- import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx index 052796a0ed0c..c00681a086e2 100644 --- a/api_docs/kbn_shared_ux_file_upload.mdx +++ b/api_docs/kbn_shared_ux_file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload title: "@kbn/shared-ux-file-upload" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-upload plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload'] --- import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx index ac858347523b..637ba61850cf 100644 --- a/api_docs/kbn_shared_ux_file_util.mdx +++ b/api_docs/kbn_shared_ux_file_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util title: "@kbn/shared-ux-file-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-util plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util'] --- import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx index dce137ee7ab5..da322b6e5907 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app title: "@kbn/shared-ux-link-redirect-app" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app'] --- import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx index 17b556414dea..40d43e797be3 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks title: "@kbn/shared-ux-link-redirect-app-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks'] --- import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx index 0347c3ef15d7..5250fc91ddc3 100644 --- a/api_docs/kbn_shared_ux_markdown.mdx +++ b/api_docs/kbn_shared_ux_markdown.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown title: "@kbn/shared-ux-markdown" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown'] --- import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx index 4b83915a0404..d17caa759143 100644 --- a/api_docs/kbn_shared_ux_markdown_mocks.mdx +++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks title: "@kbn/shared-ux-markdown-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks'] --- import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx index e6a4e5446ec6..d189f1ac1e73 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data title: "@kbn/shared-ux-page-analytics-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data'] --- import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx index 4288b7040eb6..2dc483e848d2 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks title: "@kbn/shared-ux-page-analytics-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks'] --- import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx index 1a3798638a45..dc953b3abb99 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data title: "@kbn/shared-ux-page-kibana-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data'] --- import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx index ec4891dbe5db..8942b515d953 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks title: "@kbn/shared-ux-page-kibana-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks'] --- import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx index b8625c6e22ef..c6bfb8349542 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template title: "@kbn/shared-ux-page-kibana-template" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template'] --- import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx index 9375f81ed478..a2d41cf1eed8 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks title: "@kbn/shared-ux-page-kibana-template-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks'] --- import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx index c1be0a9e6b87..fed3149c4b4a 100644 --- a/api_docs/kbn_shared_ux_page_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data title: "@kbn/shared-ux-page-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data'] --- import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx index da32220ac2fd..84599158cc63 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config title: "@kbn/shared-ux-page-no-data-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config'] --- import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx index 1dd639474129..21c043880755 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks title: "@kbn/shared-ux-page-no-data-config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks'] --- import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx index 0ed7bee13da9..ce0526c967ee 100644 --- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks title: "@kbn/shared-ux-page-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks'] --- import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx index 35d0546a3ea3..b0b43fe4511f 100644 --- a/api_docs/kbn_shared_ux_page_solution_nav.mdx +++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav title: "@kbn/shared-ux-page-solution-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-solution-nav plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav'] --- import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx index 864f89eea20d..d3bbc8e752b9 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views title: "@kbn/shared-ux-prompt-no-data-views" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views'] --- import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx index efd8d5abd0b3..457a929581e5 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks title: "@kbn/shared-ux-prompt-no-data-views-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks'] --- import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx index f486e4e283b4..cc0a0c66154c 100644 --- a/api_docs/kbn_shared_ux_prompt_not_found.mdx +++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found title: "@kbn/shared-ux-prompt-not-found" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-not-found plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found'] --- import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx index 855bb0de0f70..eafb28799b74 100644 --- a/api_docs/kbn_shared_ux_router.mdx +++ b/api_docs/kbn_shared_ux_router.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router title: "@kbn/shared-ux-router" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router'] --- import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx index d0003ca6b424..77eaae5acdfd 100644 --- a/api_docs/kbn_shared_ux_router_mocks.mdx +++ b/api_docs/kbn_shared_ux_router_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks title: "@kbn/shared-ux-router-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router-mocks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks'] --- import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx index 5c3e5b26f1a3..988f3be60629 100644 --- a/api_docs/kbn_shared_ux_storybook_config.mdx +++ b/api_docs/kbn_shared_ux_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config title: "@kbn/shared-ux-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config'] --- import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx index e761c257d768..8d7bc173d158 100644 --- a/api_docs/kbn_shared_ux_storybook_mock.mdx +++ b/api_docs/kbn_shared_ux_storybook_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock title: "@kbn/shared-ux-storybook-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-mock plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock'] --- import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_tabbed_modal.mdx b/api_docs/kbn_shared_ux_tabbed_modal.mdx index c16b873c2730..e36504143215 100644 --- a/api_docs/kbn_shared_ux_tabbed_modal.mdx +++ b/api_docs/kbn_shared_ux_tabbed_modal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-tabbed-modal title: "@kbn/shared-ux-tabbed-modal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-tabbed-modal plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-tabbed-modal'] --- import kbnSharedUxTabbedModalObj from './kbn_shared_ux_tabbed_modal.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_table_persist.mdx b/api_docs/kbn_shared_ux_table_persist.mdx index 60736776774a..b4808773358a 100644 --- a/api_docs/kbn_shared_ux_table_persist.mdx +++ b/api_docs/kbn_shared_ux_table_persist.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-table-persist title: "@kbn/shared-ux-table-persist" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-table-persist plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-table-persist'] --- import kbnSharedUxTablePersistObj from './kbn_shared_ux_table_persist.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx index d3a5f1deb86e..8dda8f1aefa2 100644 --- a/api_docs/kbn_shared_ux_utility.mdx +++ b/api_docs/kbn_shared_ux_utility.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility title: "@kbn/shared-ux-utility" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-utility plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility'] --- import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json'; diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx index 930df4fff6bf..14f2425d5fe8 100644 --- a/api_docs/kbn_slo_schema.mdx +++ b/api_docs/kbn_slo_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema title: "@kbn/slo-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/slo-schema plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema'] --- import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json'; diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx index eb78457610fd..22961c37b52e 100644 --- a/api_docs/kbn_some_dev_log.mdx +++ b/api_docs/kbn_some_dev_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log title: "@kbn/some-dev-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/some-dev-log plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log'] --- import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json'; diff --git a/api_docs/kbn_sort_predicates.mdx b/api_docs/kbn_sort_predicates.mdx index 54b27f920e4c..7c8e6e7d5fa0 100644 --- a/api_docs/kbn_sort_predicates.mdx +++ b/api_docs/kbn_sort_predicates.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sort-predicates title: "@kbn/sort-predicates" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sort-predicates plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sort-predicates'] --- import kbnSortPredicatesObj from './kbn_sort_predicates.devdocs.json'; diff --git a/api_docs/kbn_sse_utils.mdx b/api_docs/kbn_sse_utils.mdx index 20194037ee6c..a9aa09014aa7 100644 --- a/api_docs/kbn_sse_utils.mdx +++ b/api_docs/kbn_sse_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils title: "@kbn/sse-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils'] --- import kbnSseUtilsObj from './kbn_sse_utils.devdocs.json'; diff --git a/api_docs/kbn_sse_utils_client.mdx b/api_docs/kbn_sse_utils_client.mdx index 7d7492389691..0b85e3dc4467 100644 --- a/api_docs/kbn_sse_utils_client.mdx +++ b/api_docs/kbn_sse_utils_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-client title: "@kbn/sse-utils-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils-client plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-client'] --- import kbnSseUtilsClientObj from './kbn_sse_utils_client.devdocs.json'; diff --git a/api_docs/kbn_sse_utils_server.mdx b/api_docs/kbn_sse_utils_server.mdx index c3ce88ec9962..eec20b3d4461 100644 --- a/api_docs/kbn_sse_utils_server.mdx +++ b/api_docs/kbn_sse_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-server title: "@kbn/sse-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils-server plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-server'] --- import kbnSseUtilsServerObj from './kbn_sse_utils_server.devdocs.json'; diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx index 5e9bd6fb93e3..08f0a7b9dea0 100644 --- a/api_docs/kbn_std.mdx +++ b/api_docs/kbn_std.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std title: "@kbn/std" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/std plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std'] --- import kbnStdObj from './kbn_std.devdocs.json'; diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx index 54b44fe0d992..3a446bc00936 100644 --- a/api_docs/kbn_stdio_dev_helpers.mdx +++ b/api_docs/kbn_stdio_dev_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers title: "@kbn/stdio-dev-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/stdio-dev-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers'] --- import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json'; diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx index deb343b11dd6..f6df77cb68e9 100644 --- a/api_docs/kbn_storybook.mdx +++ b/api_docs/kbn_storybook.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook title: "@kbn/storybook" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/storybook plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook'] --- import kbnStorybookObj from './kbn_storybook.devdocs.json'; diff --git a/api_docs/kbn_synthetics_e2e.mdx b/api_docs/kbn_synthetics_e2e.mdx index 66c67f0073a8..d2bef2a66f41 100644 --- a/api_docs/kbn_synthetics_e2e.mdx +++ b/api_docs/kbn_synthetics_e2e.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-e2e title: "@kbn/synthetics-e2e" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/synthetics-e2e plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-e2e'] --- import kbnSyntheticsE2eObj from './kbn_synthetics_e2e.devdocs.json'; diff --git a/api_docs/kbn_synthetics_private_location.mdx b/api_docs/kbn_synthetics_private_location.mdx index 5e8822534378..77dd3811412f 100644 --- a/api_docs/kbn_synthetics_private_location.mdx +++ b/api_docs/kbn_synthetics_private_location.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-private-location title: "@kbn/synthetics-private-location" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/synthetics-private-location plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-private-location'] --- import kbnSyntheticsPrivateLocationObj from './kbn_synthetics_private_location.devdocs.json'; diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx index f9e917b09c75..6439c81481fa 100644 --- a/api_docs/kbn_telemetry_tools.mdx +++ b/api_docs/kbn_telemetry_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools title: "@kbn/telemetry-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/telemetry-tools plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools'] --- import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json'; diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx index 58f275196197..5e68a7f3f7c3 100644 --- a/api_docs/kbn_test.mdx +++ b/api_docs/kbn_test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test title: "@kbn/test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test'] --- import kbnTestObj from './kbn_test.devdocs.json'; diff --git a/api_docs/kbn_test_eui_helpers.mdx b/api_docs/kbn_test_eui_helpers.mdx index 4a6b7887af06..42629735f7b6 100644 --- a/api_docs/kbn_test_eui_helpers.mdx +++ b/api_docs/kbn_test_eui_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-eui-helpers title: "@kbn/test-eui-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-eui-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-eui-helpers'] --- import kbnTestEuiHelpersObj from './kbn_test_eui_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx index 9f7c02479018..8f6fea33a703 100644 --- a/api_docs/kbn_test_jest_helpers.mdx +++ b/api_docs/kbn_test_jest_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers title: "@kbn/test-jest-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-jest-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers'] --- import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx index 1c4ca7fecf4d..b0a65f9731c0 100644 --- a/api_docs/kbn_test_subj_selector.mdx +++ b/api_docs/kbn_test_subj_selector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector title: "@kbn/test-subj-selector" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-subj-selector plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector'] --- import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json'; diff --git a/api_docs/kbn_timerange.mdx b/api_docs/kbn_timerange.mdx index 514f5dd72846..f1ce6a1cb7e5 100644 --- a/api_docs/kbn_timerange.mdx +++ b/api_docs/kbn_timerange.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-timerange title: "@kbn/timerange" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/timerange plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/timerange'] --- import kbnTimerangeObj from './kbn_timerange.devdocs.json'; diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx index aaded47252ff..b2214267d68b 100644 --- a/api_docs/kbn_tooling_log.mdx +++ b/api_docs/kbn_tooling_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log title: "@kbn/tooling-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/tooling-log plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log'] --- import kbnToolingLogObj from './kbn_tooling_log.devdocs.json'; diff --git a/api_docs/kbn_triggers_actions_ui_types.mdx b/api_docs/kbn_triggers_actions_ui_types.mdx index 10fbbd3e7f68..d253d672b0bd 100644 --- a/api_docs/kbn_triggers_actions_ui_types.mdx +++ b/api_docs/kbn_triggers_actions_ui_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-triggers-actions-ui-types title: "@kbn/triggers-actions-ui-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/triggers-actions-ui-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/triggers-actions-ui-types'] --- import kbnTriggersActionsUiTypesObj from './kbn_triggers_actions_ui_types.devdocs.json'; diff --git a/api_docs/kbn_try_in_console.mdx b/api_docs/kbn_try_in_console.mdx index bbfa9d876a33..7f150bfb1c1f 100644 --- a/api_docs/kbn_try_in_console.mdx +++ b/api_docs/kbn_try_in_console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-try-in-console title: "@kbn/try-in-console" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/try-in-console plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/try-in-console'] --- import kbnTryInConsoleObj from './kbn_try_in_console.devdocs.json'; diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx index c8d247f2846e..0a87bc0a07bc 100644 --- a/api_docs/kbn_ts_projects.mdx +++ b/api_docs/kbn_ts_projects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects title: "@kbn/ts-projects" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ts-projects plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects'] --- import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json'; diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx index 8725c116e3b7..b69a12d2bf67 100644 --- a/api_docs/kbn_typed_react_router_config.mdx +++ b/api_docs/kbn_typed_react_router_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config title: "@kbn/typed-react-router-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/typed-react-router-config plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config'] --- import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json'; diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx index 17fc6cf2d45d..11a5cc4f202e 100644 --- a/api_docs/kbn_ui_actions_browser.mdx +++ b/api_docs/kbn_ui_actions_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser title: "@kbn/ui-actions-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-actions-browser plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser'] --- import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json'; diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx index 70298a1b6aac..f1ff3b442f27 100644 --- a/api_docs/kbn_ui_shared_deps_src.mdx +++ b/api_docs/kbn_ui_shared_deps_src.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src title: "@kbn/ui-shared-deps-src" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-shared-deps-src plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src'] --- import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json'; diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx index e9d8289de575..bd289fcb50db 100644 --- a/api_docs/kbn_ui_theme.mdx +++ b/api_docs/kbn_ui_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme title: "@kbn/ui-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-theme plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme'] --- import kbnUiThemeObj from './kbn_ui_theme.devdocs.json'; diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx index a0b91c7e124d..a89a169ae24b 100644 --- a/api_docs/kbn_unified_data_table.mdx +++ b/api_docs/kbn_unified_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table title: "@kbn/unified-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-data-table plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table'] --- import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json'; diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx index fd57c020fb19..afd8556f0f9e 100644 --- a/api_docs/kbn_unified_doc_viewer.mdx +++ b/api_docs/kbn_unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer title: "@kbn/unified-doc-viewer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-doc-viewer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer'] --- import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json'; diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx index 0d05d859ada3..bb026891593f 100644 --- a/api_docs/kbn_unified_field_list.mdx +++ b/api_docs/kbn_unified_field_list.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list title: "@kbn/unified-field-list" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-field-list plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list'] --- import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx index 26fe1206582a..a6295aaeba7d 100644 --- a/api_docs/kbn_unsaved_changes_badge.mdx +++ b/api_docs/kbn_unsaved_changes_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge title: "@kbn/unsaved-changes-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-badge plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge'] --- import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_prompt.mdx b/api_docs/kbn_unsaved_changes_prompt.mdx index b11df6c436cd..9d334e573324 100644 --- a/api_docs/kbn_unsaved_changes_prompt.mdx +++ b/api_docs/kbn_unsaved_changes_prompt.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-prompt title: "@kbn/unsaved-changes-prompt" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-prompt plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-prompt'] --- import kbnUnsavedChangesPromptObj from './kbn_unsaved_changes_prompt.devdocs.json'; diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx index 6f46e87566e2..0940fb53f1be 100644 --- a/api_docs/kbn_use_tracked_promise.mdx +++ b/api_docs/kbn_use_tracked_promise.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise title: "@kbn/use-tracked-promise" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/use-tracked-promise plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise'] --- import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json'; diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx index 0636bd82fa2f..6526de1bc65f 100644 --- a/api_docs/kbn_user_profile_components.mdx +++ b/api_docs/kbn_user_profile_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components title: "@kbn/user-profile-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/user-profile-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components'] --- import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json'; diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx index a77386e1d3e4..9b22385aa574 100644 --- a/api_docs/kbn_utility_types.mdx +++ b/api_docs/kbn_utility_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types title: "@kbn/utility-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types'] --- import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json'; diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx index cf1b53b7794b..0984ebe938ca 100644 --- a/api_docs/kbn_utility_types_jest.mdx +++ b/api_docs/kbn_utility_types_jest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest title: "@kbn/utility-types-jest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types-jest plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest'] --- import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json'; diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx index 7f72aab30270..174ded7ec809 100644 --- a/api_docs/kbn_utils.mdx +++ b/api_docs/kbn_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils title: "@kbn/utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils'] --- import kbnUtilsObj from './kbn_utils.devdocs.json'; diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx index 1d2d2588f797..23800d57ce4d 100644 --- a/api_docs/kbn_visualization_ui_components.mdx +++ b/api_docs/kbn_visualization_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components title: "@kbn/visualization-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-ui-components plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components'] --- import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json'; diff --git a/api_docs/kbn_visualization_utils.mdx b/api_docs/kbn_visualization_utils.mdx index 0f42694b405e..01acb6a94c05 100644 --- a/api_docs/kbn_visualization_utils.mdx +++ b/api_docs/kbn_visualization_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-utils title: "@kbn/visualization-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-utils'] --- import kbnVisualizationUtilsObj from './kbn_visualization_utils.devdocs.json'; diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx index 5440240bb1d8..0777233051c7 100644 --- a/api_docs/kbn_xstate_utils.mdx +++ b/api_docs/kbn_xstate_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils title: "@kbn/xstate-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/xstate-utils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils'] --- import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json'; diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx index c65c6055af8d..1ae7f669e357 100644 --- a/api_docs/kbn_yarn_lock_validator.mdx +++ b/api_docs/kbn_yarn_lock_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator title: "@kbn/yarn-lock-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/yarn-lock-validator plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator'] --- import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json'; diff --git a/api_docs/kbn_zod.mdx b/api_docs/kbn_zod.mdx index 7082deeb90af..7023915228e3 100644 --- a/api_docs/kbn_zod.mdx +++ b/api_docs/kbn_zod.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod title: "@kbn/zod" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod'] --- import kbnZodObj from './kbn_zod.devdocs.json'; diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx index e47efba84600..7f4ac82a37d7 100644 --- a/api_docs/kbn_zod_helpers.mdx +++ b/api_docs/kbn_zod_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers title: "@kbn/zod-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod-helpers plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers'] --- import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json'; diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx index da6a925b4096..3b0d0468983e 100644 --- a/api_docs/kibana_overview.mdx +++ b/api_docs/kibana_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview title: "kibanaOverview" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaOverview plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview'] --- import kibanaOverviewObj from './kibana_overview.devdocs.json'; diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx index ff0c1a3480d8..fb6a6e486d02 100644 --- a/api_docs/kibana_react.mdx +++ b/api_docs/kibana_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact title: "kibanaReact" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaReact plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact'] --- import kibanaReactObj from './kibana_react.devdocs.json'; diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx index d3df05412578..7d0087453b7f 100644 --- a/api_docs/kibana_utils.mdx +++ b/api_docs/kibana_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils title: "kibanaUtils" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaUtils plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils'] --- import kibanaUtilsObj from './kibana_utils.devdocs.json'; diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx index 23fc9afc0afa..d43812bc3ca8 100644 --- a/api_docs/kubernetes_security.mdx +++ b/api_docs/kubernetes_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity title: "kubernetesSecurity" image: https://source.unsplash.com/400x175/?github description: API docs for the kubernetesSecurity plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity'] --- import kubernetesSecurityObj from './kubernetes_security.devdocs.json'; diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx index 13b9ed365f60..c2a7aa647dfc 100644 --- a/api_docs/lens.mdx +++ b/api_docs/lens.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens title: "lens" image: https://source.unsplash.com/400x175/?github description: API docs for the lens plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens'] --- import lensObj from './lens.devdocs.json'; diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx index ae78cda308b3..50f7a1883fc7 100644 --- a/api_docs/license_api_guard.mdx +++ b/api_docs/license_api_guard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard title: "licenseApiGuard" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseApiGuard plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard'] --- import licenseApiGuardObj from './license_api_guard.devdocs.json'; diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx index 2a2bc40ca80c..26eebb0b8a67 100644 --- a/api_docs/license_management.mdx +++ b/api_docs/license_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement title: "licenseManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement'] --- import licenseManagementObj from './license_management.devdocs.json'; diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx index b57885c35683..68b680978fc2 100644 --- a/api_docs/licensing.mdx +++ b/api_docs/licensing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing title: "licensing" image: https://source.unsplash.com/400x175/?github description: API docs for the licensing plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing'] --- import licensingObj from './licensing.devdocs.json'; diff --git a/api_docs/links.mdx b/api_docs/links.mdx index 9d615c30363e..d8ddbebf3d42 100644 --- a/api_docs/links.mdx +++ b/api_docs/links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links title: "links" image: https://source.unsplash.com/400x175/?github description: API docs for the links plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links'] --- import linksObj from './links.devdocs.json'; diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index bd91960441fd..23da626272cd 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists title: "lists" image: https://source.unsplash.com/400x175/?github description: API docs for the lists plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists'] --- import listsObj from './lists.devdocs.json'; diff --git a/api_docs/logs_data_access.mdx b/api_docs/logs_data_access.mdx index 14101c29c1a6..9b860b631423 100644 --- a/api_docs/logs_data_access.mdx +++ b/api_docs/logs_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsDataAccess title: "logsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the logsDataAccess plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsDataAccess'] --- import logsDataAccessObj from './logs_data_access.devdocs.json'; diff --git a/api_docs/logs_explorer.mdx b/api_docs/logs_explorer.mdx index 91500126c025..5d86695f95d1 100644 --- a/api_docs/logs_explorer.mdx +++ b/api_docs/logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsExplorer title: "logsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the logsExplorer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsExplorer'] --- import logsExplorerObj from './logs_explorer.devdocs.json'; diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx index aeb00bcad592..02885f00047b 100644 --- a/api_docs/logs_shared.mdx +++ b/api_docs/logs_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared title: "logsShared" image: https://source.unsplash.com/400x175/?github description: API docs for the logsShared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared'] --- import logsSharedObj from './logs_shared.devdocs.json'; diff --git a/api_docs/management.mdx b/api_docs/management.mdx index 2118f745b3e9..3bdaa7d059bf 100644 --- a/api_docs/management.mdx +++ b/api_docs/management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management title: "management" image: https://source.unsplash.com/400x175/?github description: API docs for the management plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management'] --- import managementObj from './management.devdocs.json'; diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx index c020b26983ea..2b01d1d75449 100644 --- a/api_docs/maps.mdx +++ b/api_docs/maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps title: "maps" image: https://source.unsplash.com/400x175/?github description: API docs for the maps plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps'] --- import mapsObj from './maps.devdocs.json'; diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx index 3fb34272703b..e2ca81392f61 100644 --- a/api_docs/maps_ems.mdx +++ b/api_docs/maps_ems.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms title: "mapsEms" image: https://source.unsplash.com/400x175/?github description: API docs for the mapsEms plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms'] --- import mapsEmsObj from './maps_ems.devdocs.json'; diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx index 17b26f148d67..e40508a750d2 100644 --- a/api_docs/metrics_data_access.mdx +++ b/api_docs/metrics_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess title: "metricsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the metricsDataAccess plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess'] --- import metricsDataAccessObj from './metrics_data_access.devdocs.json'; diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx index 460029524152..d22a74312866 100644 --- a/api_docs/ml.mdx +++ b/api_docs/ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml title: "ml" image: https://source.unsplash.com/400x175/?github description: API docs for the ml plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml'] --- import mlObj from './ml.devdocs.json'; diff --git a/api_docs/mock_idp_plugin.mdx b/api_docs/mock_idp_plugin.mdx index 9d7cfa9a9ace..222fb69538fb 100644 --- a/api_docs/mock_idp_plugin.mdx +++ b/api_docs/mock_idp_plugin.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mockIdpPlugin title: "mockIdpPlugin" image: https://source.unsplash.com/400x175/?github description: API docs for the mockIdpPlugin plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mockIdpPlugin'] --- import mockIdpPluginObj from './mock_idp_plugin.devdocs.json'; diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx index fb5cb35807bf..c55e2a310702 100644 --- a/api_docs/monitoring.mdx +++ b/api_docs/monitoring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring title: "monitoring" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoring plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring'] --- import monitoringObj from './monitoring.devdocs.json'; diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx index 9b70f3902bfb..c401824c47e3 100644 --- a/api_docs/monitoring_collection.mdx +++ b/api_docs/monitoring_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection title: "monitoringCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoringCollection plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection'] --- import monitoringCollectionObj from './monitoring_collection.devdocs.json'; diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx index 787cf218d91e..87c8a304b491 100644 --- a/api_docs/navigation.mdx +++ b/api_docs/navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation title: "navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the navigation plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation'] --- import navigationObj from './navigation.devdocs.json'; diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx index 60eccbdc7e4e..1faef5bd18a6 100644 --- a/api_docs/newsfeed.mdx +++ b/api_docs/newsfeed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed title: "newsfeed" image: https://source.unsplash.com/400x175/?github description: API docs for the newsfeed plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed'] --- import newsfeedObj from './newsfeed.devdocs.json'; diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx index 20f22bdd4772..3ad7d9624e3e 100644 --- a/api_docs/no_data_page.mdx +++ b/api_docs/no_data_page.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage title: "noDataPage" image: https://source.unsplash.com/400x175/?github description: API docs for the noDataPage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage'] --- import noDataPageObj from './no_data_page.devdocs.json'; diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx index 4ce8743658e1..e4942c348380 100644 --- a/api_docs/notifications.mdx +++ b/api_docs/notifications.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications title: "notifications" image: https://source.unsplash.com/400x175/?github description: API docs for the notifications plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications'] --- import notificationsObj from './notifications.devdocs.json'; diff --git a/api_docs/observability.devdocs.json b/api_docs/observability.devdocs.json index f968d64e8081..14ad01498902 100644 --- a/api_docs/observability.devdocs.json +++ b/api_docs/observability.devdocs.json @@ -3,41 +3,6 @@ "client": { "classes": [], "functions": [ - { - "parentPluginId": "observability", - "id": "def-public.AlertSummary", - "type": "Function", - "tags": [], - "label": "AlertSummary", - "description": [], - "signature": [ - "(props: ", - "AlertSummaryProps", - ") => React.JSX.Element" - ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "observability", - "id": "def-public.AlertSummary.$1", - "type": "Object", - "tags": [], - "label": "props", - "description": [], - "signature": [ - "AlertSummaryProps" - ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx", - "deprecated": false, - "trackAdoption": false, - "isRequired": true - } - ], - "returnComment": [], - "initialIsOpen": false - }, { "parentPluginId": "observability", "id": "def-public.AutocompleteField", @@ -965,6 +930,41 @@ "returnComment": [], "initialIsOpen": false }, + { + "parentPluginId": "observability", + "id": "def-public.Threshold", + "type": "Function", + "tags": [], + "label": "Threshold", + "description": [], + "signature": [ + "({\n chartProps: { theme, baseTheme },\n comparator,\n id,\n threshold,\n title,\n value,\n valueFormatter = (d) => String(d),\n}: ", + "Props", + ") => React.JSX.Element" + ], + "path": "x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.tsx", + "deprecated": false, + "trackAdoption": false, + "children": [ + { + "parentPluginId": "observability", + "id": "def-public.Threshold.$1", + "type": "Object", + "tags": [], + "label": "{\n chartProps: { theme, baseTheme },\n comparator,\n id,\n threshold,\n title,\n value,\n valueFormatter = (d) => String(d),\n}", + "description": [], + "signature": [ + "Props" + ], + "path": "x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.tsx", + "deprecated": false, + "trackAdoption": false, + "isRequired": true + } + ], + "returnComment": [], + "initialIsOpen": false + }, { "parentPluginId": "observability", "id": "def-public.toQuery", @@ -1273,42 +1273,47 @@ "interfaces": [ { "parentPluginId": "observability", - "id": "def-public.AlertSummaryField", + "id": "def-public.AlertDetailsAppSectionProps", "type": "Interface", "tags": [], - "label": "AlertSummaryField", + "label": "AlertDetailsAppSectionProps", "description": [], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/types.ts", "deprecated": false, "trackAdoption": false, "children": [ { "parentPluginId": "observability", - "id": "def-public.AlertSummaryField.label", - "type": "CompoundType", - "tags": [], - "label": "label", - "description": [], - "signature": [ - "string | number | boolean | React.ReactElement> | Iterable | React.ReactPortal | null | undefined" - ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "observability", - "id": "def-public.AlertSummaryField.value", - "type": "CompoundType", + "id": "def-public.AlertDetailsAppSectionProps.setSources", + "type": "Function", "tags": [], - "label": "value", + "label": "setSources", "description": [], "signature": [ - "string | number | boolean | React.ReactElement> | Iterable | React.ReactPortal | null | undefined" + "(value: React.SetStateAction<", + "AlertDetailsSource", + "[] | undefined>) => void" ], - "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx", + "path": "x-pack/plugins/observability_solution/observability/public/pages/alert_details/types.ts", "deprecated": false, - "trackAdoption": false + "trackAdoption": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "observability", + "id": "def-public.AlertDetailsAppSectionProps.setSources.$1", + "type": "Uncategorized", + "tags": [], + "label": "value", + "description": [], + "signature": [ + "A" + ], + "path": "node_modules/@types/react/ts5.0/index.d.ts", + "deprecated": false, + "trackAdoption": false + } + ] } ], "initialIsOpen": false diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx index f097145b91e6..caea1529d40a 100644 --- a/api_docs/observability.mdx +++ b/api_docs/observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability title: "observability" image: https://source.unsplash.com/400x175/?github description: API docs for the observability plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability'] --- import observabilityObj from './observability.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 710 | 2 | 703 | 22 | +| 710 | 2 | 702 | 23 | ## Client diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx index bdc4a22462ff..39d911c5b96a 100644 --- a/api_docs/observability_a_i_assistant.mdx +++ b/api_docs/observability_a_i_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant title: "observabilityAIAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistant plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant'] --- import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant_app.mdx b/api_docs/observability_a_i_assistant_app.mdx index 8d11ee439bbc..fb56c2ba2070 100644 --- a/api_docs/observability_a_i_assistant_app.mdx +++ b/api_docs/observability_a_i_assistant_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistantApp title: "observabilityAIAssistantApp" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistantApp plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistantApp'] --- import observabilityAIAssistantAppObj from './observability_a_i_assistant_app.devdocs.json'; diff --git a/api_docs/observability_ai_assistant_management.mdx b/api_docs/observability_ai_assistant_management.mdx index f9a7d49645d8..24e7e2102194 100644 --- a/api_docs/observability_ai_assistant_management.mdx +++ b/api_docs/observability_ai_assistant_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAiAssistantManagement title: "observabilityAiAssistantManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAiAssistantManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAiAssistantManagement'] --- import observabilityAiAssistantManagementObj from './observability_ai_assistant_management.devdocs.json'; diff --git a/api_docs/observability_logs_explorer.mdx b/api_docs/observability_logs_explorer.mdx index c5442987953c..d4a381ceb7c3 100644 --- a/api_docs/observability_logs_explorer.mdx +++ b/api_docs/observability_logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogsExplorer title: "observabilityLogsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityLogsExplorer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogsExplorer'] --- import observabilityLogsExplorerObj from './observability_logs_explorer.devdocs.json'; diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx index 43df5ec232c8..ee74df58990e 100644 --- a/api_docs/observability_onboarding.mdx +++ b/api_docs/observability_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding title: "observabilityOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityOnboarding plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding'] --- import observabilityOnboardingObj from './observability_onboarding.devdocs.json'; diff --git a/api_docs/observability_shared.devdocs.json b/api_docs/observability_shared.devdocs.json index 434a9184e17e..e7c4d3eebf26 100644 --- a/api_docs/observability_shared.devdocs.json +++ b/api_docs/observability_shared.devdocs.json @@ -6712,6 +6712,111 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY", + "type": "string", + "tags": [], + "label": "ENTITY", + "description": [], + "signature": [ + "\"entity\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY_DEFINITION_ID", + "type": "string", + "tags": [], + "label": "ENTITY_DEFINITION_ID", + "description": [], + "signature": [ + "\"entity.definitionId\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY_DISPLAY_NAME", + "type": "string", + "tags": [], + "label": "ENTITY_DISPLAY_NAME", + "description": [], + "signature": [ + "\"entity.displayName\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY_FIRST_SEEN", + "type": "string", + "tags": [], + "label": "ENTITY_FIRST_SEEN", + "description": [], + "signature": [ + "\"entity.firstSeenTimestamp\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY_ID", + "type": "string", + "tags": [], + "label": "ENTITY_ID", + "description": [], + "signature": [ + "\"entity.id\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY_LAST_SEEN", + "type": "string", + "tags": [], + "label": "ENTITY_LAST_SEEN", + "description": [], + "signature": [ + "\"entity.lastSeenTimestamp\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.ENTITY_TYPE", + "type": "string", + "tags": [], + "label": "ENTITY_TYPE", + "description": [], + "signature": [ + "\"entity.type\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "observabilityShared", "id": "def-common.ERROR_CULPRIT", @@ -8044,6 +8149,21 @@ "trackAdoption": false, "initialIsOpen": false }, + { + "parentPluginId": "observabilityShared", + "id": "def-common.SOURCE_DATA_STREAM_TYPE", + "type": "string", + "tags": [], + "label": "SOURCE_DATA_STREAM_TYPE", + "description": [], + "signature": [ + "\"source_data_stream.type\"" + ], + "path": "x-pack/plugins/observability_solution/observability_shared/common/field_names/elasticsearch.ts", + "deprecated": false, + "trackAdoption": false, + "initialIsOpen": false + }, { "parentPluginId": "observabilityShared", "id": "def-common.SPAN_ACTION", diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx index db75845db6a0..a8b3a4cc1fd8 100644 --- a/api_docs/observability_shared.mdx +++ b/api_docs/observability_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared title: "observabilityShared" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityShared plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared'] --- import observabilitySharedObj from './observability_shared.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/observability-ui](https://github.com/orgs/elastic/teams/observ | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 484 | 1 | 479 | 19 | +| 492 | 1 | 487 | 19 | ## Client diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx index ab87abd86329..fda26b2a1e38 100644 --- a/api_docs/osquery.mdx +++ b/api_docs/osquery.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery title: "osquery" image: https://source.unsplash.com/400x175/?github description: API docs for the osquery plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery'] --- import osqueryObj from './osquery.devdocs.json'; diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx index 0c08bcf73d44..bc6a07d86db7 100644 --- a/api_docs/painless_lab.mdx +++ b/api_docs/painless_lab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab title: "painlessLab" image: https://source.unsplash.com/400x175/?github description: API docs for the painlessLab plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab'] --- import painlessLabObj from './painless_lab.devdocs.json'; diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx index 528b75ef21a1..b6c98e6c765e 100644 --- a/api_docs/plugin_directory.mdx +++ b/api_docs/plugin_directory.mdx @@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory slug: /kibana-dev-docs/api-meta/plugin-api-directory title: Directory description: Directory of public APIs available through plugins or packages. -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -21,7 +21,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | API Count | Any Count | Missing comments | Missing exports | |--------------|----------|-----------------|--------| -| 53514 | 244 | 40123 | 1983 | +| 53561 | 244 | 40168 | 1985 | ## Plugin Directory @@ -116,7 +116,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 4 | 0 | 4 | 0 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 246 | 0 | 241 | 1 | | | [@elastic/appex-ai-infra](https://github.com/orgs/elastic/teams/appex-ai-infra) | - | 49 | 0 | 44 | 15 | -| | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin visualizes data from Filebeat and Metricbeat, and integrates with other Observability solutions | 23 | 0 | 23 | 5 | +| | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin visualizes data from Filebeat and Metricbeat, and integrates with other Observability solutions | 24 | 0 | 24 | 5 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 4 | 0 | 4 | 0 | | inputControlVis | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds Input Control visualization to Kibana | 0 | 0 | 0 | 0 | | | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | - | 127 | 2 | 100 | 4 | @@ -152,13 +152,13 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 17 | 0 | 17 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 3 | 0 | 3 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 1 | -| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 710 | 2 | 703 | 22 | +| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 710 | 2 | 702 | 23 | | | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 293 | 1 | 291 | 28 | | | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 4 | 0 | 4 | 0 | | | [@elastic/obs-ai-assistant](https://github.com/orgs/elastic/teams/obs-ai-assistant) | - | 2 | 0 | 2 | 0 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | This plugin exposes and registers observability log consumption features. | 19 | 0 | 19 | 1 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 24 | 0 | 24 | 0 | -| | [@elastic/observability-ui](https://github.com/orgs/elastic/teams/observability-ui) | - | 484 | 1 | 479 | 19 | +| | [@elastic/observability-ui](https://github.com/orgs/elastic/teams/observability-ui) | - | 492 | 1 | 487 | 19 | | | [@elastic/security-defend-workflows](https://github.com/orgs/elastic/teams/security-defend-workflows) | - | 23 | 0 | 23 | 7 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 2 | 0 | 2 | 0 | | | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds a standardized Presentation panel which allows any forward ref component to interface with various Kibana systems. | 11 | 0 | 11 | 4 | @@ -253,7 +253,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 222 | 0 | 219 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 33 | 0 | 33 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 31 | 0 | 15 | 1 | -| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 317 | 0 | 301 | 8 | +| | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 318 | 0 | 302 | 8 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 73 | 0 | 73 | 2 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 1 | 0 | 0 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 18 | 0 | 18 | 0 | @@ -276,8 +276,8 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 3 | 0 | 3 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 62 | 0 | 17 | 1 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 2 | 0 | -| | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 74 | 1 | 74 | 0 | -| | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 74 | 0 | 72 | 0 | +| | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 78 | 1 | 78 | 0 | +| | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | - | 94 | 0 | 92 | 1 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 41 | 0 | 17 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 | | | [@elastic/appex-qa](https://github.com/orgs/elastic/teams/appex-qa) | - | 9 | 0 | 4 | 0 | @@ -489,7 +489,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) | - | 3 | 0 | 3 | 0 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 4 | 0 | 4 | 0 | | | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | - | 3 | 0 | 3 | 0 | -| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 62 | 0 | 50 | 0 | +| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 63 | 0 | 51 | 0 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 17 | 0 | 17 | 0 | | | [@elastic/security-solution](https://github.com/orgs/elastic/teams/security-solution) | - | 5 | 0 | 5 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | - | 2 | 0 | 2 | 0 | @@ -515,7 +515,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 32 | 0 | 19 | 1 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 11 | 0 | 6 | 0 | | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 269 | 1 | 209 | 15 | -| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 27 | 0 | 27 | 1 | +| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 28 | 0 | 28 | 1 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 1 | 0 | | | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 266 | 1 | 208 | 34 | | | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 29 | 0 | 12 | 0 | @@ -548,7 +548,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | - | 7 | 1 | 7 | 1 | | | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 9 | 0 | 9 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 52 | 12 | 43 | 0 | -| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 73 | 0 | 73 | 0 | +| | [@elastic/obs-ux-management-team](https://github.com/orgs/elastic/teams/obs-ux-management-team) | - | 81 | 0 | 81 | 0 | | | [@elastic/obs-knowledge-team](https://github.com/orgs/elastic/teams/obs-knowledge-team) | - | 60 | 0 | 60 | 4 | | | [@elastic/search-kibana](https://github.com/orgs/elastic/teams/search-kibana) | - | 44 | 0 | 44 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 13 | 0 | 13 | 0 | @@ -691,7 +691,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/security-threat-hunting-investigations](https://github.com/orgs/elastic/teams/security-threat-hunting-investigations) | - | 92 | 0 | 70 | 6 | | | [@elastic/security-threat-hunting-explore](https://github.com/orgs/elastic/teams/security-threat-hunting-explore) | - | 341 | 1 | 337 | 32 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 87 | 0 | 76 | 1 | -| | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 106 | 0 | 95 | 1 | +| | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 107 | 0 | 96 | 1 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 15 | 0 | 7 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 147 | 0 | 125 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 534 | 0 | 521 | 0 | @@ -700,7 +700,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 103 | 0 | 99 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 35 | 0 | 23 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 94 | 0 | 81 | 0 | -| | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 209 | 0 | 161 | 0 | +| | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 211 | 0 | 162 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 28 | 0 | 25 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 120 | 0 | 116 | 0 | | | [@elastic/security-detection-engine](https://github.com/orgs/elastic/teams/security-detection-engine) | - | 60 | 0 | 54 | 0 | diff --git a/api_docs/presentation_panel.mdx b/api_docs/presentation_panel.mdx index c90d1ca14638..54bb7c491f7d 100644 --- a/api_docs/presentation_panel.mdx +++ b/api_docs/presentation_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationPanel title: "presentationPanel" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationPanel plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationPanel'] --- import presentationPanelObj from './presentation_panel.devdocs.json'; diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx index c751f6aedc3c..ab6b065fa84e 100644 --- a/api_docs/presentation_util.mdx +++ b/api_docs/presentation_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil title: "presentationUtil" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationUtil plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil'] --- import presentationUtilObj from './presentation_util.devdocs.json'; diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx index 32a05f3c5ab1..850e4eb3cc17 100644 --- a/api_docs/profiling.mdx +++ b/api_docs/profiling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling title: "profiling" image: https://source.unsplash.com/400x175/?github description: API docs for the profiling plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling'] --- import profilingObj from './profiling.devdocs.json'; diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx index 3eb04a7fc1ad..4903d345a39a 100644 --- a/api_docs/profiling_data_access.mdx +++ b/api_docs/profiling_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess title: "profilingDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the profilingDataAccess plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess'] --- import profilingDataAccessObj from './profiling_data_access.devdocs.json'; diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx index 245462649583..7b3cd965b88f 100644 --- a/api_docs/remote_clusters.mdx +++ b/api_docs/remote_clusters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters title: "remoteClusters" image: https://source.unsplash.com/400x175/?github description: API docs for the remoteClusters plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters'] --- import remoteClustersObj from './remote_clusters.devdocs.json'; diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx index 493715b6009b..a6c115da41cc 100644 --- a/api_docs/reporting.mdx +++ b/api_docs/reporting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting title: "reporting" image: https://source.unsplash.com/400x175/?github description: API docs for the reporting plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting'] --- import reportingObj from './reporting.devdocs.json'; diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx index 06f71dfecd84..736cbd1473b7 100644 --- a/api_docs/rollup.mdx +++ b/api_docs/rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup title: "rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the rollup plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup'] --- import rollupObj from './rollup.devdocs.json'; diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx index d8d4c541d326..972865691b3e 100644 --- a/api_docs/rule_registry.mdx +++ b/api_docs/rule_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry title: "ruleRegistry" image: https://source.unsplash.com/400x175/?github description: API docs for the ruleRegistry plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry'] --- import ruleRegistryObj from './rule_registry.devdocs.json'; diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx index d0cd29e15f16..f471e2b93b01 100644 --- a/api_docs/runtime_fields.mdx +++ b/api_docs/runtime_fields.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields title: "runtimeFields" image: https://source.unsplash.com/400x175/?github description: API docs for the runtimeFields plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields'] --- import runtimeFieldsObj from './runtime_fields.devdocs.json'; diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx index 3e849acff116..6f92688d1814 100644 --- a/api_docs/saved_objects.mdx +++ b/api_docs/saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects title: "savedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjects plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects'] --- import savedObjectsObj from './saved_objects.devdocs.json'; diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx index f193a22d5036..ebb98fbe08f2 100644 --- a/api_docs/saved_objects_finder.mdx +++ b/api_docs/saved_objects_finder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder title: "savedObjectsFinder" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsFinder plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder'] --- import savedObjectsFinderObj from './saved_objects_finder.devdocs.json'; diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx index 843a7f976b37..0d5b1817cde3 100644 --- a/api_docs/saved_objects_management.mdx +++ b/api_docs/saved_objects_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement title: "savedObjectsManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsManagement plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement'] --- import savedObjectsManagementObj from './saved_objects_management.devdocs.json'; diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx index 034c7656b25d..a8f10bec508c 100644 --- a/api_docs/saved_objects_tagging.mdx +++ b/api_docs/saved_objects_tagging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging title: "savedObjectsTagging" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTagging plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging'] --- import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json'; diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx index d0e2437b387d..5c4992788dd1 100644 --- a/api_docs/saved_objects_tagging_oss.mdx +++ b/api_docs/saved_objects_tagging_oss.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss title: "savedObjectsTaggingOss" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTaggingOss plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss'] --- import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json'; diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx index ff56f59bbb8f..57d595f4c4d6 100644 --- a/api_docs/saved_search.mdx +++ b/api_docs/saved_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch title: "savedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the savedSearch plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch'] --- import savedSearchObj from './saved_search.devdocs.json'; diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx index 27f56758731b..70cf58f78247 100644 --- a/api_docs/screenshot_mode.mdx +++ b/api_docs/screenshot_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode title: "screenshotMode" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotMode plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode'] --- import screenshotModeObj from './screenshot_mode.devdocs.json'; diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx index 67e02604041d..20f535f6b4b4 100644 --- a/api_docs/screenshotting.mdx +++ b/api_docs/screenshotting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting title: "screenshotting" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotting plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting'] --- import screenshottingObj from './screenshotting.devdocs.json'; diff --git a/api_docs/search_assistant.mdx b/api_docs/search_assistant.mdx index da9fa89cb38c..3dbcaccffa45 100644 --- a/api_docs/search_assistant.mdx +++ b/api_docs/search_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchAssistant title: "searchAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the searchAssistant plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchAssistant'] --- import searchAssistantObj from './search_assistant.devdocs.json'; diff --git a/api_docs/search_connectors.mdx b/api_docs/search_connectors.mdx index 06048aceda3d..cd3883a2dac9 100644 --- a/api_docs/search_connectors.mdx +++ b/api_docs/search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchConnectors title: "searchConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the searchConnectors plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchConnectors'] --- import searchConnectorsObj from './search_connectors.devdocs.json'; diff --git a/api_docs/search_homepage.mdx b/api_docs/search_homepage.mdx index d4347200904f..8f8c201c787a 100644 --- a/api_docs/search_homepage.mdx +++ b/api_docs/search_homepage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchHomepage title: "searchHomepage" image: https://source.unsplash.com/400x175/?github description: API docs for the searchHomepage plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchHomepage'] --- import searchHomepageObj from './search_homepage.devdocs.json'; diff --git a/api_docs/search_indices.mdx b/api_docs/search_indices.mdx index 076027c94837..a38e24001f4d 100644 --- a/api_docs/search_indices.mdx +++ b/api_docs/search_indices.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchIndices title: "searchIndices" image: https://source.unsplash.com/400x175/?github description: API docs for the searchIndices plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchIndices'] --- import searchIndicesObj from './search_indices.devdocs.json'; diff --git a/api_docs/search_inference_endpoints.mdx b/api_docs/search_inference_endpoints.mdx index 72b34127b918..fb40794b5f4e 100644 --- a/api_docs/search_inference_endpoints.mdx +++ b/api_docs/search_inference_endpoints.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchInferenceEndpoints title: "searchInferenceEndpoints" image: https://source.unsplash.com/400x175/?github description: API docs for the searchInferenceEndpoints plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchInferenceEndpoints'] --- import searchInferenceEndpointsObj from './search_inference_endpoints.devdocs.json'; diff --git a/api_docs/search_notebooks.mdx b/api_docs/search_notebooks.mdx index dd21ba372799..afeb0ac3c10b 100644 --- a/api_docs/search_notebooks.mdx +++ b/api_docs/search_notebooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchNotebooks title: "searchNotebooks" image: https://source.unsplash.com/400x175/?github description: API docs for the searchNotebooks plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchNotebooks'] --- import searchNotebooksObj from './search_notebooks.devdocs.json'; diff --git a/api_docs/search_playground.mdx b/api_docs/search_playground.mdx index 0b09a0365b5b..d1bf8f80b5a3 100644 --- a/api_docs/search_playground.mdx +++ b/api_docs/search_playground.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchPlayground title: "searchPlayground" image: https://source.unsplash.com/400x175/?github description: API docs for the searchPlayground plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchPlayground'] --- import searchPlaygroundObj from './search_playground.devdocs.json'; diff --git a/api_docs/security.mdx b/api_docs/security.mdx index 5b200441c670..a10daf5f5742 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security title: "security" image: https://source.unsplash.com/400x175/?github description: API docs for the security plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security'] --- import securityObj from './security.devdocs.json'; diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx index f9993520acf1..aa636fb2d1a2 100644 --- a/api_docs/security_solution.mdx +++ b/api_docs/security_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution title: "securitySolution" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolution plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution'] --- import securitySolutionObj from './security_solution.devdocs.json'; diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx index c8d309e407d5..957dfc82ed3d 100644 --- a/api_docs/security_solution_ess.mdx +++ b/api_docs/security_solution_ess.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss title: "securitySolutionEss" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionEss plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss'] --- import securitySolutionEssObj from './security_solution_ess.devdocs.json'; diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx index 16f7480d2a79..367914a3536d 100644 --- a/api_docs/security_solution_serverless.mdx +++ b/api_docs/security_solution_serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless title: "securitySolutionServerless" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionServerless plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless'] --- import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json'; diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx index 5e65ee617f19..cb021e1d571d 100644 --- a/api_docs/serverless.mdx +++ b/api_docs/serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless title: "serverless" image: https://source.unsplash.com/400x175/?github description: API docs for the serverless plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless'] --- import serverlessObj from './serverless.devdocs.json'; diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx index f2b303b734eb..5be9318ea89d 100644 --- a/api_docs/serverless_observability.mdx +++ b/api_docs/serverless_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability title: "serverlessObservability" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessObservability plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability'] --- import serverlessObservabilityObj from './serverless_observability.devdocs.json'; diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx index 815b7b50a549..67159bea0c56 100644 --- a/api_docs/serverless_search.mdx +++ b/api_docs/serverless_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch title: "serverlessSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessSearch plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch'] --- import serverlessSearchObj from './serverless_search.devdocs.json'; diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx index b9ab3f23c661..ddeb35b34482 100644 --- a/api_docs/session_view.mdx +++ b/api_docs/session_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView title: "sessionView" image: https://source.unsplash.com/400x175/?github description: API docs for the sessionView plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView'] --- import sessionViewObj from './session_view.devdocs.json'; diff --git a/api_docs/share.mdx b/api_docs/share.mdx index 00d1f67d8a76..96e2a75a76b3 100644 --- a/api_docs/share.mdx +++ b/api_docs/share.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share title: "share" image: https://source.unsplash.com/400x175/?github description: API docs for the share plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share'] --- import shareObj from './share.devdocs.json'; diff --git a/api_docs/slo.mdx b/api_docs/slo.mdx index 6fb26a74cacb..f1015cde50a7 100644 --- a/api_docs/slo.mdx +++ b/api_docs/slo.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/slo title: "slo" image: https://source.unsplash.com/400x175/?github description: API docs for the slo plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'slo'] --- import sloObj from './slo.devdocs.json'; diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx index 086ad0df859b..e3e7382a9eec 100644 --- a/api_docs/snapshot_restore.mdx +++ b/api_docs/snapshot_restore.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore title: "snapshotRestore" image: https://source.unsplash.com/400x175/?github description: API docs for the snapshotRestore plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore'] --- import snapshotRestoreObj from './snapshot_restore.devdocs.json'; diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx index 75c8c1665687..1bfd13a590d3 100644 --- a/api_docs/spaces.mdx +++ b/api_docs/spaces.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces title: "spaces" image: https://source.unsplash.com/400x175/?github description: API docs for the spaces plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces'] --- import spacesObj from './spaces.devdocs.json'; diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx index df33a1460ccf..8dc70f65907a 100644 --- a/api_docs/stack_alerts.mdx +++ b/api_docs/stack_alerts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts title: "stackAlerts" image: https://source.unsplash.com/400x175/?github description: API docs for the stackAlerts plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts'] --- import stackAlertsObj from './stack_alerts.devdocs.json'; diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx index 90f2484852d2..57ad065d2d8f 100644 --- a/api_docs/stack_connectors.mdx +++ b/api_docs/stack_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors title: "stackConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the stackConnectors plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors'] --- import stackConnectorsObj from './stack_connectors.devdocs.json'; diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx index 09bb5723991c..e64a4b0c4a4e 100644 --- a/api_docs/task_manager.mdx +++ b/api_docs/task_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager title: "taskManager" image: https://source.unsplash.com/400x175/?github description: API docs for the taskManager plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager'] --- import taskManagerObj from './task_manager.devdocs.json'; diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx index 9842163e9383..b07c42468d94 100644 --- a/api_docs/telemetry.mdx +++ b/api_docs/telemetry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry title: "telemetry" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetry plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry'] --- import telemetryObj from './telemetry.devdocs.json'; diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx index 179f0a53328f..a019592d3d0a 100644 --- a/api_docs/telemetry_collection_manager.mdx +++ b/api_docs/telemetry_collection_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager title: "telemetryCollectionManager" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionManager plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager'] --- import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json'; diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx index 0da3ad410f3a..9d8c666c94b9 100644 --- a/api_docs/telemetry_collection_xpack.mdx +++ b/api_docs/telemetry_collection_xpack.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack title: "telemetryCollectionXpack" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionXpack plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack'] --- import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json'; diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx index 9231888cfed4..c4a175c3ddb9 100644 --- a/api_docs/telemetry_management_section.mdx +++ b/api_docs/telemetry_management_section.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection title: "telemetryManagementSection" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryManagementSection plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection'] --- import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json'; diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx index dda1be6fa05a..46cb59bee1b1 100644 --- a/api_docs/threat_intelligence.mdx +++ b/api_docs/threat_intelligence.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence title: "threatIntelligence" image: https://source.unsplash.com/400x175/?github description: API docs for the threatIntelligence plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence'] --- import threatIntelligenceObj from './threat_intelligence.devdocs.json'; diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx index 9bea4815cb4d..b7e9d3a92f74 100644 --- a/api_docs/timelines.mdx +++ b/api_docs/timelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines title: "timelines" image: https://source.unsplash.com/400x175/?github description: API docs for the timelines plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines'] --- import timelinesObj from './timelines.devdocs.json'; diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx index b82f34994b90..9efcdefd3437 100644 --- a/api_docs/transform.mdx +++ b/api_docs/transform.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform title: "transform" image: https://source.unsplash.com/400x175/?github description: API docs for the transform plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform'] --- import transformObj from './transform.devdocs.json'; diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx index 81fb79a4591c..f8f74023a591 100644 --- a/api_docs/triggers_actions_ui.mdx +++ b/api_docs/triggers_actions_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi title: "triggersActionsUi" image: https://source.unsplash.com/400x175/?github description: API docs for the triggersActionsUi plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi'] --- import triggersActionsUiObj from './triggers_actions_ui.devdocs.json'; diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx index 3ca9c9eeb7b6..6dc712060ab8 100644 --- a/api_docs/ui_actions.mdx +++ b/api_docs/ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions title: "uiActions" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActions plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions'] --- import uiActionsObj from './ui_actions.devdocs.json'; diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx index 9c5a173988c2..63ba12f0c9c1 100644 --- a/api_docs/ui_actions_enhanced.mdx +++ b/api_docs/ui_actions_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced title: "uiActionsEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActionsEnhanced plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced'] --- import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json'; diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx index 7b567e1004a7..cb82fef0da72 100644 --- a/api_docs/unified_doc_viewer.mdx +++ b/api_docs/unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer title: "unifiedDocViewer" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedDocViewer plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer'] --- import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json'; diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx index a69f581d0c63..dd183a47bea8 100644 --- a/api_docs/unified_histogram.mdx +++ b/api_docs/unified_histogram.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram title: "unifiedHistogram" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedHistogram plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram'] --- import unifiedHistogramObj from './unified_histogram.devdocs.json'; diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx index c2eed2290024..fc30a164cd31 100644 --- a/api_docs/unified_search.mdx +++ b/api_docs/unified_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch title: "unifiedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch'] --- import unifiedSearchObj from './unified_search.devdocs.json'; diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx index 4fbddf6030aa..2e62d3a54fc0 100644 --- a/api_docs/unified_search_autocomplete.mdx +++ b/api_docs/unified_search_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete title: "unifiedSearch.autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch.autocomplete plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete'] --- import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json'; diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx index 7921a94b09f1..368d63093da9 100644 --- a/api_docs/uptime.mdx +++ b/api_docs/uptime.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime title: "uptime" image: https://source.unsplash.com/400x175/?github description: API docs for the uptime plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime'] --- import uptimeObj from './uptime.devdocs.json'; diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx index 7dc4cdc8e12a..2bab27c9b983 100644 --- a/api_docs/url_forwarding.mdx +++ b/api_docs/url_forwarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding title: "urlForwarding" image: https://source.unsplash.com/400x175/?github description: API docs for the urlForwarding plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding'] --- import urlForwardingObj from './url_forwarding.devdocs.json'; diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx index 0a2e7e2531e6..5c8d83f830fb 100644 --- a/api_docs/usage_collection.mdx +++ b/api_docs/usage_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection title: "usageCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the usageCollection plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection'] --- import usageCollectionObj from './usage_collection.devdocs.json'; diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx index 56434449ca9c..d78388e7e68f 100644 --- a/api_docs/ux.mdx +++ b/api_docs/ux.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux title: "ux" image: https://source.unsplash.com/400x175/?github description: API docs for the ux plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux'] --- import uxObj from './ux.devdocs.json'; diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx index 009cc700934d..3ee18ecc0d7e 100644 --- a/api_docs/vis_default_editor.mdx +++ b/api_docs/vis_default_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor title: "visDefaultEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the visDefaultEditor plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor'] --- import visDefaultEditorObj from './vis_default_editor.devdocs.json'; diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx index e23f89f72e8d..b5e63a9fced4 100644 --- a/api_docs/vis_type_gauge.mdx +++ b/api_docs/vis_type_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge title: "visTypeGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeGauge plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge'] --- import visTypeGaugeObj from './vis_type_gauge.devdocs.json'; diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx index 2fb0ceb4b43d..3fd13265c4b1 100644 --- a/api_docs/vis_type_heatmap.mdx +++ b/api_docs/vis_type_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap title: "visTypeHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeHeatmap plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap'] --- import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json'; diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx index 7b7d32e86025..a7dd330e02dd 100644 --- a/api_docs/vis_type_pie.mdx +++ b/api_docs/vis_type_pie.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie title: "visTypePie" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypePie plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie'] --- import visTypePieObj from './vis_type_pie.devdocs.json'; diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx index 78944f963586..075499ced085 100644 --- a/api_docs/vis_type_table.mdx +++ b/api_docs/vis_type_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable title: "visTypeTable" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTable plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable'] --- import visTypeTableObj from './vis_type_table.devdocs.json'; diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx index e3e586460e74..bf938c465c13 100644 --- a/api_docs/vis_type_timelion.mdx +++ b/api_docs/vis_type_timelion.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion title: "visTypeTimelion" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimelion plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion'] --- import visTypeTimelionObj from './vis_type_timelion.devdocs.json'; diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx index ce7ff654bea4..f4cbc7b82aef 100644 --- a/api_docs/vis_type_timeseries.mdx +++ b/api_docs/vis_type_timeseries.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries title: "visTypeTimeseries" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimeseries plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries'] --- import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json'; diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx index 959a78ce9afd..07340d98ac8d 100644 --- a/api_docs/vis_type_vega.mdx +++ b/api_docs/vis_type_vega.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega title: "visTypeVega" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVega plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega'] --- import visTypeVegaObj from './vis_type_vega.devdocs.json'; diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx index 61d181fb1e54..5e16317e61dd 100644 --- a/api_docs/vis_type_vislib.mdx +++ b/api_docs/vis_type_vislib.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib title: "visTypeVislib" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVislib plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib'] --- import visTypeVislibObj from './vis_type_vislib.devdocs.json'; diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx index 556bb799c7d6..603cc452cdf5 100644 --- a/api_docs/vis_type_xy.mdx +++ b/api_docs/vis_type_xy.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy title: "visTypeXy" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeXy plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy'] --- import visTypeXyObj from './vis_type_xy.devdocs.json'; diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx index 2719c5fb6ea4..9c26dfbd6ea1 100644 --- a/api_docs/visualizations.mdx +++ b/api_docs/visualizations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations title: "visualizations" image: https://source.unsplash.com/400x175/?github description: API docs for the visualizations plugin -date: 2024-10-04 +date: 2024-10-07 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations'] --- import visualizationsObj from './visualizations.devdocs.json'; diff --git a/config/serverless.es.yml b/config/serverless.es.yml index 62e201955d9c..4261f2948800 100644 --- a/config/serverless.es.yml +++ b/config/serverless.es.yml @@ -70,8 +70,5 @@ xpack.searchInferenceEndpoints.ui.enabled: false # Search Notebooks xpack.search.notebooks.catalog.url: https://elastic-enterprise-search.s3.us-east-2.amazonaws.com/serverless/catalog.json -# Search Homepage -xpack.search.homepage.ui.enabled: true - # Semantic text UI xpack.index_management.dev.enableSemanticText: false diff --git a/oas_docs/output/kibana.serverless.staging.yaml b/oas_docs/output/kibana.serverless.staging.yaml index 39819e8307e7..5a185579f498 100644 --- a/oas_docs/output/kibana.serverless.staging.yaml +++ b/oas_docs/output/kibana.serverless.staging.yaml @@ -33502,33 +33502,42 @@ tags: x-displayName: Saved objects - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API + x-displayName: Security AI assistant - description: >- You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. name: Security Detections API + x-displayName: Security detections - description: >- Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. name: Security Endpoint Exceptions API + x-displayName: Security endpoint exceptions - description: Interact with and manage endpoints running the Elastic Defend integration. name: Security Endpoint Management API + x-displayName: Security endpoint management - description: '' name: Security Entity Analytics API + x-displayName: Security entity analytics - description: >- Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. name: Security Exceptions API + x-displayName: Security exceptions - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. name: Security Lists API + x-displayName: Security lists - description: Run live queries, manage packs and saved queries. name: Security Osquery API + x-displayName: Security Osquery - description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. name: Security Timeline API + x-displayName: Security timeline - description: SLO APIs enable you to define, manage and track service-level objectives name: slo - name: spaces diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml index c30f683b3bf9..5a185579f498 100644 --- a/oas_docs/output/kibana.serverless.yaml +++ b/oas_docs/output/kibana.serverless.yaml @@ -5402,6 +5402,270 @@ paths: summary: Search for annotations tags: - APM annotations + /api/asset_criticality: + delete: + description: Delete the asset criticality record for a specific entity. + operationId: DeleteAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + - description: If 'wait_for' the request will wait for the index refresh. + in: query + name: refresh + required: false + schema: + enum: + - wait_for + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + deleted: + description: >- + True if the record was deleted or false if the record did + not exist. + type: boolean + record: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: The deleted record if it existed. + required: + - deleted + description: Successful response + '400': + description: Invalid request + summary: Delete an asset criticality record + tags: + - Security Entity Analytics API + get: + description: Get the asset criticality record for a specific entity. + operationId: GetAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + '404': + description: Criticality record not found + summary: Get an asset criticality record + tags: + - Security Entity Analytics API + post: + description: > + Create or update an asset criticality record for a specific entity. + + + If a record already exists for the specified entity, that record is + overwritten with the specified value. If a record doesn't exist for the + specified entity, a new record is created. + operationId: CreateAssetCriticalityRecord + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - type: object + properties: + refresh: + description: >- + If 'wait_for' the request will wait for the index + refresh. + enum: + - wait_for + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + summary: Upsert an asset criticality record + tags: + - Security Entity Analytics API + /api/asset_criticality/bulk: + post: + description: > + Bulk upsert up to 1000 asset criticality records. + + + If asset criticality records already exist for the specified entities, + those records are overwritten with the specified values. If asset + criticality records don't exist for the specified entities, new records + are created. + operationId: BulkUpsertAssetCriticalityRecords + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + example: + records: + - criticality_level: low_impact + id_field: host.name + id_value: host-1 + - criticality_level: medium_impact + id_field: host.name + id_value: host-2 + type: object + properties: + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + maxItems: 1000 + minItems: 1 + type: array + required: + - records + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + example: + errors: + - index: 0 + message: Invalid ID field + stats: + failed: 1 + successful: 1 + total: 2 + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + type: array + stats: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + required: + - errors + - stats + description: Bulk upload successful + '413': + description: File too large + summary: Bulk upsert asset criticality records + tags: + - Security Entity Analytics API + /api/asset_criticality/list: + get: + description: List asset criticality records, paging, sorting and filtering as needed. + operationId: FindAssetCriticalityRecords + parameters: + - description: The field to sort by. + in: query + name: sort_field + required: false + schema: + enum: + - id_value + - id_field + - criticality_level + - \@timestamp + type: string + - description: The order to sort by. + in: query + name: sort_direction + required: false + schema: + enum: + - asc + - desc + type: string + - description: The page number to return. + in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - description: The number of records to return per page. + in: query + name: per_page + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: The kuery to filter by. + in: query + name: kuery + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + description: Bulk upload successful + summary: List asset criticality records + tags: + - Security Entity Analytics API /api/data_views: get: operationId: getAllDataViewsDefault @@ -5926,9 +6190,18 @@ paths: summary: Preview a saved object reference swap tags: - data views - /api/fleet/agent_download_sources: + /api/detection_engine/privileges: get: - operationId: get-download-sources + description: > + Retrieves whether or not the user is authenticated, and the user's + Kibana + + space and index privileges, which determine if the user can create an + + index for the Elastic Security alerts generated by + + detection engine rules. + operationId: ReadPrivileges responses: '200': content: @@ -5936,399 +6209,311 @@ paths: schema: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_download_sources' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent binary download sources - tags: - - Elastic Agent binary download sources - post: - operationId: post-download-sources - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - type: string - id: - type: string - is_default: - type: boolean - name: - type: string - required: - - name - - host - - is_default - responses: - '200': + has_encryption_key: + type: boolean + is_authenticated: + type: boolean + required: + - is_authenticated + - has_encryption_key + description: Successful response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent binary download source + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Returns user privileges for the Kibana space tags: - - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: + - Security Detections API + - Privileges API + /api/detection_engine/rules: delete: - operationId: delete-download-source + description: Delete a detection rule using the `rule_id` or `id` field. + operationId: DeleteRule parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The rule's `id` value. + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. + in: query + name: rule_id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent binary download source by ID + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Delete a detection rule tags: - - Elastic Agent binary download sources + - Security Detections API + - Rules API get: - operationId: get-one-download-source + description: Retrieve a detection rule using the `rule_id` or `id` field. + operationId: ReadRule + parameters: + - description: The rule's `id` value. + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. + in: query + name: rule_id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent binary download source by ID + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Retrieve a detection rule tags: - - Elastic Agent binary download sources - parameters: - - in: path - name: sourceId - required: true - schema: - type: string - put: - operationId: update-download-source - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Detections API + - Rules API + patch: + description: >- + Update specific fields of an existing detection rule using the `rule_id` + or `id` field. + operationId: PatchRule requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - host: - type: string - is_default: - type: boolean - name: - type: string - required: - - name - - is_default - - host - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent binary download source by ID - tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: - get: - description: '' - operationId: agent-policy-list - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' - - description: >- - When set to true, retrieve the related package policies for each - agent policy. - in: query - name: full - schema: - type: boolean - - description: >- - When set to true, do not count how many agents are in the agent - policy, this can improve performance if you are searching over a - large number of agent policies. The "agents" property will always be - 0 if set to true. - in: query - name: noAgentCount - schema: - type: boolean + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent policies + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Patch a detection rule tags: - - Elastic Agent policies + - Security Detections API + - Rules API post: - operationId: create-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: Create a new detection rule. + operationId: CreateRule requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_agent_policy_create_request' + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent policy + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Create a detection rule tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: - post: - operationId: bulk-get-agent-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' + - Security Detections API + - Rules API + put: + description: > + Update a detection rule using the `rule_id` or `id` field. The original + rule is replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` or `rule_id` values. + operationId: UpdateRule requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of agent policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get agent policies - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: - get: - description: Get one agent policy - operationId: agent-policy-info - parameters: [] + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent policy by ID + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Update a detection rule tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' - put: - operationId: update-agent-policy + - Security Detections API + - Rules API + /api/detection_engine/rules/_bulk_action: + post: + description: >- + Apply a bulk action, such as bulk edit, duplicate, or delete, to + multiple detection rules. The bulk action is applied to all rules that + match the query or to the rules listed by their IDs. + operationId: PerformRulesBulkAction parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Enables dry run mode for the request call. + in: query + name: dry_run + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_agent_policy_update_request' + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDuplicateRules + - $ref: >- + #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionResponse + - $ref: >- + #/components/schemas/Security_Detections_API_BulkExportActionResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent policy by ID + summary: Apply a bulk action to detection rules tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' + - Security Detections API + - Bulk API + /api/detection_engine/rules/_export: post: - operationId: agent-policy-copy + description: > + Export detection rules to an `.ndjson` file. The following configuration + items are also included in the `.ndjson` file: + + - Actions + + - Exception lists + + > info + + > You cannot export prebuilt rules. + operationId: ExportRules parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Determines whether a summary of the exported rules is returned. + in: query + name: exclude_export_details + required: false + schema: + default: false + type: boolean + - description: File name for saving the exported rules. + in: query + name: file_name + required: false + schema: + default: export.ndjson + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + nullable: true type: object properties: - description: - type: string - name: - type: string + objects: + description: >- + Array of `rule_id` fields. Exports all rules when + unspecified. + items: + type: object + properties: + rule_id: + $ref: >- + #/components/schemas/Security_Detections_API_RuleSignatureId + required: + - rule_id + type: array required: - - name - description: '' + - objects + required: false responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Copy agent policy by ID + description: An `.ndjson` file containing the returned rules. + format: binary + type: string + description: Indicates a successful call. + summary: Export detection rules tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: + - Security Detections API + - Import/Export API + /api/detection_engine/rules/_find: get: - operationId: agent-policy-download - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Download agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - operationId: agent-policy-full + description: >- + Retrieve a paginated list of detection rules. By default, the first page + is returned, with 20 results per page. + operationId: FindRules + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Rules per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: @@ -6336,93 +6521,275 @@ paths: schema: type: object properties: - item: - oneOf: - - type: string - - $ref: '#/components/schemas/Fleet_agent_policy_full' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full agent policy by ID + data: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RuleResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + summary: List all detection rules tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /api/fleet/agent_policies/delete: - parameters: [] + - Security Detections API + - Rules API + /api/detection_engine/rules/_import: post: - operationId: delete-agent-policy + description: > + Import detection rules from an `.ndjson` file, including actions and + exception lists. The request must include: + + - The `Content-Type: multipart/form-data` HTTP header. + + - A link to the `.ndjson` file containing the rules. + operationId: ImportRules parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: >- + Determines whether existing rules with the same `rule_id` are + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing exception lists with the same `list_id` + are overwritten. + in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing actions with the same + `kibana.alert.rule.actions.id` are overwritten. + in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: Generates a new list ID for each imported exception list. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: type: object properties: - agentPolicyId: + file: + description: The `.ndjson` file containing the rules. + format: binary type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean - required: - - agentPolicyId + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - id: - type: string + action_connectors_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + action_connectors_success: + type: boolean + action_connectors_success_count: + minimum: 0 + type: integer + action_connectors_warnings: + items: + $ref: >- + #/components/schemas/Security_Detections_API_WarningSchema + type: array + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_success: + type: boolean + exceptions_success_count: + minimum: 0 + type: integer + rules_count: + minimum: 0 + type: integer success: type: boolean + success_count: + minimum: 0 + type: integer required: - - id + - exceptions_success + - exceptions_success_count + - exceptions_errors + - rules_count - success - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent policy by ID + - success_count + - errors + - action_connectors_errors + - action_connectors_warnings + - action_connectors_success + - action_connectors_success_count + description: Indicates a successful call. + summary: Import detection rules tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - operationId: get-agent-status + - Security Detections API + - Import/Export API + /api/detection_engine/rules/{id}/exceptions: + post: + description: Create exception items that apply to a single detection rule. + operationId: CreateRuleExceptionListItems parameters: - - in: query - name: policyId - required: false + - description: Detection rule's identifier + in: path + name: id + required: true schema: - type: string - - deprecated: true + $ref: '#/components/schemas/Security_Exceptions_API_RuleId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps + type: array + required: + - items + description: Rule exception list items + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create rule exception list items + tags: + - Security Exceptions API + /api/detection_engine/rules/preview: + post: + operationId: RulePreview + parameters: + - description: >- + Enables logging and returning in response ES queries, performed + during rule execution in: query - name: kuery + name: enable_logged_requests required: false schema: - type: string + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EsqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + discriminator: + propertyName: type + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied + required: true responses: '200': content: @@ -6430,785 +6797,717 @@ paths: schema: type: object properties: - active: - type: integer - all: - type: integer - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - deprecated: true - type: integer - unenrolled: - type: integer - updating: - type: integer + isAborted: + type: boolean + logs: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewLogs + type: array + previewId: + $ref: >- + #/components/schemas/Security_Detections_API_NonEmptyString required: - - active - - all - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK + - logs + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - operationId: get-agent-data - parameters: - - in: query - name: agentsIds - required: true - schema: - items: - type: string - type: array - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - additionalProperties: - type: object - properties: - data: - type: boolean - type: object - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get incoming agent data - tags: - - Elastic Agent status - /api/fleet/agent-status: - get: - deprecated: true - operationId: get-agent-status-deprecated - parameters: - - in: query - name: policyId - required: false - schema: - type: string - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - type: integer - updating: - type: integer - required: - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /api/fleet/agents: - get: - operationId: get-agents - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_show_inactive' - - $ref: '#/components/parameters/Fleet_show_upgradeable' - - $ref: '#/components/parameters/Fleet_sort_field' - - $ref: '#/components/parameters/Fleet_sort_order' - - $ref: '#/components/parameters/Fleet_with_metrics' - - in: query - name: getStatusSummary - required: false - schema: - type: boolean - responses: - '200': + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agents_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Preview rule alerts generated on specified time range tags: - - Elastic Agents + - Security Detections API + - Rule preview API + /api/detection_engine/signals/assignees: post: - operationId: get-agents-by-actions - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: | + Assign users to detection alerts, and unassign them from alerts. + > info + > You cannot add and remove the same assignee in the same request. + operationId: SetAlertAssignees requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - actionIds: - items: - type: string - type: array + assignees: + $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' + description: Details about the assignees to assign and unassign. + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + description: List of alerts ids to assign and unassign passed assignees. required: - - policy_id + - assignees + - ids required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_agent_get_by_actions' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents by action ids - tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - operationId: delete-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent by ID - tags: - - Elastic Agents - get: - operationId: get-agent - parameters: - - $ref: '#/components/parameters/Fleet_with_metrics' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent by ID + description: Invalid request. + summary: Assign and unassign users from detection alerts tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - put: - operationId: update-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Detections API + /api/detection_engine/signals/search: + post: + description: Find and/or aggregate detection alerts that match the given query. + operationId: SearchAlerts requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + description: Elasticsearch query and aggregation request type: object properties: - tags: + _source: + oneOf: + - type: boolean + - type: string + - items: + type: string + type: array + aggs: + additionalProperties: true + type: object + fields: items: type: string type: array - user_provided_metadata: + query: + additionalProperties: true + type: object + runtime_mappings: + additionalProperties: true type: object + size: + minimum: 0 + type: integer + sort: + $ref: '#/components/schemas/Security_Detections_API_AlertsSort' + track_total_hits: + type: boolean + description: Search and/or aggregation query required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: true + description: Elasticsearch search response type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent' - required: - - item - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent by ID + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Find and/or aggregate detection alerts tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Alerts API + /api/detection_engine/signals/status: post: - operationId: new-agent-action - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: Set the status of one or more detection alerts. + operationId: SetAlertsStatus requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - $ref: '#/components/schemas/Fleet_agent_action' + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByIds + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery + description: >- + An object containing desired status and explicit alert ids or a query + to select alerts required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: true + description: Elasticsearch update by query response type: object - properties: - body: - items: - type: number - type: array - headers: - type: string - statusCode: - type: number - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent action + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Set a detection alert status tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Alerts API + /api/detection_engine/signals/tags: post: - operationId: reassign-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: | + And tags to detection alerts, and remove them from alerts. + > info + > You cannot add and remove the same alert tag in the same request. + operationId: SetAlertTags requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - policy_id: - type: string + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + tags: + $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' required: - - policy_id + - ids + - tags + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: true + description: Elasticsearch update by query response type: object - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent - tags: - - Elastic Agents - put: - deprecated: true - operationId: reassign-agent-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - policy_id: - type: string - required: - - policy_id - required: true - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Add and remove detection alert tags tags: - - Elastic Agents - /api/fleet/agents/{agentId}/request_diagnostics: - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: request-diagnostics-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array + - Security Detections API + - Alerts API + /api/detection_engine/tags: + get: + description: List all unique tags from all detection rules. + operationId: ReadTags responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Request agent diagnostics + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + description: Indicates a successful call + summary: List all detection rule tags tags: - - Elastic Agents - /api/fleet/agents/{agentId}/unenroll: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Tags API + /api/endpoint_list: post: - operationId: unenroll-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - revoke: - type: boolean + description: >- + Create an endpoint exception list, which groups endpoint exception list + items. If an endpoint exception list already exists, an empty response + is returned. + operationId: CreateEndpointList responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: number - description: BAD REQUEST - summary: Unenroll agent - tags: - - Elastic Agents - /api/fleet/agents/{agentId}/upgrade: - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: upgrade-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade agent - tags: - - Elastic Agents - /api/fleet/agents/{agentId}/uploads: - get: - operationId: list-agent-uploads - responses: - '200': + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - item: - items: - $ref: '#/components/schemas/Fleet_agent_diagnostics' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent uploads + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Create an endpoint exception list tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - /api/fleet/agents/action_status: - get: - operationId: agents-action-status + - Security Endpoint Exceptions API + /api/endpoint_list/items: + delete: + description: >- + Delete an endpoint exception list item using the `id` or `item_id` + field. + operationId: DeleteEndpointListItem parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - in: query - name: errorSize + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false schema: - default: 5 - type: integer + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - latestErrors: - description: >- - latest errors that happened when the agents executed - the action - items: - type: object - properties: - agentId: - type: string - error: - type: string - timestamp: - type: string - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: string - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - POLICY_REASSIGN - - UPGRADE - - UNENROLL - - FORCE_UNENROLL - - UPDATE_TAGS - - CANCEL - - REQUEST_DIAGNOSTICS - - SETTINGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - complete - - nbAgentsActioned - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - status - - creationTime - - type - type: array - required: - - items - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent action status + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Delete an endpoint exception list item tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: - parameters: - - in: path - name: actionId - required: true - schema: - type: string - post: - operationId: agent-action-cancel + - Security Endpoint Exceptions API + get: + description: >- + Get the details of an endpoint exception list item using the `id` or + `item_id` field. + operationId: ReadEndpointListItem parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_action' - description: OK + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: array + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Cancel agent action + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Get an endpoint exception list item tags: - - Elastic Agent actions - /api/fleet/agents/bulk_reassign: + - Security Endpoint Exceptions API post: - operationId: bulk-reassign-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: >- + Create an endpoint exception list item, and associate it with the + endpoint exception list. + operationId: CreateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - policy_id: policy_id schema: type: object properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - policy_id: - description: new agent policy id - type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - - policy_id - - agents + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk reassign agents + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item already exists + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Create an endpoint exception list item tags: - - Elastic Agents - /api/fleet/agents/bulk_request_diagnostics: - post: - operationId: bulk-request-diagnostics - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Endpoint Exceptions API + put: + description: >- + Update an endpoint exception list item using the `id` or `item_id` + field. + operationId: UpdateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' schema: type: object properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number + _version: + type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - - agents + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk request diagnostics from agents + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Update an endpoint exception list item tags: - - Elastic Agents - /api/fleet/agents/bulk_unenroll: - post: - operationId: bulk-unenroll-agents + - Security Endpoint Exceptions API + /api/endpoint_list/items/_find: + get: + description: Get a list of all endpoint exception list items. + operationId: FindEndpointListItems parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - force: false - revoke: true - schema: - type: object - properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. + in: query + name: filter + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string responses: '200': content: @@ -7216,731 +7515,596 @@ paths: schema: type: object properties: - actionId: + data: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + pit: type: string - description: OK + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk unenroll agents + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Get endpoint exception list items tags: - - Elastic Agents - /api/fleet/agents/bulk_update_agent_tags: - post: - operationId: bulk-update-agent-tags + - Security Endpoint Exceptions API + /api/endpoint/action: + get: + description: Get a list of all response actions. + operationId: EndpointGetActionsList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - tagsToAdd: - - newTag - tagsToRemove: - - existingTag - schema: - type: object - properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk update agent tags + summary: Get response actions tags: - - Elastic Agents - /api/fleet/agents/bulk_upgrade: - post: - operationId: bulk-upgrade-agents + - Security Endpoint Management API + /api/endpoint/action_log/{agent_id}: + get: + deprecated: true + description: Get an action request log for the specified agent ID. + operationId: EndpointGetActionLog parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - rollout_duration_seconds: 3600 - source_uri: https://artifacts.elastic.co/downloads/beats/elastic-agent - start_time: '2022-08-03T14:00:00.000Z' - version: 8.4.0 - schema: - $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' - required: true + - in: path + name: agent_id + required: true + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk upgrade agents + summary: Get an action request log tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}: - delete: - operationId: delete-agent-upload-file + - Security Endpoint Management API + /api/endpoint/action_status: + get: + description: Get the status of response actions for the specified agent IDs. + operationId: EndpointGetActionsStatus + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + agent_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - deleted: - type: boolean - id: - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete file uploaded by agent + summary: Get response actions status tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - /api/fleet/agents/files/{fileId}/{fileName}: + - Security Endpoint Management API + /api/endpoint/action/{action_id}: get: - operationId: get-agent-upload-file + description: Get the details of a response action using the action ID. + operationId: EndpointGetActionsDetails + parameters: + - in: path + name: action_id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - items: - type: object - properties: - body: {} - headers: {} + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get file uploaded by agent + summary: Get action details tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - /api/fleet/agents/setup: + - Security Endpoint Management API + /api/endpoint/action/{action_id}/file/{file_id}: get: - operationId: get-agents-setup-status + description: Get information for the specified file using the file ID. + operationId: EndpointFileInfo + parameters: + - in: path + name: action_id + required: true + schema: + type: string + - in: path + name: file_id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_status_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent setup info + summary: Get file information tags: - - Elastic Agents - post: - operationId: setup-agents + - Security Endpoint Management API + /api/endpoint/action/{action_id}/file/{file_id}/download: + get: + description: Download a file from an endpoint. + operationId: EndpointFileDownload parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - admin_password: - type: string - admin_username: - type: string - required: - - admin_username - - admin_password + - in: path + name: action_id + required: true + schema: + type: string + - in: path + name: file_id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Initiate agent setup + summary: Download a file tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - operationId: get-agent-tags + - Security Endpoint Management API + /api/endpoint/action/execute: + post: + description: Run a shell command on an endpoint. + operationId: EndpointExecuteAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agent_tags_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent tags + summary: Run a command tags: - - Elastic Agents - /api/fleet/data_streams: - get: - operationId: data-streams-list + - Security Endpoint Management API + /api/endpoint/action/get_file: + post: + description: Get a file from an endpoint. + operationId: EndpointGetFileAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data_streams: - items: - $ref: '#/components/schemas/Fleet_data_stream' - type: array + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List data streams + summary: Get a file tags: - - Data streams - parameters: [] - /api/fleet/enrollment_api_keys: - get: - operationId: get-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' + - Security Endpoint Management API + /api/endpoint/action/isolate: + post: + description: >- + Isolate an endpoint from the network. The endpoint remains isolated + until it's released. + operationId: EndpointIsolateAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + summary: Isolate an endpoint tags: - - Fleet enrollment API keys + - Security Endpoint Management API + /api/endpoint/action/kill_process: post: - operationId: create-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: Terminate a running process on an endpoint. + operationId: EndpointKillProcessAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - name: - description: The name of the enrollment API key. Must be unique. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. - type: string - required: - - policy_id + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key + summary: Terminate a process tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - operationId: delete-enrollment-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Endpoint Management API + /api/endpoint/action/running_procs: + post: + description: Get a list of all processes running on an endpoint. + operationId: EndpointGetProcessesAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Revoke enrollment API key by ID by marking it as inactive + summary: Get running processes tags: - - Fleet enrollment API keys + - Security Endpoint Management API + /api/endpoint/action/scan: + post: + description: Scan a specific file or directory on an endpoint for malware. + operationId: EndpointScanAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Scan a file or directory + tags: + - Security Endpoint Management API + /api/endpoint/action/state: get: - operationId: get-enrollment-api-key + description: >- + Get a response actions state, which reports whether encryption is + enabled. + operationId: EndpointGetActionsState responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + summary: Get actions state tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId + - Security Endpoint Management API + /api/endpoint/action/suspend_process: + post: + description: Suspend a running process on an endpoint. + operationId: EndpointSuspendProcessAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody required: true - schema: - type: string - /api/fleet/enrollment-api-keys: - get: - deprecated: true - operationId: get-enrollment-api-keys-deprecated - parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + summary: Suspend a process tags: - - Fleet enrollment API keys + - Security Endpoint Management API + /api/endpoint/action/unisolate: post: - deprecated: true - operationId: create-enrollment-api-keys-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: Release an isolated endpoint, allowing it to rejoin a network. + operationId: EndpointUnisolateAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key + summary: Release an isolated endpoint tags: - - Fleet enrollment API keys - /api/fleet/enrollment-api-keys/{keyId}: - delete: - deprecated: true - operationId: delete-enrollment-api-key-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Endpoint Management API + /api/endpoint/action/upload: + post: + description: Upload a file to an endpoint. + operationId: EndpointUploadAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID + summary: Upload a file tags: - - Fleet enrollment API keys + - Security Endpoint Management API + /api/endpoint/metadata: get: - deprecated: true - operationId: get-enrollment-api-key-deprecated + operationId: GetEndpointMetadataList + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + summary: Get a metadata list tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/epm/bulk_assets: - post: - operationId: bulk-get-assets - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assetIds: - description: list of items necessary to fetch assets - items: - type: object - properties: - id: - type: string - type: - type: string - type: array - required: - - assetIds + - Security Endpoint Management API + /api/endpoint/metadata/{id}: + get: + operationId: GetEndpointMetadata + parameters: + - in: path + name: id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get assets + summary: Get metadata tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: + - Security Endpoint Management API + /api/endpoint/metadata/transforms: get: - operationId: get-package-categories + operationId: GetEndpointMetadataTransform responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_categories_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package categories + summary: Get metadata transforms tags: - - Elastic Package Manager (EPM) - parameters: - - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: include_policy_templates - schema: - default: false - type: boolean - /api/fleet/epm/packages: + - Security Endpoint Management API + /api/endpoint/policy_response: get: - operationId: list-all-packages + operationId: GetPolicyResponse parameters: - - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. - in: query - name: excludeInstallStatus - schema: - default: false - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - in: query - name: category + name: query + required: true schema: - type: string + type: object + properties: + agentId: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_packages_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List packages + summary: Get a policy response tags: - - Elastic Package Manager (EPM) - post: - description: '' - operationId: install-package-by-upload + - Security Endpoint Management API + /api/endpoint/policy/summaries: + get: + deprecated: true + operationId: GetAgentPolicySummary parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors + - in: query + name: query + required: true schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover + type: object + properties: + package_name: + type: string + policy_id: + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get an agent policy summary + tags: + - Security Endpoint Management API + /api/endpoint/protection_updates_note/{package_policy_id}: + get: + operationId: GetProtectionUpdatesNote + parameters: + - in: path + name: package_policy_id + required: true schema: - default: false - type: boolean - requestBody: - content: - application/gzip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - application/zip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - _meta: - type: object - properties: - install_source: - enum: - - upload - - registry - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '429': - $ref: '#/components/responses/Fleet_error' - summary: Install by package by direct upload + summary: Get a protection updates note tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: + - Security Endpoint Management API post: - operationId: bulk-install-packages + operationId: CreateUpdateProtectionUpdatesNote parameters: - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease + - in: path + name: package_policy_id + required: true schema: - default: false - type: boolean + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - force: - description: force install to ignore package verification errors - type: boolean - packages: - description: list of packages to install - items: - oneOf: - - description: package name - type: string - - type: object - properties: - name: - description: package name - type: string - version: - description: package version - type: string - type: array - required: - - packages + note: + type: string + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk install packages + summary: Create or update a protection updates note tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgkey}: - delete: - deprecated: true - operationId: delete-package-deprecated + - Security Endpoint Management API + /api/endpoint/suggestions/{suggestion_type}: + post: + operationId: GetEndpointSuggestions parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - in: path - name: pkgkey + name: suggestion_type required: true schema: + enum: + - eventFilters type: string requestBody: content: @@ -7948,8 +8112,29 @@ paths: schema: type: object properties: - force: - type: boolean + field: + type: string + fieldMeta: {} + filters: {} + query: + type: string + required: + - parameters + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Get suggestions + tags: + - Security Endpoint Management API + /api/entity_store/engines: + get: + operationId: ListEntityEngines responses: '200': content: @@ -7957,109 +8142,110 @@ paths: schema: type: object properties: - response: + count: + type: integer + engines: items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor type: array - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete ackage + description: Successful response + summary: List the Entity Engines tags: - - Elastic Package Manager (EPM) - get: - deprecated: true - operationId: get-package-deprecated + - Security Entity Analytics API + /api/entity_store/engines/{entityType}: + delete: + operationId: DeleteEntityEngine parameters: - - in: path - name: pkgkey + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType required: true schema: - type: string - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + - description: Control flag to also delete the entity data. in: query - name: prerelease + name: data + required: false schema: - default: false type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - response: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - savedObject: - type: string - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + properties: + deleted: + type: boolean + description: Successful response + summary: Delete the Entity Engine tags: - - Elastic Package Manager (EPM) - post: - deprecated: true - description: '' - operationId: install-package-deprecated + - Security Entity Analytics API + get: + operationId: GetEntityEngine parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType required: true schema: - type: string - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + description: Successful response + summary: Get an Entity Engine + tags: + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/init: + post: + operationId: InitEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true schema: - default: false - type: boolean + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - force: - type: boolean + filter: + type: string + indexPattern: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + description: Schema for the engine initialization + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + description: Successful response + summary: Initialize an Entity Engine + tags: + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/start: + post: + operationId: StartEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -8067,49 +8253,22 @@ paths: schema: type: object properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package + started: + type: boolean + description: Successful response + summary: Start an Entity Engine tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - operationId: delete-package + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/stats: + post: + operationId: GetEntityEngineStats parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: delete package even if policies used by agents - in: query - name: force + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - deprecated: true - type: object - properties: - force: - type: boolean + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -8117,130 +8276,94 @@ paths: schema: type: object properties: - items: + indexPattern: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + indices: items: type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package + status: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineStatus + transforms: + items: + type: object + type: array + type: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityType + description: Successful response + summary: Get Entity Engine stats tags: - - Elastic Package Manager (EPM) - get: - operationId: get-package + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/stop: + post: + operationId: StopEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - item: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - licensePath: - type: string - notice: - type: string - savedObject: - deprecated: true - type: object - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject type: object - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + properties: + stopped: + type: boolean + description: Successful response + summary: Stop an Entity Engine tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry - in: query - name: full - schema: - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - post: - description: '' - operationId: install-package + - Security Entity Analytics API + /api/entity_store/entities/list: + get: + description: List entities records, paging, sorting and filtering as needed. + operationId: ListEntities parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors + - in: query + name: sort_field + required: false schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update + type: string + - in: query + name: sort_order + required: false + schema: + enum: + - asc + - desc + type: string + - in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - in: query + name: per_page + required: false + schema: + maximum: 10000 + minimum: 1 + type: integer + - description: An ES query to filter by. in: query - name: skipDataStreamRollover + name: filterQuery + required: false schema: - default: false - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - ignore_constraints: - type: boolean + type: string + - in: query + name: entities_types + required: true + schema: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array responses: '200': content: @@ -8248,559 +8371,597 @@ paths: schema: type: object properties: - _meta: - type: object - properties: - install_source: - enum: - - registry - - upload - - bundled - type: string - items: + inspect: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_InspectQuery + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_Entity type: array + total: + minimum: 0 + type: integer required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package + - records + - page + - per_page + - total + description: Entities returned successfully + summary: List Entity Store Entities tags: - - Elastic Package Manager (EPM) - put: - description: '' - operationId: update-package - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - keepPoliciesUpToDate: - type: boolean - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package settings - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: - get: - operationId: packages-get-file + - Security Entity Analytics API + /api/exception_lists: + delete: + description: Delete an exception list using the `id` or `list_id` field. + operationId: DeleteExceptionList + parameters: + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - headers: - type: object - statusCode: - type: number - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package file + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Delete an exception list tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: - post: - description: '' - operationId: reauthorize-transforms + - Security Exceptions API + get: + description: Get the details of an exception list using the `id` or `list_id` field. + operationId: ReadExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false schema: - type: string - - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified in: query - name: prerelease + name: list_id + required: false schema: - default: false - type: boolean + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list details + tags: + - Security Exceptions API + post: + description: > + An exception list groups exception items and can be associated with + detection rules. You can assign detection rules with multiple exception + lists. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. + operationId: CreateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - transforms: - items: - type: object - properties: - transformId: - type: string - type: array + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion + default: 1 + required: + - name + - description + - type + description: Exception list's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - error: - type: string - success: - type: boolean - transformId: - type: string - required: - - transformId - - error - type: array - required: - - items - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Authorize transforms - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: - get: - operationId: get-package-stats - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - response: - $ref: '#/components/schemas/Fleet_package_usage_stats' - required: - - response - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package stats - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - /api/fleet/epm/packages/limited: - get: - operationId: list-limited-packages - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: string - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get limited package list - tags: - - Elastic Package Manager (EPM) - parameters: [] - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: - get: - operationId: get-inputs-template - responses: - '200': - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get inputs template - tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Format of response - json or yaml - in: query - name: format - schema: - enum: - - json - - yaml - - yml - type: string - - description: Specify if version is prerelease - in: query - name: prerelease - schema: - type: boolean - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - /api/fleet/epm/verification_key_id: - get: - operationId: packages-get-verification-key-id - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - id: - description: >- - the key ID of the GPG key used to verify package - signatures - nullable: true - type: string - headers: - type: object - statusCode: - type: number - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package signature verification key ID - tags: - - Elastic Package Manager (EPM) - parameters: [] - /api/fleet/fleet_server_hosts: - get: - operationId: get-fleet-server-hosts - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_fleet_server_host' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List Fleet Server hosts + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create an exception list tags: - - Fleet Server hosts - post: - operationId: post-fleet-server-hosts + - Security Exceptions API + put: + description: Update an exception list using the `id` or `list_id` field. + operationId: UpdateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - host_urls: - items: - type: string - type: array - id: + _version: type: string - is_default: - type: boolean - is_internal: - type: boolean + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - type: string + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion required: - name - - host_urls + - description + - type + description: Exception list's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create Fleet Server host - tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: - delete: - operationId: delete-fleet-server-hosts - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete Fleet Server host by ID - tags: - - Fleet Server hosts - get: - operationId: get-one-fleet-server-hosts - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get Fleet Server host by ID + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list tags: - - Fleet Server hosts - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-server-hosts + - Security Exceptions API + /api/exception_lists/_duplicate: + post: + description: Duplicate an existing exception list. + operationId: DuplicateExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host_urls: - items: - type: string - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - nullable: true - type: string + - description: Exception list's human identifier + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions + required: true + schema: + default: 'true' + enum: + - 'true' + - 'false' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Update Fleet Server host by ID - tags: - - Fleet Server hosts - /api/fleet/health_check: - post: - operationId: fleet-server-health-check - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - deprecated: true - type: string - id: - type: string - required: - - id - required: true - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - host: - deprecated: true - type: string - id: - description: Fleet Server host id - type: string - status: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Fleet Server health check + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list to duplicate not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Duplicate an exception list tags: - - Fleet internals - /api/fleet/kubernetes: - get: - operationId: get-full-k8s-manifest + - Security Exceptions API + /api/exception_lists/_export: + post: + description: Export an exception list and its associated items to an NDJSON file. + operationId: ExportExceptionList parameters: - - in: query - name: download - required: false + - description: Exception list's identifier + in: query + name: id + required: true schema: - type: boolean - - in: query - name: fleetServer - required: false + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human identifier + in: query + name: list_id + required: true schema: - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query - name: enrolToken - required: false + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions + required: true schema: + default: 'true' + enum: + - 'true' + - 'false' type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - type: string - description: OK + description: >- + A `.ndjson` file containing specified exception list and its + items + format: binary + type: string + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full K8s agent manifest - tags: - - Fleet Kubernetes - /api/fleet/logstash_api_keys: - post: - operationId: generate-logstash-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - api_key: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Generate Logstash API key + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Export an exception list tags: - - Fleet outputs - /api/fleet/outputs: + - Security Exceptions API + /api/exception_lists/_find: get: - operationId: get-outputs + description: Get a list of all exception lists. + operationId: FindExceptionLists + parameters: + - description: > + Filters the returned results according to the value of the specified + field. + + + Uses the `so type.field name:field` value syntax, where `so type` + can be: + + + - `exception-list`: Specify a space-aware exception list. + + - `exception-list-agnostic`: Specify an exception list that is + shared across spaces. + in: query + name: filter + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type + required: false + schema: + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - description: The number of exception lists to return per page + in: query + name: per_page + required: false + schema: + minimum: 1 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + type: string + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string responses: '200': content: @@ -8808,29 +8969,112 @@ paths: schema: type: object properties: - items: + data: items: - $ref: '#/components/schemas/Fleet_output_create_request' + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionList type: array page: + minimum: 1 type: integer - perPage: + per_page: + minimum: 1 type: integer total: + minimum: 0 type: integer - description: OK + required: + - data + - page + - per_page + - total + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List outputs + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception lists tags: - - Fleet outputs + - Security Exceptions API + /api/exception_lists/_import: post: - operationId: post-outputs + description: Import an exception list and its associated items from an NDJSON file. + operationId: ImportExceptionList + parameters: + - description: > + Determines whether existing exception lists with the same `list_id` + are overwritten. + + If any exception items have the same `item_id`, those are also + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: > + Determines whether the list being imported will have a new `list_id` + generated. + + Additional `item_id`'s are generated for each exception item. Both + the exception + + list and its items are overwritten. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_output_create_request' + type: object + properties: + file: + description: A `.ndjson` file containing the exception list + format: binary + type: string required: true responses: '200': @@ -8839,473 +9083,784 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK + errors: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray + success: + type: boolean + success_count: + minimum: 0 + type: integer + success_count_exception_list_items: + minimum: 0 + type: integer + success_count_exception_lists: + minimum: 0 + type: integer + success_exception_list_items: + type: boolean + success_exception_lists: + type: boolean + required: + - errors + - success + - success_count + - success_exception_lists + - success_count_exception_lists + - success_exception_list_items + - success_count_exception_list_items + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create output - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - operationId: delete-output - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete output by ID - tags: - - Fleet outputs - get: - operationId: get-output - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get output by ID + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Import an exception list tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - put: - operationId: update-output + - Security Exceptions API + /api/exception_lists/items: + delete: + description: Delete an exception list item using the `id` or `item_id` field. + operationId: DeleteExceptionListItem parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_update_request' + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_update_request' - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Update output by ID - tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - operationId: get-output-health - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get latest output health + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Delete an exception list item tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - /api/fleet/package_policies: + - Security Exceptions API get: - operationId: get-package-policies + description: >- + Get the details of an exception list item using the `id` or `item_id` + field. + operationId: ReadExceptionListItem parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List package policies - tags: - - Fleet package policies - parameters: [] - post: - operationId: create-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - description: >- - You should use inputs as an object and not use the deprecated inputs - array. - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Create package policy + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list item tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: + - Security Exceptions API post: - operationId: bulk-get-package-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' + description: > + Create an exception item and associate it with the specified exception + list. + + > info + + > Before creating exception items, you must create an exception list. + operationId: CreateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - - ids + - list_id + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - required: - - items - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get package policies - tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - operationId: delete-package-policy - parameters: - - in: query - name: force - schema: - type: boolean - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy by ID - tags: - - Fleet package policies - get: - operationId: get-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_format' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package policy by ID - tags: - - Fleet package policies - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - put: - operationId: update-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package policy by ID - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - operationId: post-delete-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy - tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: - post: - operationId: upgrade-package-policy - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item already exists response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade package policy to a newer package version + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create an exception list item tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - operationId: upgrade-package-policy-dry-run + - Security Exceptions API + put: + description: Update an exception list item using the `id` or `item_id` field. + operationId: UpdateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: + _version: type: string + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string + id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemType required: - - packagePolicyIds + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - agent_diff: - $ref: '#/components/schemas/Fleet_upgrade_agent_diff' - diff: - $ref: '#/components/schemas/Fleet_upgrade_diff' - hasErrors: - type: boolean - required: - - hasErrors - type: array - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Dry run package policy upgrade - tags: - - Fleet package policies - /api/fleet/proxies: - get: - operationId: get-fleet-proxies - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_proxies' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List proxies + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list item tags: - - Fleet proxies - post: - operationId: post-fleet-proxies - requestBody: + - Security Exceptions API + /api/exception_lists/items/_find: + get: + description: Get a list of all exception list items in the specified list. + operationId: FindExceptionListItems + parameters: + - description: List's id + in: query + name: list_id + required: true + schema: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + type: array + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. + in: query + name: filter + required: false + schema: + default: [] + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter + type: array + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type + required: false + schema: + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - in: query + name: search + required: false + schema: + type: string + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list items + tags: + - Security Exceptions API + /api/exception_lists/summary: + get: + description: Get a summary of the specified exception list. + operationId: ReadExceptionListSummary + parameters: + - description: Exception list's identifier generated upon creation + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human readable identifier + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + - description: Search filter clause + in: query + name: filter + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + linux: + minimum: 0 + type: integer + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list summary + tags: + - Security Exceptions API + /api/exceptions/shared: + post: + description: > + An exception list groups exception items and can be associated with + detection rules. A shared exception list can apply to multiple detection + rules. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. + operationId: CreateSharedExceptionList + requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + required: + - name + - description + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create a shared exception list + tags: + - Security Exceptions API + /api/fleet/agent_download_sources: + get: + operationId: get-download-sources + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_download_sources' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources + tags: + - Elastic Agent binary download sources + post: + operationId: post-download-sources + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: type: string id: type: string + is_default: + type: boolean name: type: string - proxy_headers: - type: object - url: - type: string required: - name - - url + - host + - is_default responses: '200': content: @@ -9314,16 +9869,16 @@ paths: type: object properties: item: - $ref: '#/components/schemas/Fleet_proxies' + $ref: '#/components/schemas/Fleet_download_sources' description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Create proxy + summary: Create agent binary download source tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: + - Elastic Agent binary download sources + /api/fleet/agent_download_sources/{sourceId}: delete: - operationId: delete-fleet-proxies + operationId: delete-download-source parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: @@ -9340,11 +9895,11 @@ paths: description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Delete proxy by ID + summary: Delete agent binary download source by ID tags: - - Fleet proxies + - Elastic Agent binary download sources get: - operationId: get-one-fleet-proxies + operationId: get-one-download-source responses: '200': content: @@ -9353,23 +9908,23 @@ paths: type: object properties: item: - $ref: '#/components/schemas/Fleet_proxies' + $ref: '#/components/schemas/Fleet_download_sources' required: - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get proxy by ID + summary: Get agent binary download source by ID tags: - - Fleet proxies + - Elastic Agent binary download sources parameters: - in: path - name: itemId + name: sourceId required: true schema: type: string put: - operationId: update-fleet-proxies + operationId: update-download-source parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: @@ -9378,18 +9933,16 @@ paths: schema: type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: + host: type: string + is_default: + type: boolean name: type: string - proxy_headers: - type: object - url: - type: string + required: + - name + - is_default + - host responses: '200': content: @@ -9398,20 +9951,40 @@ paths: type: object properties: item: - $ref: '#/components/schemas/Fleet_proxies' + $ref: '#/components/schemas/Fleet_download_sources' required: - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Update proxy by ID + summary: Update agent binary download source by ID tags: - - Fleet proxies - /api/fleet/service_tokens: - post: - operationId: generate-service-token + - Elastic Agent binary download sources + /api/fleet/agent_policies: + get: + description: '' + operationId: agent-policy-list parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. + in: query + name: full + schema: + type: boolean + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. + in: query + name: noAgentCount + schema: + type: boolean responses: '200': content: @@ -9419,22 +9992,36 @@ paths: schema: type: object properties: - name: - type: string - value: - type: string + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Create service token + summary: List agent policies tags: - - Fleet service tokens - /api/fleet/service-tokens: + - Elastic Agent policies post: - deprecated: true - operationId: generate-service-token-deprecated + operationId: create-agent-policy parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_create_request' responses: '200': content: @@ -9442,105 +10029,289 @@ paths: schema: type: object properties: - name: - type: string - value: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: + post: + operationId: bulk-get-agent-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of agent policy ids + items: type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Create service token + summary: Bulk get agent policies tags: - - Fleet service tokens - /api/fleet/settings: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}: get: - operationId: get-settings + description: Get one agent policy + operationId: agent-policy-info + parameters: [] responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get settings + summary: Get agent policy by ID tags: - - Fleet internals + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' put: - operationId: update-settings + operationId: update-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - additional_yaml_config: - type: string - fleet_server_hosts: - description: Protocol and path must be the same for each URL - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean + $ref: '#/components/schemas/Fleet_agent_policy_update_request' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Update settings + summary: Update agent policy by ID tags: - - Fleet internals - /api/fleet/setup: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/copy: + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' post: - operationId: setup + operationId: agent-policy-copy parameters: - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + type: string + name: + type: string + required: + - name + description: '' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item description: OK '400': $ref: '#/components/responses/Fleet_error' - '500': + summary: Copy agent policy by ID + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/download: + get: + operationId: agent-policy-download + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - message: + item: type: string - description: Internal Server Error - summary: Initiate Fleet setup + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID tags: - - Fleet internals - /api/fleet/uninstall_tokens: - get: - operationId: get-uninstall-tokens - parameters: - - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - minimum: 5 - type: integer - - $ref: '#/components/parameters/Fleet_page_index' - - description: Partial match filtering for policy IDs - in: query + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/{agentPolicyId}/full: + get: + operationId: agent-policy-full + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/delete: + parameters: [] + post: + operationId: delete-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + agentPolicyId: + type: string + force: + description: >- + bypass validation checks that can prevent agent policy + deletion + type: boolean + required: + - agentPolicyId + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + success: + type: boolean + required: + - id + - success + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID + tags: + - Elastic Agent policies + /api/fleet/agent_status: + get: + operationId: get-agent-status + parameters: + - in: query name: policyId required: false schema: type: string + - deprecated: true + in: query + name: kuery + required: false + schema: + type: string responses: '200': content: @@ -9548,47 +10319,57 @@ paths: schema: type: object properties: - items: - items: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - required: - - id - - policy_id - - created_at - type: array - page: - type: number - perPage: - type: number + active: + type: integer + all: + type: integer + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer total: - type: number + deprecated: true + type: integer + unenrolled: + type: integer + updating: + type: integer required: - - items + - active + - all + - error + - events + - inactive + - offline + - online + - other - total - - page - - perPage + - updating description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: List metadata for latest uninstall tokens per agent policy + summary: Get agent status summary tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: + - Elastic Agent status + /api/fleet/agent_status/data: get: - operationId: get-uninstall-token + operationId: get-agent-data parameters: - - in: path - name: uninstallTokenId + - in: query + name: agentsIds required: true schema: - type: string + items: + type: string + type: array responses: '200': content: @@ -9596,5811 +10377,21848 @@ paths: schema: type: object properties: - item: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - token: - type: string - required: - - id - - token - - policy_id - - created_at - required: - - item + items: + items: + additionalProperties: + type: object + properties: + data: + type: boolean + type: object + type: array description: OK '400': $ref: '#/components/responses/Fleet_error' - summary: Get one decrypted uninstall token by its ID + summary: Get incoming agent data tags: - - Fleet uninstall tokens - /api/ml/saved_objects/sync: + - Elastic Agent status + /api/fleet/agent-status: get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models. This API runs automatically when you start Kibana and - periodically thereafter. - operationId: mlSync + deprecated: true + operationId: get-agent-status-deprecated parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + - in: query + name: policyId + required: false + schema: + type: string responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' - schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync machine learning saved objects - tags: - - ml - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary + tags: + - Elastic Agent status + /api/fleet/agents: + get: + operationId: get-agents parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents + tags: + - Elastic Agents + post: + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_request schema: type: object properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. + actionIds: items: - type: object + type: string type: array - type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array + required: + - policy_id required: true responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_export_objects_response + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids + tags: + - Elastic Agents + /api/fleet/agents/{agentId}: + delete: + operationId: delete-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true type: object - description: Indicates a successful call. + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID + tags: + - Elastic Agents + get: + operationId: get-agent + parameters: + - $ref: '#/components/parameters/Fleet_with_metrics' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Export saved objects + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent parameters: - - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. - in: query - name: createNewCopies - required: false - schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: overwrite - required: false - schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_request + application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. + tags: + items: + type: string + type: array + user_provided_metadata: + type: object required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: >- - #/components/examples/Serverless_saved_objects_import_objects_response schema: type: object properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. - type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID + tags: + - Elastic Agents + /api/fleet/agents/{agentId}/actions: + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: new-agent-action + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + $ref: '#/components/schemas/Fleet_agent_action' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: items: - type: object + type: number type: array - description: Indicates a successful call. + headers: + type: string + statusCode: + type: number + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action + tags: + - Elastic Agent actions + /api/fleet/agents/{agentId}/reassign: + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: reassign-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + policy_id: + type: string + required: + - policy_id + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Serverless_saved_objects_400_response' - description: Bad request. - summary: Import saved objects + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/spaces/space: - get: - description: Get all spaces - operationId: '%2Fapi%2Fspaces%2Fspace#0' + - Elastic Agents + put: + deprecated: true + operationId: reassign-agent-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: {} - summary: '' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + policy_id: + type: string + required: + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent tags: - - spaces + - Elastic Agents + /api/fleet/agents/{agentId}/request_diagnostics: + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: Create a space - operationId: '%2Fapi%2Fspaces%2Fspace#1' + operationId: request-diagnostics-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _reserved: - type: boolean - color: - type: string - description: - type: string - disabledFeatures: - default: [] + additional_metrics: items: - type: string + oneOf: + - enum: + - CPU + type: string type: array - id: - type: string - imageUrl: - type: string - initials: - maxLength: 2 - type: string - name: - minLength: 1 - type: string - required: - - id - - name - responses: {} - summary: '' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics tags: - - spaces - /api/spaces/space/{id}: - delete: - description: Delete a space - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: id - required: true - schema: - type: string - responses: {} - summary: '' - tags: - - spaces - get: - description: Get a space - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: id - required: true - schema: - type: string - responses: {} - summary: '' - tags: - - spaces - put: - description: Update a space - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + - Elastic Agents + /api/fleet/agents/{agentId}/unenroll: + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: unenroll-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _reserved: + force: + type: boolean + revoke: type: boolean - color: - type: string - description: - type: string - disabledFeatures: - default: [] - items: - type: string - type: array - id: - type: string - imageUrl: - type: string - initials: - maxLength: 2 - type: string - name: - minLength: 1 - type: string - required: - - id - - name - responses: {} - summary: '' - tags: - - spaces - /api/status: - get: - operationId: '%2Fapi%2Fstatus#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': + type: object + description: OK + '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: number + description: BAD REQUEST + summary: Unenroll agent tags: - - system - /s/{spaceId}/api/observability/slos: - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp + - Elastic Agents + /api/fleet/agents/{agentId}/upgrade: + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: upgrade-agent parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: The page to use for pagination, must be greater or equal than 1 - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_upgrade_agent' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent + tags: + - Elastic Agents + /api/fleet/agents/{agentId}/uploads: + get: + operationId: list-agent-uploads + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + type: object + properties: + body: + type: object + properties: + item: + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /api/fleet/agents/action_status: + get: + operationId: agents-action-status + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - in: query + name: errorSize + schema: + default: 5 + type: integer + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs + type: object + properties: + items: + items: + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + latestErrors: + description: >- + latest errors that happened when the agents executed + the action + items: + type: object + properties: + agentId: + type: string + error: + type: string + timestamp: + type: string + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: string + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status tags: - - slo + - Elastic Agent actions + /api/fleet/agents/actions/{actionId}/cancel: + parameters: + - in: path + name: actionId + required: true + schema: + type: string post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp + operationId: agent-action-cancel parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - servers: - - url: https://localhost:5601 - summary: Create an SLO + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - slo - /s/{spaceId}/api/observability/slos/_delete_instances: + - Elastic Agent actions + /api/fleet/agents/bulk_reassign: post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp + operationId: bulk-reassign-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' - required: true + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + policy_id: + description: new agent policy id + type: string + required: + - policy_id + - agents responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - servers: - - url: https://localhost:5601 - summary: Batch delete rollup and summary data + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}: - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp + - Elastic Agents + /api/fleet/agents/bulk_request_diagnostics: + post: + operationId: bulk-request-diagnostics parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + required: + - agents responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents tags: - - slo - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp + - Elastic Agents + /api/fleet/agents/bulk_unenroll: + post: + operationId: bulk-unenroll-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + force: false + revoke: true + schema: + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request + type: object + properties: + actionId: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents + tags: + - Elastic Agents + /api/fleet/agents/bulk_update_agent_tags: + post: + operationId: bulk-update-agent-tags + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag + schema: + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp + - Elastic Agents + /api/fleet/agents/bulk_upgrade: + post: + operationId: bulk-upgrade-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: https://artifacts.elastic.co/downloads/beats/elastic-agent + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 schema: - $ref: '#/components/schemas/SLOs_update_slo_request' + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + type: object + properties: + actionId: + type: string + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents + tags: + - Elastic Agents + /api/fleet/agents/files/{fileId}: + delete: + operationId: delete-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + type: object + properties: + body: + type: object + properties: + deleted: + type: boolean + id: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + /api/fleet/agents/files/{fileId}/{fileName}: + get: + operationId: get-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + type: object + properties: + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /api/fleet/agents/setup: + get: + operationId: get-agents-setup-status + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent setup info tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/_reset: + - Elastic Agents post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp + operationId: setup-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + admin_password: + type: string + admin_username: + type: string + required: + - admin_username + - admin_password responses: - '204': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup + tags: + - Elastic Agents + /api/fleet/agents/tags: + get: + operationId: get-agent-tags + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags + tags: + - Elastic Agents + /api/fleet/data_streams: + get: + operationId: data-streams-list + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /api/fleet/enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/disable: + - Fleet enrollment API keys post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp + operationId: create-enrollment-api-keys parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + description: The name of the enrollment API key. Must be unique. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - policy_id responses: '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/enable: + - Fleet enrollment API keys + /api/fleet/enrollment_api_keys/{keyId}: + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Revoke enrollment API key by ID by marking it as inactive + tags: + - Fleet enrollment API keys + get: + operationId: get-enrollment-api-key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp + deprecated: true + operationId: create-enrollment-api-keys-deprecated parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: - '204': - description: Successful request + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + /api/fleet/enrollment-api-keys/{keyId}: + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + deprecated: true + operationId: get-enrollment-api-key-deprecated + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/epm/bulk_assets: + post: + operationId: bulk-get-assets + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array + required: + - assetIds + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: + get: + operationId: get-package-categories + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories tags: - - slo -components: - examples: - Data_views_create_data_view_request: - summary: Create a data view with runtime fields. - value: - data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: emit(doc['shape_name'].value) - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. - value: - name: runtimeFoo - runtimeField: - script: - source: emit(doc["foo"].value) - type: long - Data_views_get_data_view_response: - summary: >- - The get data view API returns a JSON object that contains information - about the data view. - value: - data_view: - allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 - fieldFormats: - products.base_price: - id: number - params: - pattern: $0,0.00 - products.base_unit_price: - id: number - params: - pattern: $0,0.00 - products.min_price: - id: number - params: - pattern: $0,0.00 - products.price: - id: number - params: - pattern: $0,0.00 - products.taxful_price: - id: number - params: - pattern: $0,0.00 - products.taxless_price: - id: number - params: - pattern: $0,0.00 - taxful_total_price: - id: number - params: - pattern: $0,0.[00] - taxless_total_price: - id: number - params: - pattern: $0,0.00 - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: category + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /api/fleet/epm/packages: + get: + operationId: list-all-packages + parameters: + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus + schema: + default: false + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: category + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List packages + tags: + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary type: string - currency: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: currency - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgkey}: + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + get: + deprecated: true + operationId: get-package-deprecated + parameters: + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}: + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package + tags: + - Elastic Package Manager (EPM) + get: + operationId: get-package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: + get: + operationId: packages-get-file + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + post: + description: '' + operationId: reauthorize-transforms + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + transforms: + items: + type: object + properties: + transformId: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/stats: + get: + operationId: get-package-stats + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + /api/fleet/epm/packages/limited: + get: + operationId: list-limited-packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: + get: + operationId: get-inputs-template + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /api/fleet/epm/verification_key_id: + get: + operationId: packages-get-verification-key-id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/fleet_server_hosts: + get: + operationId: get-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + post: + operationId: post-fleet-server-hosts + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + /api/fleet/fleet_server_hosts/{itemId}: + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID + tags: + - Fleet Server hosts + /api/fleet/health_check: + post: + operationId: fleet-server-health-check + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + type: string + required: + - id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + description: Fleet Server host id + type: string + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check + tags: + - Fleet internals + /api/fleet/kubernetes: + get: + operationId: get-full-k8s-manifest + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + /api/fleet/logstash_api_keys: + post: + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /api/fleet/outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}: + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID + tags: + - Fleet outputs + get: + operationId: get-output + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + put: + operationId: update-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}/health: + get: + operationId: get-output-health + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /api/fleet/package_policies: + get: + operationId: get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy + tags: + - Fleet package policies + /api/fleet/package_policies/_bulk_get: + post: + operationId: bulk-get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get package policies + tags: + - Fleet package policies + /api/fleet/package_policies/{packagePolicyId}: + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID + tags: + - Fleet package policies + get: + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID + tags: + - Fleet package policies + /api/fleet/package_policies/delete: + post: + operationId: post-delete-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade: + post: + operationId: upgrade-package-policy + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade + tags: + - Fleet package policies + /api/fleet/proxies: + get: + operationId: get-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List proxies + tags: + - Fleet proxies + post: + operationId: post-fleet-proxies + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create proxy + tags: + - Fleet proxies + /api/fleet/proxies/{itemId}: + delete: + operationId: delete-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID + tags: + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/settings: + get: + operationId: get-settings + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings + tags: + - Fleet internals + /api/fleet/setup: + post: + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + description: Internal Server Error + summary: Initiate Fleet setup + tags: + - Fleet internals + /api/fleet/uninstall_tokens: + get: + operationId: get-uninstall-tokens + parameters: + - description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + /api/fleet/uninstall_tokens/{uninstallTokenId}: + get: + operationId: get-uninstall-token + parameters: + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID + tags: + - Fleet uninstall tokens + /api/lists: + delete: + description: | + Delete a list using the list ID. + > info + > When you delete a list, all of its list items are also deleted. + operationId: DeleteList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - in: query + name: deleteReferences + required: false + schema: + default: false + type: boolean + - in: query + name: ignoreReferences + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list + tags: + - Security Lists API + get: + description: Get the details of a list using the list ID. + operationId: ReadList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list details + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list using the list ID. + operationId: PatchList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list + tags: + - Security Lists API + post: + description: Create a new list. + operationId: CreateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer + required: + - name + - description + - type + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list + tags: + - Security Lists API + put: + description: > + Update a list using the list ID. The original list is replaced, and all + unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + - name + - description + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list + tags: + - Security Lists API + /api/lists/_find: + get: + description: >- + Get a paginated subset of lists. By default, the first page is returned, + with 20 results per page. + operationId: FindLists + parameters: + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of lists to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_List' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get lists + tags: + - Security Lists API + /api/lists/index: + delete: + description: Delete the `.lists` and `.items` data streams. + operationId: DeleteListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete list data streams + tags: + - Security Lists API + get: + description: Verify that `.lists` and `.items` data streams exist. + operationId: ReadListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + list_index: + type: boolean + list_item_index: + type: boolean + required: + - list_index + - list_item_index + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream(s) not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get status of list data streams + tags: + - Security Lists API + post: + description: Create `.lists` and `.items` data streams in the relevant space. + operationId: CreateListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create list data streams + tags: + - Security Lists API + /api/lists/items: + delete: + description: Delete a list item using its `id`, or its `list_id` and `value` fields. + operationId: DeleteListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + default: 'false' + enum: + - 'true' + - 'false' + - wait_for + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list item + tags: + - Security Lists API + get: + description: Get the details of a list item. + operationId: ReadListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get a list item + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list item using the list item ID. + operationId: PatchListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list item + tags: + - Security Lists API + post: + description: > + Create a list item and associate it with the specified list. + + + All list items in the same list must be the same type. For example, each + list item in an `ip` list must define a specific IP address. + + > info + + > Before creating a list item, you must create a list. + operationId: CreateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - list_id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list item + tags: + - Security Lists API + put: + description: > + Update a list item using the list item ID. The original list item is + replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list item + tags: + - Security Lists API + /api/lists/items/_export: + post: + description: Export list item values from the specified list. + operationId: ExportListItems + parameters: + - description: List's id to export + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: A `.txt` file containing list items from the specified list + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Export list items + tags: + - Security Lists API + /api/lists/items/_find: + get: + description: Get all list items in the specified list. + operationId: FindListItems + parameters: + - description: List's id + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of list items to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: >- + #/components/schemas/Security_Lists_API_FindListItemsCursor + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list items + tags: + - Security Lists API + /api/lists/items/_import: + post: + description: > + Import list items from a TXT or CSV file. The maximum file size is 9 + million bytes. + + + You can import items to a new or existing list. + operationId: ImportListItems + parameters: + - description: | + List's id. + + Required when importing to an existing list. + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: > + Type of the importing list. + + + Required when importing a new list that is `list_id` is not + specified. + in: query + name: type + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListType' + - in: query + name: serializer + required: false + schema: + type: string + - in: query + name: deserializer + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + enum: + - 'true' + - 'false' + - wait_for + type: string + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: >- + A `.txt` or `.csv` file containing newline separated list + items + format: binary + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List with specified list_id does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Import list items + tags: + - Security Lists API + /api/lists/privileges: + get: + operationId: ReadListPrivileges + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + required: + - lists + - listItems + - is_authenticated + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list privileges + tags: + - Security Lists API + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models. This API runs automatically when you start Kibana and + periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync machine learning saved objects + tags: + - ml + /api/note: + delete: + description: Delete a note from a Timeline using the note ID. + operationId: DeleteNote + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + - nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + description: The ID of the note to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + description: Indicates the note was successfully deleted. + summary: Delete a note + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get all notes for a given document. + operationId: GetNotes + parameters: + - in: query + name: documentIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' + - in: query + name: savedObjectIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + - in: query + name: page + schema: + nullable: true + type: string + - in: query + name: perPage + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: sortField + schema: + nullable: true + type: string + - in: query + name: sortOrder + schema: + nullable: true + type: string + - in: query + name: filter + schema: + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object + description: Indicates the requested notes were returned. + summary: Get notes + tags: + - Security Timeline API + - access:securitySolution + patch: + description: Add a note to a Timeline or update an existing note. + operationId: PersistNoteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventDataView: + nullable: true + type: string + eventIngested: + nullable: true + type: string + eventTimestamp: + nullable: true + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + noteId: + nullable: true + type: string + overrideOwner: + nullable: true + type: boolean + version: + nullable: true + type: string + required: + - note + description: The note to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistNote: + $ref: >- + #/components/schemas/Security_Timeline_API_ResponseNote + required: + - persistNote + required: + - data + description: Indicates the note was successfully created. + summary: Add or update a note + tags: + - Security Timeline API + - access:securitySolution + /api/osquery/live_queries: + get: + description: Get a list of all live queries. + operationId: OsqueryFindLiveQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live queries + tags: + - Security Osquery API + post: + description: Create and run a live query. + operationId: OsqueryCreateLiveQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a live query + tags: + - Security Osquery API + /api/osquery/live_queries/{id}: + get: + description: Get the details of a live query using the query ID. + operationId: OsqueryGetLiveQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + schema: + additionalProperties: true + type: object + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query details + tags: + - Security Osquery API + /api/osquery/live_queries/{id}/results/{actionId}: + get: + description: Get the results of a live query using the query action ID. + operationId: OsqueryGetLiveQueryResults + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: path + name: actionId + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query results + tags: + - Security Osquery API + /api/osquery/packs: + get: + description: Get a list of all query packs. + operationId: OsqueryFindPacks + parameters: + - in: query + name: query + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get packs + tags: + - Security Osquery API + post: + description: Create a query pack. + operationId: OsqueryCreatePacks + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a pack + tags: + - Security Osquery API + /api/osquery/packs/{id}: + delete: + description: Delete a query pack using the pack ID. + operationId: OsqueryDeletePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a pack + tags: + - Security Osquery API + get: + description: Get the details of a query pack using the pack ID. + operationId: OsqueryGetPacksDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get pack details + tags: + - Security Osquery API + put: + description: | + Update a query pack using the pack ID. + > info + > You cannot update a prebuilt pack. + operationId: OsqueryUpdatePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a pack + tags: + - Security Osquery API + /api/osquery/saved_queries: + get: + description: Get a list of all saved queries. + operationId: OsqueryFindSavedQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved queries + tags: + - Security Osquery API + post: + description: Create and run a saved query. + operationId: OsqueryCreateSavedQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a saved query + tags: + - Security Osquery API + /api/osquery/saved_queries/{id}: + delete: + description: Delete a saved query using the query ID. + operationId: OsqueryDeleteSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a saved query + tags: + - Security Osquery API + get: + description: Get the details of a saved query using the query ID. + operationId: OsqueryGetSavedQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved query details + tags: + - Security Osquery API + put: + description: | + Update a saved query using the query ID. + > info + > You cannot update a prebuilt saved query. + operationId: OsqueryUpdateSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a saved query + tags: + - Security Osquery API + /api/pinned_event: + patch: + description: Pin an event to an existing Timeline. + operationId: PersistPinnedEventRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventId: + type: string + pinnedEventId: + nullable: true + type: string + timelineId: + type: string + required: + - eventId + - timelineId + description: The pinned event to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistPinnedEventOnTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + required: + - persistPinnedEventOnTimeline + required: + - data + description: Indicates the event was successfully pinned to the Timeline. + summary: Pin an event + tags: + - Security Timeline API + - access:securitySolution + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cleanup_successful: + type: boolean + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + description: Unexpected error + summary: Cleanup the Risk Engine + tags: + - Security Entity Analytics API + /api/risk_score/engine/schedule_now: + post: + description: >- + Schedule the risk scoring engine to run as soon as possible. You can use + this to recalculate entity risk scores after updating their asset + criticality. + operationId: ScheduleRiskEngineNow + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: {} + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + description: Unexpected error + summary: Run the risk scoring engine + tags: + - Security Entity Analytics API + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_request + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_export_objects_response + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Serverless_saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_request + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: >- + #/components/examples/Serverless_saved_objects_import_objects_response + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Serverless_saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/security_ai_assistant/anonymization_fields/_bulk_action: + post: + description: >- + Apply a bulk action to multiple anonymization fields. The bulk action is + applied to all anonymization fields that match the filter or to the list + of anonymization fields by their IDs. + operationId: PerformAnonymizationFieldsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of anonymization fields IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter anonymization fields + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to anonymization fields + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/anonymization_fields/_find: + get: + description: Get a list of all anonymization fields. + operationId: FindAnonymizationFields + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: AnonymizationFields per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get anonymization fields + tags: + - Security AI Assistant API + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: + post: + description: Create a model response for the given chat conversation. + operationId: ChatComplete + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' + required: true + responses: + '200': + content: + application/octet-stream; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a model response + tags: + - Security AI Assistant API + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: + post: + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: + get: + description: Get a list of all conversations for the current user. + operationId: FindConversations + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Conversations per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get conversations + tags: + - Security AI Assistant API + - Conversations API + /api/security_ai_assistant/current_user/conversations/{id}: + delete: + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Delete a conversation + tags: + - Security AI Assistant API + - Conversation API + get: + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation + tags: + - Security AI Assistant API + - Conversations API + put: + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: + get: + description: Get a list of all prompts. + operationId: FindPrompts + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts + tags: + - Security AI Assistant API + - Prompts API + /api/spaces/space: + get: + description: Get all spaces + operationId: '%2Fapi%2Fspaces%2Fspace#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: purpose + required: false + schema: + enum: + - any + - copySavedObjectsIntoSpace + - shareSavedObjectsIntoSpace + type: string + - in: query + name: include_authorized_purposes + required: true + schema: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - false + type: boolean + x-oas-optional: true + - type: boolean + x-oas-optional: true + responses: {} + summary: '' + tags: + - spaces + post: + description: Create a space + operationId: '%2Fapi%2Fspaces%2Fspace#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + type: string + description: + type: string + disabledFeatures: + default: [] + items: + type: string + type: array + id: + type: string + imageUrl: + type: string + initials: + maxLength: 2 + type: string + name: + minLength: 1 + type: string + required: + - id + - name + responses: {} + summary: '' + tags: + - spaces + /api/spaces/space/{id}: + delete: + description: Delete a space + operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: id + required: true + schema: + type: string + responses: {} + summary: '' + tags: + - spaces + get: + description: Get a space + operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: id + required: true + schema: + type: string + responses: {} + summary: '' + tags: + - spaces + put: + description: Update a space + operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + type: string + description: + type: string + disabledFeatures: + default: [] + items: + type: string + type: array + id: + type: string + imageUrl: + type: string + initials: + maxLength: 2 + type: string + name: + minLength: 1 + type: string + required: + - id + - name + responses: {} + summary: '' + tags: + - spaces + /api/status: + get: + operationId: '%2Fapi%2Fstatus#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /api/timeline: + delete: + description: Delete one or more Timelines or Timeline templates. + operationId: DeleteTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + savedObjectIds: + items: + type: string + type: array + searchIds: + description: >- + Saved search ids that should be deleted alongside the + timelines + items: + type: string + type: array + required: + - savedObjectIds + description: The IDs of the Timelines or Timeline templates to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + deleteTimeline: + type: boolean + required: + - deleteTimeline + required: + - data + description: Indicates the Timeline was successfully deleted. + summary: Delete Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get the details of an existing saved Timeline or Timeline template. + operationId: GetTimeline + parameters: + - description: The ID of the template timeline to retrieve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the Timeline to retrieve. + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + type: object + properties: + getOneTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + required: + - getOneTimeline + required: + - data + - additionalProperties: false + type: object + description: Indicates that the (template) Timeline was found and returned. + summary: Get Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + patch: + description: >- + Update an existing Timeline. You can update the title, description, date + range, pinned events, pinned queries, and/or pinned saved queries of an + existing Timeline. + operationId: PatchTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - timelineId + - version + - timeline + description: The Timeline updates, along with the Timeline ID and version. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates that the user does not have the required access to create + a draft Timeline. + summary: Update a Timeline + tags: + - Security Timeline API + - access:securitySolution + post: + description: Create a new Timeline or Timeline template. + operationId: CreateTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true + type: string + required: + - timeline + description: >- + The required Timeline fields used to create a new Timeline, along with + optional fields that will be created if not provided. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates the Timeline was successfully created. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that there was an error in the Timeline creation. + summary: Create a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_copy: + get: + description: | + Copies and returns a timeline or timeline template. + operationId: CopyTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the timeline has been successfully copied. + summary: Copies timeline or timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_draft: + get: + description: >- + Get the details of the draft Timeline or Timeline template for the + current user. If the user doesn't have a draft Timeline, an empty + Timeline is returned. + operationId: GetDraftTimelines + parameters: + - in: query + name: timelineType + required: true + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the draft Timeline was successfully retrieved. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + If a draft Timeline was not found and we attempted to create one, it + indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + This should never happen, but if a draft Timeline was not found and + we attempted to create one, it indicates that there is already a + draft Timeline with the given `timelineId`. + summary: Get draft Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + post: + description: > + Create a clean draft Timeline or Timeline template for the current user. + + > info + + > If the user already has a draft Timeline, the existing draft Timeline + is cleared and returned. + operationId: CleanDraftTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + required: + - timelineType + description: >- + The type of Timeline to create. Valid values are `default` and + `template`. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that there is already a draft Timeline with the given + `timelineId`. + summary: Create a clean draft Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_export: + post: + description: Export Timelines as an NDJSON file. + operationId: ExportTimelines + parameters: + - description: The name of the file to export + in: query + name: file_name + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + description: The IDs of the Timelines to export. + required: true + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: NDJSON of the exported Timelines + type: string + description: Indicates the Timelines were successfully exported. + '400': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that the export size limit was exceeded. + summary: Export Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_favorite: + patch: + description: Favorite a Timeline or Timeline template for the current user. + operationId: PersistFavoriteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + description: The required fields used to favorite a (template) Timeline. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistFavorite: + $ref: >- + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + required: + - persistFavorite + required: + - data + description: Indicates the favorite status was successfully updated. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the user does not have the required permissions to persist + the favorite status. + summary: Favorite a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_import: + post: + description: Import Timelines. + operationId: ImportTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: {} + isImmutable: + enum: + - 'true' + - 'false' + type: string + required: + - file + description: The Timelines to import as a readable stream. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the import of Timelines was successful. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: >- + Indicates the import of Timelines was unsuccessful because of an + invalid file extension. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + statusCode: + type: number + description: >- + Indicates that we were unable to locate the saved object client + necessary to handle the import. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: Indicates the import of Timelines was unsuccessful. + summary: Import Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_prepackaged: + post: + description: Install or update prepackaged Timelines. + operationId: InstallPrepackedTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + prepackagedTimelines: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + description: The Timelines to install or update. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the installation of prepackaged Timelines was successful. + '500': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the installation of prepackaged Timelines was + unsuccessful. + summary: Install prepackaged Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/resolve: + get: + operationId: ResolveTimeline + parameters: + - description: The ID of the template timeline to resolve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the timeline to resolve + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + $ref: >- + #/components/schemas/Security_Timeline_API_ResolvedTimeline + required: + - data + - additionalProperties: false + type: object + description: The (template) Timeline has been found + '400': + description: The request is missing parameters + '404': + description: The (template) Timeline was not found + summary: Get an existing saved Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timelines: + get: + description: Get a list of all saved Timelines or Timeline templates. + operationId: GetTimelines + parameters: + - description: >- + If true, only timelines that are marked as favorites by the user are + returned. + in: query + name: only_user_favorite + schema: + enum: + - 'true' + - 'false' + nullable: true + type: string + - in: query + name: timeline_type + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + - in: query + name: sort_field + schema: + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' + - in: query + name: sort_order + schema: + enum: + - asc + - desc + type: string + - in: query + name: page_size + schema: + nullable: true + type: string + - in: query + name: page_index + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: status + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + customTemplateTimelineCount: + type: number + defaultTimelineCount: + type: number + elasticTemplateTimelineCount: + type: number + favoriteCount: + type: number + templateTimelineCount: + type: number + timeline: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + type: array + totalCount: + type: number + required: + - timeline + - totalCount + description: Indicates that the (template) Timelines were found and returned. + '400': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Bad request. The user supplied invalid data. + summary: Get Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + /s/{spaceId}/api/observability/slos: + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: The page to use for pagination, must be greater or equal than 1 + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + servers: + - url: https://localhost:5601 + summary: Create an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/_delete_instances: + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + servers: + - url: https://localhost:5601 + summary: Batch delete rollup and summary data + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}: + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/_reset: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/disable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/enable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO + tags: + - slo +components: + examples: + Data_views_create_data_view_request: + summary: Create a data view with runtime fields. + value: + data_view: + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: emit(doc['shape_name'].value) + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: emit(doc["foo"].value) + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: $0,0.00 + products.base_unit_price: + id: number + params: + pattern: $0,0.00 + products.min_price: + id: number + params: + pattern: $0,0.00 + products.price: + id: number + params: + pattern: $0,0.00 + products.taxful_price: + id: number + params: + pattern: $0,0.00 + products.taxless_price: + id: number + params: + pattern: $0,0.00 + taxful_total_price: + id: number + params: + pattern: $0,0.[00] + taxless_total_price: + id: number + params: + pattern: $0,0.00 + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name + type: string + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name + type: string + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer + type: string + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id + type: string + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer + type: string + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name + type: string + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: + data_view: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: + summary: >- + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). + value: + data_view: + allowNoIndex: false + fieldAttrs: {} + fieldFormats: + AvgTicketPrice: + id: number + params: + pattern: $0,0.[00] + hour_of_day: + id: number + params: + pattern: '00' + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightDelayType + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightNum: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightNum + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeMin: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Origin: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Origin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword format: id: string isMapped: true - name: customer_first_name - readFromDocValues: false + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: emit(doc["bar"].value) + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Serverless_saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Serverless_saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Serverless_saved_objects_import_objects_request: + value: + file: file.ndjson + Serverless_saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + parameters: + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Fleet_format: + description: Simplified or legacy format for package inputs + in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf + required: true + schema: + type: string + Fleet_kuery: + in: query + name: kuery + required: false + schema: + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: Return agent metrics, false by default + in: query + name: withMetrics + required: false + schema: + type: boolean + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Serverless_saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: + Data_views_400_response: + title: Bad request + type: object + properties: + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean + required: + - data_view + Data_views_data_view_response_object: + title: Data view response properties + type: object + properties: + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. + type: object + properties: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 + type: string + customLabel: + description: Custom label for the field. + type: string + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default + type: string + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: + type: object + properties: + source: + description: Script for the runtime field. + type: string + type: + description: Mapping type of the runtime field. + type: string + required: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request + type: object + properties: + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. + type: string + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. + type: string + required: + - fromId + - toId + Data_views_timefieldname: + description: The timestamp field name, which you use for time-based data views. + type: string + Data_views_title: + description: >- + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: When set to `rollup`, identifies the rollup data views. + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + required: + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request + type: object + properties: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean + required: + - data_view + Fleet_agent: + title: Agent + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + components: + items: + $ref: '#/components/schemas/Fleet_agent_component' + type: array + default_api_key: + type: string + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + metrics: + type: object + properties: + cpu_avg: + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 + type: number + memory_size_byte_avg: + description: Average agent memory consumption during the last 5 minutes + type: number + policy_id: + type: string + policy_revision: + type: number + status: + $ref: '#/components/schemas/Fleet_agent_status' + type: + $ref: '#/components/schemas/Fleet_agent_type' + unenrolled_at: + type: string + unenrollment_started_at: + type: string + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + required: + - type + - active + - enrolled_at + - id + - status + Fleet_agent_action: + oneOf: + - properties: + ack_data: + type: string + data: + type: string + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + - properties: + data: + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + type: + type: string + title: Agent action + Fleet_agent_component: + title: Agent component + type: object + properties: + id: + type: string + message: + type: string + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + type: string + units: + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' + type: array + Fleet_agent_component_status: + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + title: Agent component status + type: string + Fleet_agent_component_unit: + title: Agent component unit + type: object + properties: + id: + type: string + message: + type: string + payload: + type: object + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + Fleet_agent_component_unit_type: + enum: + - input + - output + title: Agent component unit type + type: string + Fleet_agent_diagnostics: + title: Agent diagnostics + type: object + properties: + actionId: + type: string + createTime: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS + required: + - id + - name + - createTime + - filePath + - actionId + - status + Fleet_agent_get_by_actions: + items: + items: + type: string + type: array + title: Agents get by action ids + type: array + Fleet_agent_metadata: + title: Agent metadata + type: object + Fleet_agent_policy: + title: Agent Policy + type: object + properties: + advanced_settings: + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs + nullable: true + type: object + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + type: string + namespace: + type: string + overrides: + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + revision: + type: number + supports_agentless: + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + type: boolean + unenroll_timeout: + type: integer + unprivileged_agents: + type: number + updated_by: + type: string + updated_on: + format: date-time + type: string + required: + - id + - status + - name + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_policy_full: + oneOf: + - type: object + properties: + item: + type: string + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + title: Agent policy full response + type: object + Fleet_agent_policy_update_request: + title: Update agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_status: + enum: + - offline + - error + - online + - inactive + - warning + title: Elastic Agent status + type: string + Fleet_agent_type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + title: Agent type + type: string + Fleet_bulk_install_packages_response: + title: Bulk install packages response + type: object + properties: + items: + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + response: + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + required: + - items + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Force upgrade, skipping validation (should be used with caution) + type: boolean + rollout_duration_seconds: + description: rolling upgrade window duration in seconds + type: number + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + description: alternative upgrade binary download url + type: string + start_time: + description: start time of upgrade in ISO 8601 format + type: string + version: + description: version to upgrade to + type: string + required: + - agents + - version + Fleet_data_stream: + title: Data stream + type: object + properties: + dashboard: + items: + type: object + properties: + id: + type: string + title: + type: string + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + size_in_bytes: + type: number + size_in_bytes_formatted: + type: string + type: + type: string + Fleet_download_sources: + title: Download Source + type: object + properties: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the proxies + API for more information. + nullable: true + type: string + required: + - is_default + - name + - host + Fleet_elasticsearch_asset_type: + enum: + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + title: Elasticsearch asset type + type: string + Fleet_enrollment_api_key: + title: Enrollment API key + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and cannot be used for + enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + Fleet_fleet_server_host: + title: Fleet Server Host + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + type: string + required: + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + Fleet_fleet_settings_response: + title: Fleet settings response + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_setup_response: + title: Fleet Setup response + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + Fleet_fleet_status_response: + title: Fleet status response + type: object + properties: + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: + type: string + required: + - isReady + - missing_requirements + - missing_optional_features + Fleet_full_agent_policy: + title: Full agent policy + type: object + properties: + agent: + nullable: true + type: string + fleet: + oneOf: + - type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + id: + type: string + inputs: + type: string + monitoring: + type: object + properties: + diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + enabled: + type: boolean + http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + pprof: + type: object + properties: + enabled: + type: boolean + required: + - enabled + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + output_permissions: + additionalProperties: + type: object + properties: + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + output: + type: integer + type: object + outputs: + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + type: object + revision: + type: number + secret_references: + items: + type: object + properties: + id: + type: string + type: array + required: + - id + - outputs + - inputs + Fleet_full_agent_policy_input: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + id: + type: string + meta: + additionalProperties: true + type: object + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: + type: string + revision: + type: number + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + title: Full agent policy input + Fleet_full_agent_policy_input_stream: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + - type + id: + type: string + required: + - id + - data_stream + title: Full agent policy input stream + Fleet_full_agent_policy_output: + title: Full agent policy + type: object + properties: + additionalProperties: + type: object + properties: + text: {} + ca_sha256: + nullable: true + type: string + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + type: {} + required: + - type + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + additionalProperties: + type: object + properties: + data: + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + type: object + properties: + names: + items: + type: string + type: array + privileges: + items: + type: string + type: array + type: array + packagePolicyName: + type: string + title: Full agent policy output permissions + Fleet_get_agent_tags_response: + title: Get Agent Tags response + type: object + properties: + items: + items: + type: string + type: array + Fleet_get_agents_response: + title: Get Agent response + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + page: + type: number + perPage: + type: number + statusSummary: + type: object + properties: + degraded': + type: number + enrolling: + type: number + error: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + unenrolled: + type: number + unenrolling: + type: number + updating: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + Fleet_get_bulk_assets_response: + deprecated: true + properties: + items: + items: + type: object + properties: + appLink: + type: string + attributes: + type: object + properties: + description: + type: string + title: + type: string + id: + type: string + type: + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: + type: string + type: array + required: + - items + title: Bulk get assets response + type: object + Fleet_get_categories_response: + title: Get categories response + type: object + properties: + items: + items: + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + required: + - items + Fleet_get_packages_response: + title: Get Packages response + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + response: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + required: + - items + Fleet_installation_info: + title: Installation info object + type: object + properties: + created_at: + type: string + experimental_data_stream_features: + type: array + properties: + data_stream: type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name + features: + type: object + properties: + doc_value_only_numeric: + nullable: true + type: boolean + doc_value_only_other: + nullable: true + type: boolean + synthetic_source: + nullable: true + type: boolean + tsdb: + nullable: true + type: boolean + install_format_schema_version: + type: string + install_kibana_space_id: + type: string + install_source: + enum: + - registry + - upload + - bundled + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: + type: object + properties: + deferred: + type: boolean + id: + type: string + type: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + installed_kibana: + type: object + properties: + id: + type: string + type: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + latest_executed_state: + description: Latest successfully executed state in package install state machine + type: object + properties: + error: type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + name: + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name + started_at: type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + latest_install_failed_attempts: + description: Latest failed install errors + items: + type: object + properties: + created_at: + type: string + error: + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + target_version: + type: string + type: array + name: + type: string + namespaces: + items: + type: string + type: array + type: + type: string + updated_at: + type: string + verification_key_id: + nullable: true + type: string + verification_status: + enum: + - verified + - unverified + - unknown + type: string + version: + type: string + required: + - installed_kibana + - installed_es + - name + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_kibana_saved_object_type: + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + title: Kibana saved object asset type + type: string + Fleet_new_package_policy: + description: '' + properties: + description: + type: string + enabled: + type: boolean + inputs: + items: + type: object + properties: + config: + type: object + enabled: + type: boolean + processors: + items: + type: string + type: array + streams: + items: {} + type: array + type: + type: string + vars: + type: object + required: + - type + - enabled + type: array + name: + type: string + namespace: + type: string + output_id: + type: string + overrides: + type: object + package: + type: object + properties: + name: type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + requires_root: + type: boolean + title: type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + version: type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name + required: + - name + - version + policy_id: + deprecated: true + nullable: true + type: string + policy_ids: + items: + type: string + type: array + required: + - inputs + - name + title: New package policy + type: object + Fleet_output_create_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + title: Output + Fleet_output_create_request_elasticsearch: + title: elasticsearch + type: object + properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + certificate_authorities: + items: + type: string + type: array + key: type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: + enum: + - elasticsearch + type: string + required: + - name + Fleet_output_create_request_kafka: + title: kafka + type: object + properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string + name: + type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: type: number - email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + secrets: + type: object + properties: + password: type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + certificate_authorities: + items: + type: string + type: array + key: type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + verification_mode: + enum: + - none + - full + - certificate + - strict type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka + type: string + username: + type: string + version: + type: string + required: + - name + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash + type: object + properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + type: string + secrets: + type: object + properties: + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + certificate_authorities: + items: + type: string + type: array + key: type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id + type: + enum: + - logstash + type: string + required: + - name + - hosts + - type + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch + type: object + properties: + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + secrets: + type: object + properties: + service_token: type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + service_token: + type: string + type: + enum: + - remote_elasticsearch + type: string + required: + - name + Fleet_output_update_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + title: Output + Fleet_output_update_request_elasticsearch: + title: elasticsearch + type: object + properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + disk_queue_path: type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + - hosts + - type + Fleet_output_update_request_kafka: + title: kafka + type: object + properties: + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: + type: string + name: + type: string + partition: + type: string + password: + type: string + proxy_id: + type: string + random: + type: object + properties: + group_events: type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required_acks: + type: number + round_robin: + type: object + properties: + group_events: type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false - type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer + sasl: + type: object + properties: + mechanism: type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + shipper: + type: object + properties: + compression_level: type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + disk_queue_path: type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + certificate_authorities: + items: + type: string + type: array + key: type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: + type: string + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka + type: string + username: + type: string + version: + type: string + required: + - name + Fleet_output_update_request_logstash: + title: logstash + type: object + properties: + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + disk_queue_path: type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + certificate_authorities: + items: + type: string + type: array + key: type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: $0,0.[00] - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + type: + enum: + - logstash + type: string + required: + - name + Fleet_package_info: + title: Package information + type: object + properties: + assets: + items: + type: string + type: array + categories: + items: + type: string + type: array + conditions: + type: object + properties: + elasticsearch: + type: object + properties: + subscription: + enum: + - basic + - gold + - platinum + - enterprise + type: string + kibana: + type: object + properties: + versions: + type: string + data_streams: + items: + type: object + properties: + ingeset_pipeline: + type: string + name: + type: string + package: + type: string + release: + type: string + title: + type: string + type: + type: string + vars: + items: + type: object + properties: + default: + type: string + name: + type: string + required: + - name + - default + type: array + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + type: array + description: + type: string + download: + type: string + elasticsearch: + type: object + properties: + privileges: + type: object + properties: + cluster: + items: + type: string + type: array + format_version: + type: string + icons: + items: + type: string + type: array + internal: + type: boolean + name: + type: string + path: + type: string + readme: + type: string + release: + deprecated: true + description: >- + release label is deprecated, derive from the version instead + (packages follow semver) + enum: + - experimental + - beta + - ga + type: string + screenshots: + items: + type: object + properties: + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + - path + type: array + source: + type: object + properties: + license: + enum: + - Apache-2.0 + - Elastic-2.0 type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + title: + type: string + type: + type: string + version: + type: string + required: + - name + - title + - version + - description + - type + - categories + - conditions + - assets + - format_version + - download + - path + Fleet_package_policy: + allOf: + - type: object + properties: + id: type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + inputs: + oneOf: + - items: {} + type: array + - type: object + revision: type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + title: Package policy + Fleet_package_policy_request: + title: Package Policy Request + type: object + properties: + description: + description: Package policy description + example: my description + type: string + force: + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + additionalProperties: + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + description: >- + Stream level variable (see integration documentation for + more information) + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + type: object + vars: + description: >- + Input level variable (see integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + ignore_older: 72h + paths: + - /var/log/nginx/access.log* + preserve_original_event: false + tags: + - nginx-access + type: object + name: + description: Package policy name (should be unique) + example: nginx-123 + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace + type: string + output_id: + description: Output ID to send package data to + example: output-id + nullable: true + type: string + overrides: + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true + type: object + properties: + inputs: + type: object + package: + type: object + properties: + name: + description: Package name + example: nginx type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + version: + description: Package version + example: 1.6.0 + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + example: agent-policy-id + nullable: true + type: string + policy_ids: + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id + items: + type: string + type: array + vars: + description: >- + Package root level variable (see integration documentation for more + information) + type: object + required: + - name + - package + Fleet_package_usage_stats: + title: Package usage stats + type: object + properties: + agent_policy_count: + type: integer + required: + - agent_policy_count + Fleet_proxies: + title: Fleet Proxy + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + Fleet_saved_object_type: + oneOf: + - enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + type: string + - enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model + type: string + title: Saved Object type + Fleet_search_result: + title: Search result + type: object + properties: + description: + type: string + download: + type: string + icons: + type: string + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + name: + type: string + path: + type: string + savedObject: + deprecated: true + type: object + status: + type: string + title: + type: string + type: + type: string + version: + type: string + required: + - description + - download + - icons + - name + - path + - title + - type + - version + - status + Fleet_settings: + title: Settings + type: object + properties: + fleet_server_hosts: + deprecated: true + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_upgrade_agent: + title: Upgrade agent + type: object + properties: + force: + description: Force upgrade, skipping validation (should be used with caution) + type: boolean + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + type: string + version: + type: string + required: + - version + Fleet_upgrade_agent_diff: + items: + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + type: array + title: Package policy Upgrade dryrun + type: array + Fleet_upgrade_diff: + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + items: + type: object + properties: + key: + type: string + message: + type: string + type: array + missingVars: + items: + type: string + type: array + type: object + title: Package policy Upgrade dryrun + type: array + Kibana_HTTP_APIs_core_status_redactedResponse: + additionalProperties: false + description: A minimal representation of Kibana's operational status. + type: object + properties: + status: + additionalProperties: false + type: object + properties: + overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + required: + - overall + required: + - status + Kibana_HTTP_APIs_core_status_response: + additionalProperties: false + description: >- + Kibana's operational status as well as a detailed breakdown of plugin + statuses indication of various loads (like event loop utilization and + network traffic) at time of request. + type: object + properties: + metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + last_updated: + description: The time metrics were collected. type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis + name: + description: Kibana instance name. + type: string + status: + additionalProperties: false + type: object + properties: + core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + savedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + required: + - elasticsearch + - savedObjects + overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + plugins: + additionalProperties: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + description: A dynamic mapping of plugin ID to plugin status. + type: object + required: + - overall + - core + - plugins + uuid: + description: >- + Unique, generated Kibana instance UUID. This UUID should persist + even if the Kibana process restarts. + type: string + version: + additionalProperties: false + type: object + properties: + build_date: + description: The date and time of this build. type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + build_flavor: + description: >- + The build flavour determines configuration and behavior of + Kibana. On premise users will almost always run the + "traditional" flavour, while other flavours are reserved for + Elastic-specific use cases. + enum: + - serverless + - traditional type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + build_hash: + description: >- + A unique hash value representing the git commit of this Kibana + build. type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + build_number: + description: >- + A monotonically increasing number, each subsequent build will + have a higher number. type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + build_snapshot: + description: Whether this build is a snapshot build. type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + number: + description: A semantic version number. type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date + required: + - name + - uuid + - version + - status + - metrics + Machine_learning_APIs_mlSync200Response: + properties: + datafeedsAdded: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job is missing a datafeed + identifier, it is added when you run the sync machine learning saved + objects API. + type: object + datafeedsRemoved: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job references a datafeed + that no longer exists, it is deleted when you run the sync machine + learning saved objects API. + type: object + savedObjectsCreated: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + savedObjectsDeleted: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + title: Successful sync API response + type: object + Machine_learning_APIs_mlSync4xxResponse: + properties: + error: + example: Unauthorized + type: string + message: + type: string + statusCode: + example: 401 + type: integer + title: Unsuccessful sync API response + type: object + Machine_learning_APIs_mlSyncResponseAnomalyDetectors: + description: >- + The sync machine learning saved objects API response contains this + object when there are anomaly detection jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for anomaly detection jobs + type: object + Machine_learning_APIs_mlSyncResponseDatafeeds: + description: >- + The sync machine learning saved objects API response contains this + object when there are datafeeds affected by the synchronization. There + is an object for each relevant datafeed, which contains the + synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for datafeeds + type: object + Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: + description: >- + The sync machine learning saved objects API response contains this + object when there are data frame analytics jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for data frame analytics jobs + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: + description: >- + If saved objects are missing for machine learning jobs or trained + models, they are created when you run the sync machine learning saved + objects API. + properties: + anomaly-detector: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If saved objects are missing for anomaly detection jobs, they are + created. + type: object + data-frame-analytics: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If saved objects are missing for data frame analytics jobs, they are + created. + type: object + trained-model: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: If saved objects are missing for trained models, they are created. + type: object + title: Sync API response for created saved objects + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: + description: >- + If saved objects exist for machine learning jobs or trained models that + no longer exist, they are deleted when you run the sync machine learning + saved objects API. + properties: + anomaly-detector: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If there are saved objects exist for nonexistent anomaly detection + jobs, they are deleted. + type: object + data-frame-analytics: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If there are saved objects exist for nonexistent data frame + analytics jobs, they are deleted. + type: object + trained-model: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: >- + If there are saved objects exist for nonexistent trained models, + they are deleted. + type: object + title: Sync API response for deleted saved objects + type: object + Machine_learning_APIs_mlSyncResponseSuccess: + description: The success or failure of the synchronization. + type: boolean + Machine_learning_APIs_mlSyncResponseTrainedModels: + description: >- + The sync machine learning saved objects API response contains this + object when there are trained models affected by the synchronization. + There is an object for each relevant trained model, which contains the + synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for trained models + type: object + Security_AI_Assistant_API_AnonymizationFieldCreateProps: + type: object + properties: + allowed: + type: boolean + anonymized: + type: boolean + field: + type: string + required: + - field + Security_AI_Assistant_API_AnonymizationFieldDetailsInError: + type: object + properties: + id: + type: string + name: + type: string + required: + - id + Security_AI_Assistant_API_AnonymizationFieldResponse: + type: object + properties: + allowed: + type: boolean + anonymized: + type: boolean + createdAt: + type: string + createdBy: + type: string + field: + type: string + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + namespace: + description: Kibana space + type: string + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + updatedAt: + type: string + updatedBy: + type: string + required: + - id + - field + Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason: + enum: + - ANONYMIZATION_FIELD_NOT_MODIFIED + type: string + Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult: + type: object + properties: + id: + type: string + name: + type: string + skip_reason: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason + required: + - id + - skip_reason + Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse: + type: object + properties: + anonymization_fields_count: + type: integer + attributes: + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError + type: array + results: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults + summary: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + required: + - results + - summary + message: + type: string + status_code: + type: integer + success: + type: boolean + required: + - attributes + Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults: + type: object + properties: + created: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + deleted: + items: + type: string + type: array + skipped: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult + type: array + updated: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + required: + - updated + - created + - deleted + - skipped + Security_AI_Assistant_API_AnonymizationFieldUpdateProps: + type: object + properties: + allowed: + type: boolean + anonymized: + type: boolean + id: + type: string + required: + - id + Security_AI_Assistant_API_ApiConfig: + type: object + properties: + actionTypeId: + description: action type id + type: string + connectorId: + description: connector id + type: string + defaultSystemPromptId: + description: defaultSystemPromptId + type: string + model: + description: model + type: string + provider: + $ref: '#/components/schemas/Security_AI_Assistant_API_Provider' + description: Provider + required: + - connectorId + - actionTypeId + Security_AI_Assistant_API_BulkCrudActionSummary: + type: object + properties: + failed: + type: integer + skipped: + type: integer + succeeded: + type: integer + total: + type: integer + required: + - failed + - skipped + - succeeded + - total + Security_AI_Assistant_API_ChatCompleteProps: + type: object + properties: + connectorId: + type: string + conversationId: + type: string + isStream: + type: boolean + langSmithApiKey: + type: string + langSmithProject: + type: string + messages: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessage' + type: array + model: + type: string + persist: + type: boolean + promptId: + type: string + responseLanguage: + type: string + required: + - messages + - persist + - connectorId + Security_AI_Assistant_API_ChatMessage: + description: AI assistant message. + type: object + properties: + content: + description: Message content. + type: string + data: + $ref: '#/components/schemas/Security_AI_Assistant_API_MessageData' + description: ECS object to attach to the context of the message. + fields_to_anonymize: + items: + type: string + type: array + role: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessageRole' + description: Message role. + required: + - role + Security_AI_Assistant_API_ChatMessageRole: + description: Message role. + enum: + - system + - user + - assistant + type: string + Security_AI_Assistant_API_ConversationCategory: + description: The conversation category. + enum: + - assistant + - insights + type: string + Security_AI_Assistant_API_ConversationConfidence: + description: The conversation confidence. + enum: + - low + - medium + - high + type: string + Security_AI_Assistant_API_ConversationCreateProps: + type: object + properties: + apiConfig: + $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' + description: LLM API configuration. + category: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' + description: The conversation category. + excludeFromLastConversationStorage: + description: excludeFromLastConversationStorage. + type: boolean + id: + description: The conversation id. + type: string + isDefault: + description: Is default conversation. + type: boolean + messages: + description: The conversation messages. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_Message' + type: array + replacements: + $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' + title: + description: The conversation title. + type: string + required: + - title + Security_AI_Assistant_API_ConversationResponse: + type: object + properties: + apiConfig: + $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' + description: LLM API configuration. + category: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' + description: The conversation category. + createdAt: + description: The last time conversation was updated. + type: string + excludeFromLastConversationStorage: + description: excludeFromLastConversationStorage. + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + isDefault: + description: Is default conversation. + type: boolean + messages: + description: The conversation messages. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_Message' + type: array + namespace: + description: Kibana space + type: string + replacements: + $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + title: + description: The conversation title. + type: string + updatedAt: + description: The last time conversation was updated. + type: string + users: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + - title + - createdAt + - users + - namespace + - category + Security_AI_Assistant_API_ConversationSummary: + type: object + properties: + confidence: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationConfidence + description: >- + How confident you are about this being a correct and useful + learning. + content: + description: Summary text of the conversation over time. + type: string + public: + description: Define if summary is marked as publicly available. + type: boolean + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + description: The timestamp summary was updated. + Security_AI_Assistant_API_ConversationUpdateProps: + type: object + properties: + apiConfig: + $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' + description: LLM API configuration. + category: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' + description: The conversation category. + excludeFromLastConversationStorage: + description: excludeFromLastConversationStorage. + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + messages: + description: The conversation messages. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_Message' + type: array + replacements: + $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' + title: + description: The conversation title. + type: string + required: + - id + Security_AI_Assistant_API_FindAnonymizationFieldsSortField: + enum: + - created_at + - anonymized + - allowed + - field + - updated_at + type: string + Security_AI_Assistant_API_FindConversationsSortField: + enum: + - created_at + - is_default + - title + - updated_at + type: string + Security_AI_Assistant_API_FindPromptsSortField: + enum: + - created_at + - is_default + - name + - updated_at + type: string + Security_AI_Assistant_API_Message: + description: AI assistant conversation message. + type: object + properties: + content: + description: Message content. + type: string + isError: + description: Is error message. + type: boolean + reader: + $ref: '#/components/schemas/Security_AI_Assistant_API_Reader' + description: Message content. + role: + $ref: '#/components/schemas/Security_AI_Assistant_API_MessageRole' + description: Message role. + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + description: The timestamp message was sent or received. + traceData: + $ref: '#/components/schemas/Security_AI_Assistant_API_TraceData' + description: trace Data + required: + - timestamp + - content + - role + Security_AI_Assistant_API_MessageData: + additionalProperties: true + type: object + Security_AI_Assistant_API_MessageRole: + description: Message role. + enum: + - system + - user + - assistant + type: string + Security_AI_Assistant_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_AI_Assistant_API_NormalizedAnonymizationFieldError: + type: object + properties: + anonymization_fields: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError + type: array + err_code: + type: string + message: + type: string + status_code: + type: integer + required: + - message + - status_code + - anonymization_fields + Security_AI_Assistant_API_NormalizedPromptError: + type: object + properties: + err_code: + type: string + message: + type: string + prompts: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError + type: array + status_code: + type: integer + required: + - message + - status_code + - prompts + Security_AI_Assistant_API_PromptCreateProps: + type: object + properties: + categories: + items: + type: string + type: array + color: + type: string + consumer: + type: string + content: + type: string + isDefault: + type: boolean + isNewConversationDefault: + type: boolean + name: + type: string + promptType: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' + required: + - name + - content + - promptType + Security_AI_Assistant_API_PromptDetailsInError: + type: object + properties: + id: + type: string + name: + type: string + required: + - id + Security_AI_Assistant_API_PromptResponse: + type: object + properties: + categories: + items: + type: string + type: array + color: + type: string + consumer: + type: string + content: + type: string + createdAt: + type: string + createdBy: + type: string + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + isDefault: + type: boolean + isNewConversationDefault: + type: boolean + name: + type: string + namespace: + description: Kibana space + type: string + promptType: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + updatedAt: + type: string + updatedBy: + type: string + users: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + - name + - promptType + - content + Security_AI_Assistant_API_PromptsBulkActionSkipReason: + enum: + - PROMPT_FIELD_NOT_MODIFIED + type: string + Security_AI_Assistant_API_PromptsBulkActionSkipResult: + type: object + properties: + id: + type: string + name: + type: string + skip_reason: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason + required: + - id + - skip_reason + Security_AI_Assistant_API_PromptsBulkCrudActionResponse: + type: object + properties: + attributes: + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError + type: array + results: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults + summary: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + required: + - results + - summary + message: + type: string + prompts_count: + type: integer + status_code: + type: integer + success: + type: boolean + required: + - attributes + Security_AI_Assistant_API_PromptsBulkCrudActionResults: + type: object + properties: + created: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + type: array + deleted: + items: + type: string + type: array + skipped: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult + type: array + updated: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + type: array + required: + - updated + - created + - deleted + - skipped + Security_AI_Assistant_API_PromptType: + description: Prompt type + enum: + - system + - quick + type: string + Security_AI_Assistant_API_PromptUpdateProps: + type: object + properties: + categories: + items: + type: string + type: array + color: + type: string + consumer: + type: string + content: + type: string + id: + type: string + isDefault: + type: boolean + isNewConversationDefault: + type: boolean + required: + - id + Security_AI_Assistant_API_Provider: + description: Provider + enum: + - OpenAI + - Azure OpenAI + type: string + Security_AI_Assistant_API_Reader: + additionalProperties: true + type: object + Security_AI_Assistant_API_Replacements: + additionalProperties: + type: string + description: Replacements object used to anonymize/deanomymize messsages + type: object + Security_AI_Assistant_API_SortOrder: + enum: + - asc + - desc + type: string + Security_AI_Assistant_API_TraceData: + description: trace Data + type: object + properties: + traceId: + description: Could be any string, not necessarily a UUID + type: string + transactionId: + description: Could be any string, not necessarily a UUID + type: string + Security_AI_Assistant_API_User: + description: Could be any string, not necessarily a UUID + type: object + properties: + id: + description: User id + type: string + name: + description: User name + type: string + Security_Detections_API_AlertAssignees: + type: object + properties: + add: + description: A list of users ids to assign. + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + type: array + remove: + description: A list of users ids to unassign. + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + type: array + required: + - add + - remove + Security_Detections_API_AlertIds: + description: A list of alerts ids. + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + minItems: 1 + type: array + Security_Detections_API_AlertsIndex: + deprecated: true + description: (deprecated) Has no effect. + type: string + Security_Detections_API_AlertsIndexNamespace: + description: Has no effect. + type: string + Security_Detections_API_AlertsSort: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' + - items: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsSortCombinations + type: array + Security_Detections_API_AlertsSortCombinations: + anyOf: + - type: string + - additionalProperties: true + type: object + Security_Detections_API_AlertStatus: + enum: + - open + - closed + - acknowledged + - in-progress + type: string + Security_Detections_API_AlertSuppression: + type: object + properties: + duration: + $ref: >- + #/components/schemas/Security_Detections_API_AlertSuppressionDuration + group_by: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' + missing_fields_strategy: + $ref: >- + #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy + required: + - group_by + Security_Detections_API_AlertSuppressionDuration: + type: object + properties: + unit: + enum: + - s + - m + - h + type: string + value: + minimum: 1 + type: integer + required: + - value + - unit + Security_Detections_API_AlertSuppressionGroupBy: + items: + type: string + maxItems: 3 + minItems: 1 + type: array + Security_Detections_API_AlertSuppressionMissingFieldsStrategy: + description: >- + Describes how alerts will be generated for documents with missing + suppress by fields: + + doNotSuppress - per each document a separate alert will be created + + suppress - only alert will be created per suppress by bucket + enum: + - doNotSuppress + - suppress + type: string + Security_Detections_API_AlertTag: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_AlertTags: + items: + $ref: '#/components/schemas/Security_Detections_API_AlertTag' + type: array + Security_Detections_API_AnomalyThreshold: + description: Anomaly threshold + minimum: 0 + type: integer + Security_Detections_API_BuildingBlockType: + description: >- + Determines if the rule acts as a building block. By default, + building-block alerts are not displayed in the UI. These rules are used + as a foundation for other rules that do generate alerts. Its value must + be default. + type: string + Security_Detections_API_BulkActionEditPayload: + anyOf: + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule + Security_Detections_API_BulkActionEditPayloadIndexPatterns: + type: object + properties: + overwrite_data_views: + type: boolean + type: + enum: + - add_index_patterns + - delete_index_patterns + - set_index_patterns + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadInvestigationFields: + type: object + properties: + type: + enum: + - add_investigation_fields + - delete_investigation_fields + - set_investigation_fields + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadRuleActions: + type: object + properties: + type: + enum: + - add_rule_actions + - set_rule_actions + type: string + value: + type: object + properties: + actions: + items: + $ref: >- + #/components/schemas/Security_Detections_API_NormalizedRuleAction + type: array + throttle: + $ref: >- + #/components/schemas/Security_Detections_API_ThrottleForBulkActions + required: + - actions + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadSchedule: + type: object + properties: + type: + enum: + - set_schedule + type: string + value: + type: object + properties: + interval: + description: >- + Interval in which the rule runs. For example, `"1h"` means the + rule runs every hour. + example: 1h + pattern: ^[1-9]\d*[smh]$ type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + lookback: + description: Lookback time for the rule + example: 1h + pattern: ^[1-9]\d*[smh]$ type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - interval + - lookback + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadTags: + type: object + properties: + type: + enum: + - add_tags + - delete_tags + - set_tags + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadTimeline: + type: object + properties: + type: + enum: + - set_timeline + type: string + value: + type: object + properties: + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + required: + - timeline_id + - timeline_title + required: + - type + - value + Security_Detections_API_BulkActionsDryRunErrCode: + enum: + - IMMUTABLE + - MACHINE_LEARNING_AUTH + - MACHINE_LEARNING_INDEX_PATTERN + - ESQL_INDEX_PATTERN + - MANUAL_RULE_RUN_FEATURE + - MANUAL_RULE_RUN_DISABLED_RULE + type: string + Security_Detections_API_BulkActionSkipResult: + type: object + properties: + id: + type: string + name: + type: string + skip_reason: + $ref: '#/components/schemas/Security_Detections_API_BulkEditSkipReason' + required: + - id + - skip_reason + Security_Detections_API_BulkDeleteRules: + type: object + properties: + action: + enum: + - delete + type: string + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + required: + - action + Security_Detections_API_BulkDisableRules: + type: object + properties: + action: + enum: + - disable + type: string + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + required: + - action + Security_Detections_API_BulkDuplicateRules: + type: object + properties: + action: + enum: + - duplicate + type: string + duplicate: + type: object + properties: + include_exceptions: + description: Whether to copy exceptions from the original rule + type: boolean + include_expired_exceptions: + description: Whether to copy expired exceptions from the original rule + type: boolean + required: + - include_exceptions + - include_expired_exceptions + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + required: + - action + Security_Detections_API_BulkEditActionResponse: + type: object + properties: + attributes: + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_Detections_API_NormalizedRuleError + type: array + results: + $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionResults + summary: + $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionSummary + required: + - results + - summary + message: + type: string + rules_count: + type: integer + status_code: + type: integer + success: + type: boolean + required: + - attributes + Security_Detections_API_BulkEditActionResults: + type: object + properties: + created: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + deleted: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + skipped: + items: + $ref: '#/components/schemas/Security_Detections_API_BulkActionSkipResult' + type: array + updated: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + required: + - updated + - created + - deleted + - skipped + Security_Detections_API_BulkEditActionSummary: + type: object + properties: + failed: + type: integer + skipped: + type: integer + succeeded: + type: integer + total: + type: integer + required: + - failed + - skipped + - succeeded + - total + Security_Detections_API_BulkEditRules: + type: object + properties: + action: + enum: + - edit + type: string + edit: + description: Array of objects containing the edit operations + items: + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload' + minItems: 1 + type: array + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + required: + - action + - edit + Security_Detections_API_BulkEditSkipReason: + enum: + - RULE_NOT_MODIFIED + type: string + Security_Detections_API_BulkEnableRules: + type: object + properties: + action: + enum: + - enable + type: string + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + required: + - action + Security_Detections_API_BulkExportActionResponse: + type: string + Security_Detections_API_BulkExportRules: + type: object + properties: + action: + enum: + - export + type: string + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + required: + - action + Security_Detections_API_BulkManualRuleRun: + type: object + properties: + action: + enum: + - run + type: string + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules + type: string + run: + type: object + properties: + end_date: + description: End date of the manual rule run type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + start_date: + description: Start date of the manual rule run type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: emit(doc["bar"].value) - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Serverless_saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Serverless_saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Serverless_saved_objects_import_objects_request: - value: - file: file.ndjson - Serverless_saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false + required: + - start_date + required: + - action + - run + Security_Detections_API_ConcurrentSearches: + minimum: 1 + type: integer + Security_Detections_API_DataViewId: + type: string + Security_Detections_API_DefaultParams: + type: object + properties: + command: + enum: + - isolate + type: string + comment: + type: string + required: + - command + Security_Detections_API_EcsMapping: + additionalProperties: + type: object + properties: + field: + type: string + value: + oneOf: + - type: string + - items: + type: string + type: array + type: object + Security_Detections_API_EndpointResponseAction: + type: object + properties: + action_type_id: + enum: + - .endpoint + type: string + params: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_DefaultParams' + - $ref: '#/components/schemas/Security_Detections_API_ProcessesParams' + required: + - action_type_id + - params + Security_Detections_API_EqlOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + event_category_override: + $ref: '#/components/schemas/Security_Detections_API_EventCategoryOverride' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + tiebreaker_field: + $ref: '#/components/schemas/Security_Detections_API_TiebreakerField' + timestamp_field: + $ref: '#/components/schemas/Security_Detections_API_TimestampField' + Security_Detections_API_EqlQueryLanguage: + enum: + - eql + type: string + Security_Detections_API_EqlRequiredFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' + description: Query language to use + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: EQL query to execute + type: + description: Rule type + enum: + - eql + type: string + required: + - type + - query + - language + Security_Detections_API_EqlRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' + Security_Detections_API_EqlRuleCreateFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - parameters: - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Fleet_format: - description: Simplified or legacy format for package inputs - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - Fleet_kbn_xsrf: - description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. - in: header - name: kbn-xsrf - required: true - schema: - type: string - Fleet_kuery: - in: query - name: kuery - required: false - schema: - type: string - Fleet_page_index: - in: query - name: page - required: false - schema: - default: 1 - type: integer - Fleet_page_size: - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - type: integer - Fleet_show_inactive: - in: query - name: showInactive - required: false - schema: - type: boolean - Fleet_show_upgradeable: - in: query - name: showUpgradeable - required: false - schema: - type: boolean - Fleet_sort_field: - in: query - name: sortField - required: false - schema: - deprecated: true - type: string - Fleet_sort_order: - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - Fleet_with_metrics: - description: Return agent metrics, false by default - in: query - name: withMetrics - required: false - schema: - type: boolean - Machine_learning_APIs_simulateParam: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_EqlRulePatchFields: + allOf: + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' + description: Query language to use + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: EQL query to execute + type: + description: Rule type + enum: + - eql + type: string + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' + Security_Detections_API_EqlRuleResponseFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_ErrorSchema: + additionalProperties: false + type: object + properties: + error: + type: object + properties: + message: + type: string + status_code: + minimum: 400 + type: integer + required: + - status_code + - message + id: + type: string + item_id: + minLength: 1 + type: string + list_id: + minLength: 1 + type: string + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + required: + - error + Security_Detections_API_EsqlQueryLanguage: + enum: + - esql + type: string + Security_Detections_API_EsqlRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' + Security_Detections_API_EsqlRuleCreateFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EsqlRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + Security_Detections_API_EsqlRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + language: + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: ESQL query to execute + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + type: + description: Rule type + enum: + - esql + type: string + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + Security_Detections_API_EsqlRuleRequiredFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: ESQL query to execute + type: + description: Rule type + enum: + - esql + type: string + required: + - type + - language + - query + Security_Detections_API_EsqlRuleResponseFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EventCategoryOverride: + type: string + Security_Detections_API_ExceptionListType: + description: The exception type + enum: + - detection + - rule_default + - endpoint + - endpoint_trusted_apps + - endpoint_events + - endpoint_host_isolation_exceptions + - endpoint_blocklists + type: string + Security_Detections_API_ExternalRuleSource: description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Serverless_saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 + Type of rule source for externally sourced rules, i.e. rules that have + an external source, such as the Elastic Prebuilt rules repo. + type: object + properties: + is_customized: + $ref: >- + #/components/schemas/Security_Detections_API_IsExternalRuleCustomized + type: + enum: + - external + type: string + required: + - type + - is_customized + Security_Detections_API_FindRulesSortField: + enum: + - created_at + - createdAt + - enabled + - execution_summary.last_execution.date + - execution_summary.last_execution.metrics.execution_gap_duration_s + - execution_summary.last_execution.metrics.total_indexing_duration_ms + - execution_summary.last_execution.metrics.total_search_duration_ms + - execution_summary.last_execution.status + - name + - risk_score + - riskScore + - severity + - updated_at + - updatedAt + type: string + Security_Detections_API_HistoryWindowStart: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_IndexPatternArray: + items: type: string - SLOs_space_id: + type: array + Security_Detections_API_InternalRuleSource: description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default + Type of rule source for internally sourced rules, i.e. created within + the Kibana apps. + type: object + properties: + type: + enum: + - internal + type: string + required: + - type + Security_Detections_API_InvestigationFields: + description: > + Schema for fields relating to investigation fields. These are user + defined fields we use to highlight + + in various features in the UI such as alert details flyout and + exceptions auto-population from alert. + + Added in PR #163235 + + Right now we only have a single field but anticipate adding more related + fields to store various + + configuration states such as `override` - where a user might say if they + want only these fields to + + display, or if they want these fields + the fields we select. When + expanding this field, it may look + + something like: + + ```typescript + + const investigationFields = z.object({ + field_names: NonEmptyArray(NonEmptyString), + override: z.boolean().optional(), + }); + + ``` + type: object + properties: + field_names: + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + minItems: 1 + type: array + required: + - field_names + Security_Detections_API_InvestigationGuide: + description: Notes to help investigate alerts produced by the rule. + type: string + Security_Detections_API_IsExternalRuleCustomized: + description: >- + Determines whether an external/prebuilt rule has been customized by the + user (i.e. any of its fields have been modified and diverged from the + base value). + type: boolean + Security_Detections_API_IsRuleEnabled: + description: Determines whether the rule is enabled. + type: boolean + Security_Detections_API_IsRuleImmutable: + deprecated: true + description: >- + This field determines whether the rule is a prebuilt Elastic rule. It + will be replaced with the `rule_source` field. + type: boolean + Security_Detections_API_ItemsPerSearch: + minimum: 1 + type: integer + Security_Detections_API_KqlQueryLanguage: + enum: + - kuery + - lucene + type: string + Security_Detections_API_MachineLearningJobId: + description: Machine learning job ID + oneOf: + - type: string + - items: + type: string + minItems: 1 + type: array + Security_Detections_API_MachineLearningRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields + Security_Detections_API_MachineLearningRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MachineLearningRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + Security_Detections_API_MachineLearningRulePatchFields: + allOf: + - type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' + machine_learning_job_id: + $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningJobId + type: + description: Rule type + enum: + - machine_learning + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields + Security_Detections_API_MachineLearningRuleRequiredFields: + type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' + machine_learning_job_id: + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' + type: + description: Rule type + enum: + - machine_learning + type: string + required: + - type + - machine_learning_job_id + - anomaly_threshold + Security_Detections_API_MachineLearningRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MaxSignals: + minimum: 1 + type: integer + Security_Detections_API_NewTermsFields: + items: type: string - responses: - Fleet_error: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - schemas: - Data_views_400_response: - title: Bad request + maxItems: 3 + minItems: 1 + type: array + Security_Detections_API_NewTermsRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields + Security_Detections_API_NewTermsRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NewTermsRuleDefaultableFields: type: object properties: - error: - example: Bad Request + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_NewTermsRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + Security_Detections_API_NewTermsRulePatchFields: + allOf: + - type: object + properties: + history_window_start: + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' + new_terms_fields: + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - new_terms + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' + Security_Detections_API_NewTermsRuleRequiredFields: + type: object + properties: + history_window_start: + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' + new_terms_fields: + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - new_terms type: string + required: + - type + - query + - new_terms_fields + - history_window_start + Security_Detections_API_NewTermsRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_NewTermsRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Detections_API_NormalizedRuleAction: + additionalProperties: false + type: object + properties: + alerts_filter: + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' + frequency: + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' + group: + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' + params: + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' + required: + - id + - params + Security_Detections_API_NormalizedRuleError: + type: object + properties: + err_code: + $ref: >- + #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode message: type: string - statusCode: - example: 400 - type: number + rules: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleDetailsInError' + type: array + status_code: + type: integer required: - - statusCode - - error - message - Data_views_404_response: + - status_code + - rules + Security_Detections_API_OsqueryParams: type: object properties: - error: + ecs_mapping: + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' + pack_id: + type: string + queries: + items: + $ref: '#/components/schemas/Security_Detections_API_OsqueryQuery' + type: array + query: + type: string + saved_query_id: + type: string + timeout: + type: number + Security_Detections_API_OsqueryQuery: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' + id: + description: Query ID + type: string + platform: + type: string + query: + description: Query to run + type: string + removed: + type: boolean + snapshot: + type: boolean + version: + description: Query version + type: string + required: + - id + - query + Security_Detections_API_OsqueryResponseAction: + type: object + properties: + action_type_id: enum: - - Not Found - example: Not Found + - .osquery + type: string + params: + $ref: '#/components/schemas/Security_Detections_API_OsqueryParams' + required: + - action_type_id + - params + Security_Detections_API_PlatformErrorResponse: + type: object + properties: + error: type: string message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found type: string statusCode: - enum: - - 404 - example: 404 type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request + required: + - statusCode + - error + - message + Security_Detections_API_ProcessesParams: type: object properties: - data_view: - description: The data view object. + command: + enum: + - kill-process + - suspend-process + type: string + comment: + type: string + config: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: + field: + description: Field to use instead of process.pid type: string + overwrite: + default: true + description: Whether to overwrite field with process.pid + type: boolean required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. - type: boolean + - field required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties - type: object - properties: - data_view: - type: object + - command + - config + Security_Detections_API_QueryRule: + allOf: + - type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' + Security_Detections_API_QueryRuleCreateFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - example: WzQ2LDJd - type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_QueryRuleDefaultableFields: type: object properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 - type: string - customLabel: - description: Custom label for the field. - type: string - Data_views_fieldformats: - description: A map of field formats by field name. - type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default - type: string - type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + Security_Detections_API_QueryRuleOptionalFields: type: object properties: - script: - type: object + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_QueryRulePatchFields: + allOf: + - type: object properties: - source: - description: Script for the runtime field. + type: + description: Rule type + enum: + - query type: string + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' + Security_Detections_API_QueryRuleRequiredFields: + type: object + properties: type: - description: Mapping type of the runtime field. + description: Rule type + enum: + - query type: string required: - - script - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request + Security_Detections_API_QueryRuleResponseFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + required: + - query + - language + Security_Detections_API_QueryRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_RelatedIntegration: + description: > + Related integration is a potential dependency of a rule. It's assumed + that if the user installs + + one of the related integrations of a rule, the rule might start to work + properly because it will + + have source events (generated by this integration) potentially matching + the rule's query. + + + NOTE: Proper work is not guaranteed, because a related integration, if + installed, can be + + configured differently or generate data that is not necessarily relevant + for this rule. + + + Related integration is a combination of a Fleet package and (optionally) + one of the + + package's "integrations" that this package contains. It is represented + by 3 properties: + + + - `package`: name of the package (required, unique id) + + - `version`: version of the package (required, semver-compatible) + + - `integration`: name of the integration of this package (optional, id + within the package) + + + There are Fleet packages like `windows` that contain only one + integration; in this case, + + `integration` should be unspecified. There are also packages like `aws` + and `azure` that contain + + several integrations; in this case, `integration` should be specified. + + + @example + + const x: RelatedIntegration = { + package: 'windows', + version: '1.5.x', + }; + + + @example + + const x: RelatedIntegration = { + package: 'azure', + version: '~1.1.6', + integration: 'activitylogs', + }; type: object properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. - type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. - type: string - toId: - description: New saved object reference value to replace the old value. - type: string + integration: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + package: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + version: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - - fromId - - toId - Data_views_timefieldname: - description: The timestamp field name, which you use for time-based data views. - type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). - type: string - Data_views_type: - description: When set to `rollup`, identifies the rollup data views. - type: string - Data_views_typemeta: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + - package + - version + Security_Detections_API_RelatedIntegrationArray: + items: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' + type: array + Security_Detections_API_RequiredField: + description: > + Describes an Elasticsearch field that is needed for the rule to + function. + + + Almost all types of Security rules check source event documents for a + match to some kind of + + query or filter. If a document has certain field with certain values, + then it's a match and + + the rule will generate an alert. + + + Required field is an event field that must be present in the source + indices of a given rule. + + + @example + + const standardEcsField: RequiredField = { + name: 'event.action', + type: 'keyword', + ecs: true, + }; + + + @example + + const nonEcsField: RequiredField = { + name: 'winlog.event_data.AttributeLDAPDisplayName', + type: 'keyword', + ecs: false, + }; type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object + ecs: + description: Whether the field is an ECS field + type: boolean + name: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Name of an Elasticsearch field + type: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Type of the Elasticsearch field required: - - aggs - - params - Data_views_typemeta_response: + - name + - type + - ecs + Security_Detections_API_RequiredFieldArray: + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredField' + type: array + Security_Detections_API_RequiredFieldInput: description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true - type: object - properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. - type: object - Data_views_update_data_view_request_object: - title: Update data view request + Input parameters to create a RequiredField. Does not include the `ecs` + field, because `ecs` is calculated on the backend based on the field + name and type. type: object properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean + name: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Name of an Elasticsearch field + type: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Type of an Elasticsearch field required: - - data_view - Fleet_agent: - title: Agent + - name + - type + Security_Detections_API_ResponseAction: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_OsqueryResponseAction' + - $ref: '#/components/schemas/Security_Detections_API_EndpointResponseAction' + Security_Detections_API_ResponseFields: type: object properties: - access_api_key: - type: string - access_api_key_id: - type: string - active: - type: boolean - components: - items: - $ref: '#/components/schemas/Fleet_agent_component' - type: array - default_api_key: - type: string - default_api_key_id: + created_at: + format: date-time type: string - enrolled_at: + created_by: type: string + execution_summary: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary' id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + immutable: + $ref: '#/components/schemas/Security_Detections_API_IsRuleImmutable' + required_fields: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldArray' + revision: + minimum: 0 + type: integer + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_source: + $ref: '#/components/schemas/Security_Detections_API_RuleSource' + updated_at: + format: date-time type: string - last_checkin: - type: string - local_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' - metrics: - type: object - properties: - cpu_avg: - description: >- - Average agent CPU usage during the last 5 minutes, number - between 0-1 - type: number - memory_size_byte_avg: - description: Average agent memory consumption during the last 5 minutes - type: number - policy_id: - type: string - policy_revision: - type: number - status: - $ref: '#/components/schemas/Fleet_agent_status' - type: - $ref: '#/components/schemas/Fleet_agent_type' - unenrolled_at: - type: string - unenrollment_started_at: + updated_by: type: string - user_provided_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' required: - - type - - active - - enrolled_at - id - - status - Fleet_agent_action: - oneOf: - - properties: - ack_data: - type: string - data: - type: string - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - - properties: - data: - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - type: - type: string - title: Agent action - Fleet_agent_component: - title: Agent component + - rule_id + - immutable + - updated_at + - updated_by + - created_at + - created_by + - revision + - related_integrations + - required_fields + Security_Detections_API_RiskScore: + description: Risk score (0 to 100) + maximum: 100 + minimum: 0 + type: integer + Security_Detections_API_RiskScoreMapping: + description: >- + Overrides generated alerts' risk_score with a value from the source + event + items: + type: object + properties: + field: + type: string + operator: + enum: + - equals + type: string + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + value: + type: string + required: + - field + - operator + - value + type: array + Security_Detections_API_RuleAction: type: object properties: - id: - type: string - message: - type: string - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: + action_type_id: + description: The action type used for sending notifications. type: string - units: - items: - $ref: '#/components/schemas/Fleet_agent_component_unit' - type: array - Fleet_agent_component_status: + alerts_filter: + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' + frequency: + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' + group: + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' + params: + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' + uuid: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - action_type_id + - id + - params + Security_Detections_API_RuleActionAlertsFilter: + additionalProperties: true + type: object + Security_Detections_API_RuleActionFrequency: + description: >- + The action frequency defines when the action runs (for example, only on + rule execution or at specific time intervals). + type: object + properties: + notifyWhen: + $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' + summary: + description: >- + Action summary indicates whether we will send a summary notification + about all the generate alerts or notification per individual alert + type: boolean + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + nullable: true + required: + - summary + - notifyWhen + - throttle + Security_Detections_API_RuleActionGroup: + description: >- + Optionally groups actions by use cases. Use `default` for alert + notifications. + type: string + Security_Detections_API_RuleActionId: + description: The connector ID. + type: string + Security_Detections_API_RuleActionNotifyWhen: + description: >- + The condition for throttling the notification: `onActionGroupChange`, + `onActiveAlert`, or `onThrottleInterval` enum: - - starting - - configuring - - healthy - - degraded - - failed - - stopping - - stopped - title: Agent component status + - onActiveAlert + - onThrottleInterval + - onActionGroupChange type: string - Fleet_agent_component_unit: - title: Agent component unit + Security_Detections_API_RuleActionParams: + additionalProperties: true + description: >- + Object containing the allowed connector fields, which varies according + to the connector type. type: object - properties: - id: + Security_Detections_API_RuleActionThrottle: + description: Defines how often rule actions are taken. + oneOf: + - enum: + - no_actions + - rule type: string - message: + - description: Time interval in seconds, minutes, hours, or days. + example: 1h + pattern: ^[1-9]\d*[smhd]$ type: string - payload: - type: object - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - $ref: '#/components/schemas/Fleet_agent_component_unit_type' - Fleet_agent_component_unit_type: - enum: - - input - - output - title: Agent component unit type + Security_Detections_API_RuleAuthorArray: + items: + type: string + type: array + Security_Detections_API_RuleCreateProps: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' + discriminator: + propertyName: type + Security_Detections_API_RuleDescription: + minLength: 1 type: string - Fleet_agent_diagnostics: - title: Agent diagnostics + Security_Detections_API_RuleDetailsInError: type: object properties: - actionId: - type: string - createTime: - type: string - filePath: - type: string id: type: string name: type: string - status: + required: + - id + Security_Detections_API_RuleExceptionList: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: ID of the exception container + list_id: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: List ID of the exception container + namespace_type: + description: Determines the exceptions validity in rule's Kibana space enum: - - READY - - AWAITING_UPLOAD - - DELETED - - IN_PROGRESS + - agnostic + - single + type: string + type: + $ref: '#/components/schemas/Security_Detections_API_ExceptionListType' required: - id - - name - - createTime - - filePath - - actionId - - status - Fleet_agent_get_by_actions: + - list_id + - type + - namespace_type + Security_Detections_API_RuleExecutionMetrics: + type: object + properties: + execution_gap_duration_s: + description: Duration in seconds of execution gap + minimum: 0 + type: integer + total_enrichment_duration_ms: + description: >- + Total time spent enriching documents during current rule execution + cycle + minimum: 0 + type: integer + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during current rule execution + cycle + minimum: 0 + type: integer + total_search_duration_ms: + description: >- + Total time spent performing ES searches as measured by Kibana; + includes network latency and time spent serializing/deserializing + request/response + minimum: 0 + type: integer + Security_Detections_API_RuleExecutionStatus: + description: >- + Custom execution status of Security rules that is different from the + status used in the Alerting Framework. We merge our custom status with + the Framework's status to determine the resulting status of a rule. + + - going to run - @deprecated Replaced by the 'running' status but left + for backwards compatibility with rule execution events already written + to Event Log in the prior versions of Kibana. Don't use when writing + rule status changes. + + - running - Rule execution started but not reached any intermediate or + final status. + + - partial failure - Rule can partially fail for various reasons either + in the middle of an execution (in this case we update its status right + away) or in the end of it. So currently this status can be both + intermediate and final at the same time. A typical reason for a partial + failure: not all the indices that the rule searches over actually exist. + + - failed - Rule failed to execute due to unhandled exception or a reason + defined in the business logic of its executor function. + + - succeeded - Rule executed successfully without any issues. Note: this + status is just an indication of a rule's "health". The rule might or + might not generate any alerts despite of it. + enum: + - going to run + - running + - partial failure + - failed + - succeeded + type: string + Security_Detections_API_RuleExecutionStatusOrder: + type: integer + Security_Detections_API_RuleExecutionSummary: + type: object + properties: + last_execution: + type: object + properties: + date: + description: Date of the last execution + format: date-time + type: string + message: + type: string + metrics: + $ref: >- + #/components/schemas/Security_Detections_API_RuleExecutionMetrics + status: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' + description: Status of the last execution + status_order: + $ref: >- + #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder + required: + - date + - status + - status_order + - message + - metrics + required: + - last_execution + Security_Detections_API_RuleFalsePositiveArray: items: - items: - type: string - type: array - title: Agents get by action ids + type: string type: array - Fleet_agent_metadata: - title: Agent metadata + Security_Detections_API_RuleFilterArray: + items: {} + type: array + Security_Detections_API_RuleInterval: + description: >- + Frequency of rule execution, using a date math range. For example, "1h" + means the rule runs every hour. Defaults to 5m (5 minutes). + type: string + Security_Detections_API_RuleIntervalFrom: + description: >- + Time from which data is analyzed each time the rule runs, using a date + math range. For example, now-4200s means the rule analyzes data from 70 + minutes before its start time. Defaults to now-6m (analyzes data from 6 + minutes before the start time). + format: date-math + type: string + Security_Detections_API_RuleIntervalTo: + type: string + Security_Detections_API_RuleLicense: + description: The rule's license. + type: string + Security_Detections_API_RuleMetadata: + additionalProperties: true type: object - Fleet_agent_policy: - title: Agent Policy + Security_Detections_API_RuleName: + minLength: 1 + type: string + Security_Detections_API_RuleNameOverride: + description: Sets the source field for the alert's signal.rule.name value + type: string + Security_Detections_API_RuleObjectId: + $ref: '#/components/schemas/Security_Detections_API_UUID' + Security_Detections_API_RulePatchProps: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' + Security_Detections_API_RulePreviewLoggedRequest: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + duration: + type: integer + request: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - request + Security_Detections_API_RulePreviewLogs: type: object properties: - advanced_settings: - description: >- - Advanced settings stored in the agent policy, e.g. - agent_limits_go_max_procs - nullable: true - type: object - agent_features: + duration: + description: Execution duration in milliseconds + type: integer + errors: items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array - agents: - type: number - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - global_data_tags: + requests: items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object + $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest type: array - id: - type: string - inactivity_timeout: - type: integer - is_protected: - description: >- - Indicates whether the agent policy has tamper protection enabled. - Default false. - type: boolean - keep_monitoring_alive: - description: >- - When set to true, monitoring will be enabled but logs/metrics - collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - type: object - properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: + startedAt: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + warnings: items: - enum: - - metrics - - logs - type: string + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array - monitoring_http: - type: object + required: + - errors + - warnings + - duration + Security_Detections_API_RulePreviewParams: + type: object + properties: + invocationCount: + type: integer + timeframeEnd: + format: date-time + type: string + required: + - invocationCount + - timeframeEnd + Security_Detections_API_RuleQuery: + type: string + Security_Detections_API_RuleReferenceArray: + items: + type: string + type: array + Security_Detections_API_RuleResponse: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRule' + - $ref: '#/components/schemas/Security_Detections_API_QueryRule' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRule' + discriminator: + propertyName: type + Security_Detections_API_RuleSignatureId: + description: Could be any string, not necessarily a UUID + type: string + Security_Detections_API_RuleSource: + description: >- + Discriminated union that determines whether the rule is internally + sourced (created within the Kibana app) or has an external source, such + as the Elastic Prebuilt rules repo. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' + - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' + Security_Detections_API_RuleTagArray: + description: >- + String array containing words and phrases to help categorize, filter, + and search rules. Defaults to an empty array. + items: + type: string + type: array + Security_Detections_API_RuleUpdateProps: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' + discriminator: + propertyName: type + Security_Detections_API_RuleVersion: + description: The rule's version number. + minimum: 1 + type: integer + Security_Detections_API_SavedObjectResolveAliasPurpose: + enum: + - savedObjectConversion + - savedObjectImport + type: string + Security_Detections_API_SavedObjectResolveAliasTargetId: + type: string + Security_Detections_API_SavedObjectResolveOutcome: + enum: + - exactMatch + - aliasMatch + - conflict + type: string + Security_Detections_API_SavedQueryId: + type: string + Security_Detections_API_SavedQueryRule: + allOf: + - type: object properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' enabled: - type: boolean - host: - type: string - port: - type: number + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: + - name + - description + - risk_score + - severity + - version + - tags - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - type: string - namespace: - type: string - overrides: - description: >- - Override settings that are defined in the agent policy. Input - settings cannot be overridden. The override option should be used - only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - description: >- - This field is present only when retrieving a single agent policy, or - when retrieving a list of agent policies with the ?full=true - parameter + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields + Security_Detections_API_SavedQueryRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SavedQueryRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_SavedQueryRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + response_actions: items: - $ref: '#/components/schemas/Fleet_package_policy' + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - revision: - type: number - supports_agentless: - description: >- - Indicates whether the agent policy supports agentless integrations. - Only allowed in a serverless environment. - type: boolean - unenroll_timeout: - type: integer - unprivileged_agents: - type: number - updated_by: - type: string - updated_on: - format: date-time + Security_Detections_API_SavedQueryRulePatchFields: + allOf: + - type: object + properties: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + type: + description: Rule type + enum: + - saved_query + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields + Security_Detections_API_SavedQueryRuleRequiredFields: + type: object + properties: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + type: + description: Rule type + enum: + - saved_query type: string required: - - id - - status - - name - - namespace - Fleet_agent_policy_create_request: - title: Create agent policy request + - type + - saved_id + Security_Detections_API_SavedQueryRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_SavedQueryRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SetAlertsStatusByIds: type: object properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: + signal_ids: items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + minItems: 1 type: array - id: + status: + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' + required: + - signal_ids + - status + Security_Detections_API_SetAlertsStatusByQuery: + type: object + properties: + conflicts: + default: abort + enum: + - abort + - proceed type: string - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: - items: + query: + additionalProperties: true + type: object + status: + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' + required: + - query + - status + Security_Detections_API_SetAlertTags: + type: object + properties: + tags_to_add: + $ref: '#/components/schemas/Security_Detections_API_AlertTags' + tags_to_remove: + $ref: '#/components/schemas/Security_Detections_API_AlertTags' + required: + - tags_to_add + - tags_to_remove + Security_Detections_API_SetupGuide: + type: string + Security_Detections_API_Severity: + description: Severity of the rule + enum: + - low + - medium + - high + - critical + type: string + Security_Detections_API_SeverityMapping: + description: Overrides generated alerts' severity with values from the source event + items: + type: object + properties: + field: + type: string + operator: enum: - - metrics - - logs + - equals type: string - type: array - monitoring_output_id: - nullable: true - type: string - name: - type: string - namespace: + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + value: + type: string + required: + - field + - operator + - severity + - value + type: array + Security_Detections_API_SiemErrorResponse: + type: object + properties: + message: type: string - unenroll_timeout: + status_code: type: integer required: - - name - - namespace - Fleet_agent_policy_full: - oneOf: + - status_code + - message + Security_Detections_API_SortOrder: + enum: + - asc + - desc + type: string + Security_Detections_API_Threat: + type: object + properties: + framework: + description: Relevant attack framework + type: string + tactic: + $ref: '#/components/schemas/Security_Detections_API_ThreatTactic' + technique: + description: Array containing information on the attack techniques (optional) + items: + $ref: '#/components/schemas/Security_Detections_API_ThreatTechnique' + type: array + required: + - framework + - tactic + Security_Detections_API_ThreatArray: + items: + $ref: '#/components/schemas/Security_Detections_API_Threat' + type: array + Security_Detections_API_ThreatFilters: + items: + description: >- + Query and filter context array used to filter documents from the + Elasticsearch index containing the threat values + type: array + Security_Detections_API_ThreatIndex: + items: + type: string + type: array + Security_Detections_API_ThreatIndicatorPath: + description: >- + Defines the path to the threat indicator in the indicator documents + (optional) + type: string + Security_Detections_API_ThreatMapping: + items: + type: object + properties: + entries: + items: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + type: + enum: + - mapping + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - field + - type + - value + type: array + required: + - entries + minItems: 1 + type: array + Security_Detections_API_ThreatMatchRule: + allOf: - type: object properties: - item: - type: string + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields + Security_Detections_API_ThreatMatchRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRuleCreateProps: + allOf: - type: object properties: - item: - $ref: '#/components/schemas/Fleet_full_agent_policy' - title: Agent policy full response + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatMatchRuleDefaultableFields: type: object - Fleet_agent_policy_update_request: - title: Update agent policy request + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRuleOptionalFields: type: object properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + concurrent_searches: + $ref: '#/components/schemas/Security_Detections_API_ConcurrentSearches' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + items_per_search: + $ref: '#/components/schemas/Security_Detections_API_ItemsPerSearch' + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + threat_filters: + $ref: '#/components/schemas/Security_Detections_API_ThreatFilters' + threat_indicator_path: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndicatorPath' + threat_language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRulePatchFields: + allOf: + - type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threat_index: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' + threat_mapping: + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' + threat_query: + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' + type: + description: Rule type + enum: + - threat_match + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields + Security_Detections_API_ThreatMatchRuleRequiredFields: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threat_index: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' + threat_mapping: + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' + threat_query: + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' + type: + description: Rule type + enum: + - threat_match type: string - description: + required: + - type + - query + - threat_query + - threat_mapping + - threat_index + Security_Detections_API_ThreatMatchRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThreatMatchRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatQuery: + description: Query to run + type: string + Security_Detections_API_ThreatSubtechnique: + type: object + properties: + id: + description: Subtechnique ID type: string - download_source_id: - nullable: true + name: + description: Subtechnique name type: string - fleet_server_host_id: - nullable: true + reference: + description: Subtechnique reference type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_output_id: - nullable: true + required: + - id + - name + - reference + Security_Detections_API_ThreatTactic: + type: object + properties: + id: + description: Tactic ID type: string name: + description: Tactic name type: string - namespace: + reference: + description: Tactic reference type: string - unenroll_timeout: - type: integer required: + - id - name - - namespace - Fleet_agent_status: - enum: - - offline - - error - - online - - inactive - - warning - title: Elastic Agent status - type: string - Fleet_agent_type: - enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - title: Agent type - type: string - Fleet_bulk_install_packages_response: - title: Bulk install packages response + - reference + Security_Detections_API_ThreatTechnique: type: object properties: - items: - items: - type: object - properties: - name: - type: string - version: - type: string - type: array - response: - deprecated: true + id: + description: Technique ID + type: string + name: + description: Technique name + type: string + reference: + description: Technique reference + type: string + subtechnique: + description: Array containing more specific information on the attack technique items: - type: object - properties: - name: - type: string - version: - type: string + $ref: '#/components/schemas/Security_Detections_API_ThreatSubtechnique' type: array required: - - items - Fleet_bulk_upgrade_agents: - title: Bulk upgrade agents + - id + - name + - reference + Security_Detections_API_Threshold: type: object properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents + cardinality: + $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality' + field: + $ref: '#/components/schemas/Security_Detections_API_ThresholdField' + value: + $ref: '#/components/schemas/Security_Detections_API_ThresholdValue' + required: + - field + - value + Security_Detections_API_ThresholdAlertSuppression: + type: object + properties: + duration: + $ref: >- + #/components/schemas/Security_Detections_API_AlertSuppressionDuration + required: + - duration + Security_Detections_API_ThresholdCardinality: + items: + type: object + properties: + field: + type: string + value: + minimum: 0 + type: integer + required: + - field + - value + type: array + Security_Detections_API_ThresholdField: + description: Field to aggregate on + oneOf: + - type: string + - items: + type: string + type: array + Security_Detections_API_ThresholdRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields + Security_Detections_API_ThresholdRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThresholdRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: >- + #/components/schemas/Security_Detections_API_ThresholdAlertSuppression + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_ThresholdRulePatchFields: + allOf: + - type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threshold: + $ref: '#/components/schemas/Security_Detections_API_Threshold' + type: + description: Rule type + enum: + - threshold type: string - - description: list of agent IDs + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRulePatchProps: + allOf: + - type: object + properties: + actions: items: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleAction' type: array - force: - description: Force upgrade, skipping validation (should be used with caution) - type: boolean - rollout_duration_seconds: - description: rolling upgrade window duration in seconds - type: number - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: - description: alternative upgrade binary download url - type: string - start_time: - description: start time of upgrade in ISO 8601 format - type: string - version: - description: version to upgrade to + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRulePatchFields + Security_Detections_API_ThresholdRuleRequiredFields: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threshold: + $ref: '#/components/schemas/Security_Detections_API_Threshold' + type: + description: Rule type + enum: + - threshold type: string required: - - agents - - version - Fleet_data_stream: - title: Data stream + - type + - query + - threshold + Security_Detections_API_ThresholdRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThresholdRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdValue: + description: Threshold value + minimum: 1 + type: integer + Security_Detections_API_ThrottleForBulkActions: + description: >- + The condition for throttling the notification: 'rule', 'no_actions', or + time duration + enum: + - rule + - 1h + - 1d + - 7d + type: string + Security_Detections_API_TiebreakerField: + description: Sets a secondary field for sorting events + type: string + Security_Detections_API_TimelineTemplateId: + description: Timeline template ID + type: string + Security_Detections_API_TimelineTemplateTitle: + description: Timeline template title + type: string + Security_Detections_API_TimestampField: + description: Contains the event timestamp used for sorting a sequence of events + type: string + Security_Detections_API_TimestampOverride: + description: Sets the time field used to query indices + type: string + Security_Detections_API_TimestampOverrideFallbackDisabled: + description: Disables the fallback to the event's @timestamp field + type: boolean + Security_Detections_API_UUID: + description: A universally unique identifier + format: uuid + type: string + Security_Detections_API_WarningSchema: type: object properties: - dashboard: - items: - type: object - properties: - id: - type: string - title: - type: string - type: array - dataset: - type: string - index: - type: string - last_activity_ms: - type: number - namespace: - type: string - package: + actionPath: type: string - package_version: + buttonLabel: type: string - size_in_bytes: - type: number - size_in_bytes_formatted: + message: type: string type: type: string - Fleet_download_sources: - title: Download Source + required: + - type + - message + - actionPath + Security_Endpoint_Exceptions_API_EndpointList: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' + - additionalProperties: false + type: object + Security_Endpoint_Exceptions_API_EndpointListItem: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' + Security_Endpoint_Exceptions_API_ExceptionList: type: object properties: - host: + _version: type: string - id: + created_at: + format: date-time type: string - is_default: + created_by: + type: string + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription + id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId + immutable: type: boolean + list_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags + tie_breaker_id: type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the proxies - API for more information. - nullable: true + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType + updated_at: + format: date-time + type: string + updated_by: type: string + version: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion required: - - is_default + - id + - list_id + - type - name - - host - Fleet_elasticsearch_asset_type: - enum: - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - title: Elasticsearch asset type + - description + - immutable + - namespace_type + - version + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Endpoint_Exceptions_API_ExceptionListDescription: type: string - Fleet_enrollment_api_key: - title: Enrollment API key + Security_Endpoint_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + Security_Endpoint_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItem: type: object properties: - active: - description: >- - When false, the enrollment API key is revoked and cannot be used for - enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. + _version: type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray created_at: + format: date-time type: string - id: - type: string - name: - description: The name of the enrollment API key. + created_by: type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time type: string - required: - - id - - api_key_id - - api_key - - active - - created_at - Fleet_fleet_server_host: - title: Fleet Server Host - type: object - properties: - host_urls: - items: - type: string - type: array id: - type: string - is_default: - type: boolean - is_internal: - type: boolean - is_preconfigured: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + tie_breaker_id: type: string - proxy_id: - type: string - required: - - fleet_server_hosts - - id - - is_default - - is_preconfigured - - host_urls - Fleet_fleet_settings_response: - title: Fleet settings response - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_settings' - required: - - item - Fleet_fleet_setup_response: - title: Fleet Setup response - type: object - properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array - required: - - isInitialized - - nonFatalErrors - Fleet_fleet_status_response: - title: Fleet status response - type: object - properties: - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: - type: string - required: - - isReady - - missing_requirements - - missing_optional_features - Fleet_full_agent_policy: - title: Full agent policy - type: object - properties: - agent: - nullable: true + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + updated_at: + format: date-time type: string - fleet: - oneOf: - - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - - type: object - properties: - kibana: - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - id: + updated_by: type: string - inputs: + required: + - id + - item_id + - list_id + - type + - name + - description + - entries + - namespace_type + - comments + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Endpoint_Exceptions_API_ExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + created_at: + format: date-time type: string - monitoring: - type: object - properties: - diagnostics: - type: object - properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - enabled: - type: boolean - http: - type: object - properties: - enabled: - type: boolean - host: - type: string - port: - type: number - required: - - enabled - logs: - type: boolean - metrics: - type: boolean - namespace: - type: string - pprof: - type: object - properties: - enabled: - type: boolean - required: - - enabled - traces: - type: boolean - use_output: - type: string - required: - - enabled - - metrics - - logs - - traces - output_permissions: - additionalProperties: - type: object - properties: - data: - $ref: >- - #/components/schemas/Fleet_full_agent_policy_output_permissions - output: - type: integer - type: object - outputs: - additionalProperties: - $ref: '#/components/schemas/Fleet_full_agent_policy_output' - type: object - revision: - type: number - secret_references: - items: - type: object - properties: - id: - type: string - type: array + created_by: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + updated_at: + format: date-time + type: string + updated_by: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' required: - id - - outputs - - inputs - Fleet_full_agent_policy_input: - allOf: - - additionalProperties: true + - comment + - created_at + - created_by + Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemDescription: + type: string + Security_Endpoint_Exceptions_API_ExceptionListItemEntry: + anyOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard + discriminator: + propertyName: type + Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - exists + type: string + required: + - type + - field + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryList: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + list: type: object properties: - data_stream: - type: object - properties: - namespace: - type: string - required: - - namespace id: - type: string - meta: - additionalProperties: true - type: object - properties: - package: - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version - name: - type: string - revision: - type: number - streams: - $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' type: - type: string - use_output: - type: string + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' required: - id - - name - - revision - type - - data_stream - - use_output - title: Full agent policy input - Fleet_full_agent_policy_input_stream: - allOf: - - additionalProperties: true - type: object - properties: - data_stream: - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - - type - id: - type: string - required: - - id - - data_stream - title: Full agent policy input stream - Fleet_full_agent_policy_output: - title: Full agent policy + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - list + type: string + required: + - type + - field + - list + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match + type: string + value: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match_any + type: string + value: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + minItems: 1 + type: array + required: + - type + - field + - value + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - wildcard + type: string + value: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested: + type: object + properties: + entries: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem + minItems: 1 + type: array + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + type: + enum: + - nested + type: string + required: + - type + - field + - entries + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: + enum: + - excluded + - included + type: string + Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemMeta: + additionalProperties: true + type: object + Security_Endpoint_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemTags: + items: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemType: + enum: + - simple + type: string + Security_Endpoint_Exceptions_API_ExceptionListMeta: + additionalProperties: true + type: object + Security_Endpoint_Exceptions_API_ExceptionListName: + type: string + Security_Endpoint_Exceptions_API_ExceptionListOsType: + enum: + - linux + - macos + - windows + type: string + Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + type: array + Security_Endpoint_Exceptions_API_ExceptionListTags: + items: + type: string + type: array + Security_Endpoint_Exceptions_API_ExceptionListType: + enum: + - detection + - rule_default + - endpoint + - endpoint_trusted_apps + - endpoint_events + - endpoint_host_isolation_exceptions + - endpoint_blocklists + type: string + Security_Endpoint_Exceptions_API_ExceptionListVersion: + minimum: 1 + type: integer + Security_Endpoint_Exceptions_API_ExceptionNamespaceType: + description: > + Determines whether the exception container is available in all Kibana + spaces or just the space + + in which it is created, where: + + + - `single`: Only available in the Kibana space in which it is created. + + - `agnostic`: Available in all Kibana spaces. + enum: + - agnostic + - single + type: string + Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListType: + enum: + - binary + - boolean + - byte + - date + - date_nanos + - date_range + - double + - double_range + - float + - float_range + - geo_point + - geo_shape + - half_float + - integer + - integer_range + - ip + - ip_range + - keyword + - long + - long_range + - shape + - short + - text + type: string + Security_Endpoint_Exceptions_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Endpoint_Exceptions_API_PlatformErrorResponse: type: object properties: - additionalProperties: - type: object - properties: - text: {} - ca_sha256: - nullable: true + error: type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: + message: type: string - type: {} + statusCode: + type: integer required: - - type - - hosts - - ca_sha256 - Fleet_full_agent_policy_output_permissions: - additionalProperties: - type: object - properties: - data: - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - type: object - properties: - names: - items: - type: string - type: array - privileges: - items: - type: string - type: array - type: array - packagePolicyName: - type: string - title: Full agent policy output permissions - Fleet_get_agent_tags_response: - title: Get Agent Tags response + - statusCode + - error + - message + Security_Endpoint_Exceptions_API_SiemErrorResponse: type: object properties: - items: - items: - type: string - type: array - Fleet_get_agents_response: - title: Get Agent response + message: + type: string + status_code: + type: integer + required: + - status_code + - message + Security_Endpoint_Management_API_ActionLogRequestQuery: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_agent' - type: array + end_date: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' page: - type: number - perPage: - type: number - statusSummary: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + page_size: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' + start_date: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + Security_Endpoint_Management_API_ActionStateSuccessResponse: + type: object + properties: + body: type: object properties: - degraded': - type: number - enrolling: - type: number - error: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - unenrolled: - type: number - unenrolling: - type: number - updating: - type: number - total: - type: number + data: + type: object + properties: + canEncrypt: + type: boolean + required: + - data required: - - items - - total - - page - - perPage - Fleet_get_bulk_assets_response: - deprecated: true + - body + Security_Endpoint_Management_API_ActionStatusSuccessResponse: + type: object properties: - items: - items: - type: object - properties: - appLink: - type: string - attributes: - type: object - properties: - description: - type: string - title: - type: string - id: - type: string - type: - $ref: '#/components/schemas/Fleet_saved_object_type' - updatedAt: - type: string - type: array + body: + type: object + properties: + data: + type: object + properties: + agent_id: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_AgentId + pending_actions: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema + required: + - agent_id + - pending_actions + required: + - data required: - - items - title: Bulk get assets response + - body + Security_Endpoint_Management_API_AgentId: + description: Agent ID + type: string + Security_Endpoint_Management_API_AgentIds: + minLength: 1 + oneOf: + - items: + minLength: 1 + type: string + maxItems: 50 + minItems: 1 + type: array + - minLength: 1 + type: string + Security_Endpoint_Management_API_AgentTypes: + enum: + - endpoint + - sentinel_one + - crowdstrike + type: string + Security_Endpoint_Management_API_AlertIds: + description: A list of alerts ids. + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' + minItems: 1 + type: array + Security_Endpoint_Management_API_CaseIds: + description: Case IDs to be updated (cannot contain empty strings) + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_Command: + description: The command to be executed (cannot be an empty string) + enum: + - isolate + - unisolate + - kill-process + - suspend-process + - running-processes + - get-file + - execute + - upload + - scan + minLength: 1 + type: string + Security_Endpoint_Management_API_Commands: + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' + type: array + Security_Endpoint_Management_API_Comment: + description: Optional comment + type: string + Security_Endpoint_Management_API_EndDate: + description: End date + type: string + Security_Endpoint_Management_API_EndpointIds: + description: List of endpoint IDs (cannot contain empty strings) + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_EntityId: type: object - Fleet_get_categories_response: - title: Get categories response + properties: + entity_id: + minLength: 1 + type: string + Security_Endpoint_Management_API_ExecuteRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + type: object + properties: + command: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Command + timeout: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Timeout + required: + - command + required: + - parameters + Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: type: object properties: - items: - items: - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - required: - - items - Fleet_get_packages_response: - title: Get Packages response + agentIds: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' + agentTypes: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + commands: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' + endDate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' + page: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + pageSize: + default: 10 + description: Number of items per page + maximum: 10000 + minimum: 1 + type: integer + startDate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + types: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' + userIds: + $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' + withOutputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + Security_Endpoint_Management_API_GetFileRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + type: object + properties: + path: + type: string + required: + - path + required: + - parameters + Security_Endpoint_Management_API_GetProcessesRouteRequestBody: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_IsolateRouteRequestBody: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_KillProcessRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' + - $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EntityId + - type: object + properties: + process_name: + description: Valid for SentinelOne agent type only + minLength: 1 + type: string + required: + - parameters + Security_Endpoint_Management_API_ListRequestQuery: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_search_result' - type: array - response: - deprecated: true + hostStatuses: items: - $ref: '#/components/schemas/Fleet_search_result' + enum: + - healthy + - offline + - updating + - inactive + - unenrolled + type: string type: array + kuery: + nullable: true + type: string + page: + default: 0 + description: Page number + minimum: 0 + type: integer + pageSize: + default: 10 + description: Number of items per page + maximum: 10000 + minimum: 1 + type: integer + sortDirection: + enum: + - asc + - desc + nullable: true + type: string + sortField: + enum: + - enrolled_at + - metadata.host.hostname + - host_status + - metadata.Endpoint.policy.applied.name + - metadata.Endpoint.policy.applied.status + - metadata.host.os.name + - metadata.host.ip + - metadata.agent.version + - last_checkin + type: string required: - - items - Fleet_installation_info: - title: Installation info object + - hostStatuses + Security_Endpoint_Management_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Endpoint_Management_API_NoParametersRequestSchema: type: object properties: - created_at: + body: + type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + required: + - body + Security_Endpoint_Management_API_Page: + default: 1 + description: Page number + minimum: 1 + type: integer + Security_Endpoint_Management_API_PageSize: + default: 10 + description: Number of items per page + maximum: 100 + minimum: 1 + type: integer + Security_Endpoint_Management_API_Parameters: + description: Optional parameters object + type: object + Security_Endpoint_Management_API_PendingActionDataType: + type: integer + Security_Endpoint_Management_API_PendingActionsSchema: + oneOf: + - type: object + properties: + execute: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + get-file: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + isolate: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + kill-process: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + running-processes: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + scan: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + suspend-process: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + unisolate: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + upload: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + - additionalProperties: true + type: object + Security_Endpoint_Management_API_Pid: + type: object + properties: + pid: + minimum: 1 + type: integer + Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: + type: object + properties: + note: type: string - experimental_data_stream_features: - type: array + Security_Endpoint_Management_API_ScanRouteRequestBody: + allOf: + - type: object properties: - data_stream: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + type: object + properties: + path: + type: string + required: + - path + required: + - parameters + Security_Endpoint_Management_API_StartDate: + description: Start date + type: string + Security_Endpoint_Management_API_SuccessResponse: + type: object + properties: {} + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' + - $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EntityId + required: + - parameters + Security_Endpoint_Management_API_Timeout: + description: The maximum timeout value in milliseconds (optional) + minimum: 1 + type: integer + Security_Endpoint_Management_API_Type: + description: Type of response action + enum: + - automated + - manual + type: string + Security_Endpoint_Management_API_Types: + description: List of types of response actions + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' + maxLength: 2 + minLength: 1 + type: array + Security_Endpoint_Management_API_UnisolateRouteRequestBody: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_UploadRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + file: + format: binary type: string - features: + parameters: type: object properties: - doc_value_only_numeric: - nullable: true - type: boolean - doc_value_only_other: - nullable: true - type: boolean - synthetic_source: - nullable: true - type: boolean - tsdb: - nullable: true + overwrite: + default: false type: boolean - install_format_schema_version: - type: string - install_kibana_space_id: + required: + - parameters + - file + Security_Endpoint_Management_API_UserIds: + description: User IDs + oneOf: + - items: + minLength: 1 + type: string + minItems: 1 + type: array + - minLength: 1 type: string - install_source: - enum: - - registry - - upload - - bundled + Security_Endpoint_Management_API_WithOutputs: + description: Shows detailed outputs for an action response + oneOf: + - items: + minLength: 1 + type: string + minItems: 1 + type: array + - minLength: 1 type: string - install_status: - enum: - - installed - - installing - - install_failed + Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: + type: object + properties: + index: + type: integer + message: type: string - installed_es: - type: object + required: + - message + - index + Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats: + type: object + properties: + failed: + type: integer + successful: + type: integer + total: + type: integer + required: + - successful + - failed + - total + Security_Entity_Analytics_API_AssetCriticalityLevel: + description: The criticality level of the asset. + enum: + - low_impact + - medium_impact + - high_impact + - extreme_impact + type: string + Security_Entity_Analytics_API_AssetCriticalityRecord: + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts + - type: object properties: - deferred: - type: boolean - id: + '@timestamp': + description: The time the record was created or updated. + example: '2017-07-21T17:32:28Z' + format: date-time type: string - type: - $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' - installed_kibana: + required: + - '@timestamp' + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts: + type: object + properties: + asset: type: object properties: - id: - type: string - type: - $ref: '#/components/schemas/Fleet_kibana_saved_object_type' - latest_executed_state: - description: Latest successfully executed state in package install state machine + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - asset + host: type: object properties: - error: - type: string + asset: + type: object + properties: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality name: - enum: - - create_restart_installation - - install_kibana_assets - - install_ilm_policies - - install_ml_model - - install_index_template_pipelines - - remove_legacy_templates - - update_current_write_indices - - install_transforms - - delete_previous_pipelines - - save_archive_entries_from_assets_map - - update_so type: string - started_at: + required: + - name + user: + type: object + properties: + asset: + type: object + properties: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + name: type: string - latest_install_failed_attempts: - description: Latest failed install errors - items: - type: object - properties: - created_at: - type: string - error: - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - target_version: - type: string - type: array - name: - type: string - namespaces: - items: - type: string - type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: - enum: - - verified - - unverified - - unknown - type: string - version: - type: string + required: + - name required: - - installed_kibana - - installed_es - - name - - version - - install_status - - install_version - - install_started_at - - install_source - - verification_status - - latest_install_failed_attempts - Fleet_kibana_saved_object_type: - enum: - - dashboard - - visualization - - search - - index-pattern - - map - - lens - - ml-module - - security-rule - - csp_rule_template - title: Kibana saved object asset type - type: string - Fleet_new_package_policy: - description: '' + - asset + Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: + type: object properties: - description: + id_field: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + description: The field representing the ID. + example: host.name + id_value: + description: The ID value of the asset. type: string - enabled: + required: + - id_value + - id_field + Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse: + type: object + properties: + cleanup_successful: + example: false type: boolean - inputs: + errors: items: type: object properties: - config: - type: object - enabled: - type: boolean - processors: - items: - type: string - type: array - streams: - items: {} - type: array - type: + error: type: string - vars: - type: object + seq: + type: integer required: - - type - - enabled + - seq + - error type: array - name: + required: + - cleanup_successful + - errors + Security_Entity_Analytics_API_CreateAssetCriticalityRecord: + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts + - type: object + properties: + criticality_level: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality_level + Security_Entity_Analytics_API_EngineDescriptor: + type: object + properties: + filter: type: string - namespace: + indexPattern: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + status: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' + type: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + Security_Entity_Analytics_API_EngineStatus: + enum: + - installing + - started + - stopped + type: string + Security_Entity_Analytics_API_Entity: + oneOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity' + Security_Entity_Analytics_API_EntityRiskLevels: + enum: + - Unknown + - Low + - Moderate + - High + - Critical + type: string + Security_Entity_Analytics_API_EntityRiskScoreRecord: + type: object + properties: + '@timestamp': + description: The time at which the risk score was calculated. + example: '2017-07-21T17:32:28Z' + format: date-time type: string - output_id: + calculated_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' + description: Lexical description of the entity's risk. + example: Critical + calculated_score: + description: The raw numeric value of the given entity's risk score. + format: double + type: number + calculated_score_norm: + description: >- + The normalized numeric value of the given entity's risk score. + Useful for comparing with other entities. + format: double + maximum: 100 + minimum: 0 + type: number + category_1_count: + description: >- + The number of risk input documents that contributed to the Category + 1 score (`category_1_score`). + format: integer + type: number + category_1_score: + description: >- + The contribution of Category 1 to the overall risk score + (`calculated_score`). Category 1 contains Detection Engine Alerts. + format: double + type: number + category_2_count: + format: integer + type: number + category_2_score: + format: double + type: number + criticality_level: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + criticality_modifier: + format: double + type: number + id_field: + description: >- + The identifier field defining this risk score. Coupled with + `id_value`, uniquely identifies the entity being scored. + example: host.name type: string - overrides: + id_value: + description: >- + The identifier value defining this risk score. Coupled with + `id_field`, uniquely identifies the entity being scored. + example: example.host + type: string + inputs: + description: >- + A list of the highest-risk documents contributing to this risk + score. Useful for investigative purposes. + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput' + type: array + notes: + items: + type: string + type: array + required: + - '@timestamp' + - id_field + - id_value + - calculated_level + - calculated_score + - calculated_score_norm + - category_1_score + - category_1_count + - inputs + - notes + Security_Entity_Analytics_API_EntityType: + enum: + - user + - host + type: string + Security_Entity_Analytics_API_HostEntity: + type: object + properties: + asset: type: object - package: + properties: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + entity: type: object properties: - name: + definitionId: type: string - requires_root: - type: boolean - title: + definitionVersion: type: string - version: + displayName: + type: string + firstSeenTimestamp: + format: date-time + type: string + id: + type: string + identityFields: + items: + type: string + type: array + lastSeenTimestamp: + format: date-time + type: string + schemaVersion: + type: string + source: + type: string + type: + enum: + - node + type: string + required: + - lastSeenTimestamp + - schemaVersion + - definitionVersion + - displayName + - identityFields + - id + - type + - firstSeenTimestamp + - definitionId + host: + type: object + properties: + architecture: + items: + type: string + type: array + domain: + items: + type: string + type: array + hostname: + items: + type: string + type: array + id: + items: + type: string + type: array + ip: + items: + type: string + type: array + mac: + items: + type: string + type: array + name: type: string + risk: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + type: + items: + type: string + type: array required: - name - - version - policy_id: - deprecated: true - nullable: true - type: string - policy_ids: + Security_Entity_Analytics_API_IdField: + enum: + - host.name + - user.name + type: string + Security_Entity_Analytics_API_IndexPattern: + type: string + Security_Entity_Analytics_API_InspectQuery: + type: object + properties: + dsl: + items: + type: string + type: array + response: items: type: string type: array required: - - inputs - - name - title: New package policy - type: object - Fleet_output_create_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_create_request_kafka' - logstash: '#/components/schemas/Fleet_output_create_request_logstash' - remote_elasticsearch: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - propertyName: type - oneOf: - - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_create_request_kafka' - - $ref: '#/components/schemas/Fleet_output_create_request_logstash' - - $ref: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - title: Output - Fleet_output_create_request_elasticsearch: - title: elasticsearch + - dsl + - response + Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: type: object properties: - ca_sha256: + full_error: type: string - ca_trusted_fingerprint: + message: type: string - config: - type: object - config_yaml: + required: + - message + - full_error + Security_Entity_Analytics_API_RiskEngineScheduleNowResponse: + type: object + properties: + success: + type: boolean + Security_Entity_Analytics_API_RiskScoreInput: + description: A generic representation of a document contributing to a Risk Score. + type: object + properties: + category: + description: The risk category of the risk input document. + example: category_1 + type: string + contribution_score: + format: double + type: number + description: + description: A human-readable description of the risk input document. + example: 'Generated from Detection Engine Rule: Malware Prevention Alert' type: string - hosts: - items: - type: string - type: array id: + description: The unique identifier (`_id`) of the original source document + example: 91a93376a507e86cfbf282166275b89f9dbdb1f0be6c8103c6ff2909ca8e1a1c type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: + index: + description: The unique index (`_index`) of the original source document + example: .internal.alerts-security.alerts-default-000001 type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency + risk_score: + description: The weighted risk score of the risk input document. + format: double + maximum: 100 + minimum: 0 + type: number + timestamp: + description: The @timestamp of the risk input document. + example: '2017-07-21T17:32:28Z' type: string - proxy_id: + required: + - id + - index + - description + - category + Security_Entity_Analytics_API_TaskManagerUnavailableResponse: + description: Task manager is unavailable + type: object + properties: + message: type: string - shipper: + status_code: + minimum: 400 + type: integer + required: + - status_code + - message + Security_Entity_Analytics_API_UserEntity: + type: object + properties: + asset: type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + entity: type: object properties: - certificate: + definitionId: type: string - certificate_authorities: + definitionVersion: + type: string + displayName: + type: string + firstSeenTimestamp: + format: date-time + type: string + id: + type: string + identityFields: + items: + type: string + type: array + lastSeenTimestamp: + format: date-time + type: string + schemaVersion: + type: string + source: + type: string + type: + enum: + - node + type: string + required: + - lastSeenTimestamp + - schemaVersion + - definitionVersion + - displayName + - identityFields + - id + - type + - firstSeenTimestamp + - definitionId + - source + user: + type: object + properties: + domain: + items: + type: string + type: array + email: + items: + type: string + type: array + full_name: items: type: string type: array - key: + hash: + items: + type: string + type: array + id: + items: + type: string + type: array + name: type: string - type: - enum: - - elasticsearch + risk: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + roles: + items: + type: string + type: array + required: + - name + Security_Exceptions_API_CreateExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - comment + Security_Exceptions_API_CreateExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment + type: array + Security_Exceptions_API_CreateRuleExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - comment + Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment + type: array + Security_Exceptions_API_CreateRuleExceptionListItemProps: + type: object + properties: + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time type: string + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + default: [] + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: + - type - name - Fleet_output_create_request_kafka: - title: kafka + - description + - entries + Security_Exceptions_API_ExceptionList: type: object properties: - auth_type: + _version: type: string - broker_timeout: - type: number - ca_sha256: + created_at: + format: date-time type: string - ca_trusted_fingerprint: + created_by: type: string - client_id: + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + immutable: + type: boolean + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' + tie_breaker_id: type: string - compression: + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' + updated_at: + format: date-time type: string - compression_level: - type: number - config: - type: object - config_yaml: + updated_by: type: string - connection_type: - enum: - - plaintext - - encryption + version: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' + required: + - id + - list_id + - type + - name + - description + - immutable + - namespace_type + - version + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Exceptions_API_ExceptionListDescription: + type: string + Security_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + Security_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItem: + type: object + properties: + _version: type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: - type: string - type: array - id: + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray + created_at: + format: date-time type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: + created_by: + type: string + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time type: string + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + tie_breaker_id: type: string - partition: + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' + updated_at: + format: date-time type: string - password: + updated_by: type: string - proxy_id: + required: + - id + - item_id + - list_id + - type + - name + - description + - entries + - namespace_type + - comments + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Exceptions_API_ExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + created_at: + format: date-time type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: - type: string - secrets: - type: object - properties: - password: - type: string - ssl: - type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - none - - full - - certificate - - strict - type: string - timeout: - type: number - topic: + created_by: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + id: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + updated_at: + format: date-time type: string - topics: - deprecated: true - description: Use topic instead. - items: - type: object - properties: - topic: - type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string - type: array + updated_by: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - id + - comment + - created_at + - created_by + Security_Exceptions_API_ExceptionListItemCommentArray: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' + type: array + Security_Exceptions_API_ExceptionListItemDescription: + type: string + Security_Exceptions_API_ExceptionListItemEntry: + anyOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard + discriminator: + propertyName: type + Security_Exceptions_API_ExceptionListItemEntryArray: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry' + type: array + Security_Exceptions_API_ExceptionListItemEntryExists: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - exists + type: string + required: + - type + - field + - operator + Security_Exceptions_API_ExceptionListItemEntryList: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + list: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Exceptions_API_ListType' + required: + - id + - type + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - - kafka - type: string - username: - type: string - version: + - list type: string required: - - name - type - - topics - - auth_type - - hosts - Fleet_output_create_request_logstash: - title: logstash + - field + - list + - operator + Security_Exceptions_API_ExceptionListItemEntryMatch: type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match type: string - config: - type: object - config_yaml: + value: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Exceptions_API_ExceptionListItemEntryMatchAny: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match_any type: string - hosts: + value: items: - type: string + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + minItems: 1 type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - type: string - secrets: - type: object - properties: - ssl: - type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string + required: + - type + - field + - value + - operator + Security_Exceptions_API_ExceptionListItemEntryMatchWildcard: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator type: enum: - - logstash + - wildcard type: string + value: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - - name - - hosts - type - Fleet_output_create_request_remote_elasticsearch: - title: remote_elasticsearch + - field + - value + - operator + Security_Exceptions_API_ExceptionListItemEntryNested: type: object properties: - hosts: + entries: items: - type: string + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem + minItems: 1 type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - secrets: - type: object - properties: - service_token: - type: string - service_token: - type: string + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' type: enum: - - remote_elasticsearch + - nested type: string required: - - name - Fleet_output_update_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_update_request_kafka' - logstash: '#/components/schemas/Fleet_output_update_request_logstash' - propertyName: type + - type + - field + - entries + Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: oneOf: - - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_update_request_kafka' - - $ref: '#/components/schemas/Fleet_output_update_request_logstash' - title: Output - Fleet_output_update_request_elasticsearch: - title: elasticsearch + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + Security_Exceptions_API_ExceptionListItemEntryOperator: + enum: + - excluded + - included + type: string + Security_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemMeta: + additionalProperties: true + type: object + Security_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemOsTypeArray: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' + type: array + Security_Exceptions_API_ExceptionListItemTags: + items: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + type: array + Security_Exceptions_API_ExceptionListItemType: + enum: + - simple + type: string + Security_Exceptions_API_ExceptionListMeta: + additionalProperties: true + type: object + Security_Exceptions_API_ExceptionListName: + type: string + Security_Exceptions_API_ExceptionListOsType: + enum: + - linux + - macos + - windows + type: string + Security_Exceptions_API_ExceptionListOsTypeArray: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' + type: array + Security_Exceptions_API_ExceptionListsImportBulkError: type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: + error: type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array + properties: + message: + type: string + status_code: + type: integer + required: + - status_code + - message id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + required: + - error + Security_Exceptions_API_ExceptionListsImportBulkErrorArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError + type: array + Security_Exceptions_API_ExceptionListTags: + items: + type: string + type: array + Security_Exceptions_API_ExceptionListType: + enum: + - detection + - rule_default + - endpoint + - endpoint_trusted_apps + - endpoint_events + - endpoint_host_isolation_exceptions + - endpoint_blocklists + type: string + Security_Exceptions_API_ExceptionListVersion: + minimum: 1 + type: integer + Security_Exceptions_API_ExceptionNamespaceType: + description: > + Determines whether the exception container is available in all Kibana + spaces or just the space + + in which it is created, where: + + + - `single`: Only available in the Kibana space in which it is created. + + - `agnostic`: Available in all Kibana spaces. + enum: + - agnostic + - single + type: string + Security_Exceptions_API_FindExceptionListItemsFilter: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_FindExceptionListsFilter: + type: string + Security_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ListType: + enum: + - binary + - boolean + - byte + - date + - date_nanos + - date_range + - double + - double_range + - float + - float_range + - geo_point + - geo_shape + - half_float + - integer + - integer_range + - ip + - ip_range + - keyword + - long + - long_range + - shape + - short + - text + type: string + Security_Exceptions_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Exceptions_API_PlatformErrorResponse: + type: object + properties: + error: type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: + message: type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - type: - enum: - - elasticsearch + statusCode: + type: integer + required: + - statusCode + - error + - message + Security_Exceptions_API_RuleId: + $ref: '#/components/schemas/Security_Exceptions_API_UUID' + Security_Exceptions_API_SiemErrorResponse: + type: object + properties: + message: type: string + status_code: + type: integer required: - - name - - hosts - - type - Fleet_output_update_request_kafka: - title: kafka + - status_code + - message + Security_Exceptions_API_UpdateExceptionListItemComment: type: object properties: - auth_type: - type: string - broker_timeout: - type: number - ca_sha256: - type: string - ca_trusted_fingerprint: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + id: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - comment + Security_Exceptions_API_UpdateExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment + type: array + Security_Exceptions_API_UUID: + description: A universally unique identifier + format: uuid + type: string + Security_Lists_API_FindListItemsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListItemsFilter: + type: string + Security_Lists_API_FindListsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListsFilter: + type: string + Security_Lists_API_List: + type: object + properties: + _version: type: string - client_id: + '@timestamp': + format: date-time type: string - compression: + created_at: + format: date-time type: string - compression_level: - type: number - config: - type: object - config_yaml: + created_by: type: string - connection_type: - enum: - - plaintext - - encryption + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: - type: string - type: array id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: + $ref: '#/components/schemas/Security_Lists_API_ListId' + immutable: type: boolean - key: - type: string + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: type: string - partition: - type: string - password: - type: string - proxy_id: - type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - none - - full - - certificate - - strict - type: string - timeout: - type: number - topic: + tie_breaker_id: type: string - topics: - deprecated: true - description: Use topic instead. - items: - type: object - properties: - topic: - type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string - type: array type: - enum: - - kafka + $ref: '#/components/schemas/Security_Lists_API_ListType' + updated_at: + format: date-time type: string - username: + updated_by: type: string version: - type: string + minimum: 1 + type: integer required: + - id + - type - name - Fleet_output_update_request_logstash: - title: logstash + - description + - immutable + - version + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Lists_API_ListDescription: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItem: type: object properties: - ca_sha256: + _version: type: string - ca_trusted_fingerprint: + '@timestamp': + format: date-time type: string - config: - type: object - config_yaml: + created_at: + format: date-time + type: string + created_by: + type: string + deserializer: type: string - hosts: - items: - type: string - type: array id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + serializer: type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: + tie_breaker_id: type: string - proxy_id: + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + updated_at: + format: date-time type: string - shipper: + updated_by: + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - type + - list_id + - value + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Lists_API_ListItemId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItemMetadata: + additionalProperties: true + type: object + Security_Lists_API_ListItemPrivileges: + type: object + properties: + application: + additionalProperties: + type: boolean type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: + cluster: + additionalProperties: + type: boolean + type: object + has_all_requested: + type: boolean + index: + additionalProperties: + additionalProperties: type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: + type: object + type: object + username: + type: string + required: + - username + - has_all_requested + - cluster + - index + - application + Security_Lists_API_ListItemValue: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListMetadata: + additionalProperties: true + type: object + Security_Lists_API_ListName: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListPrivileges: + type: object + properties: + application: + additionalProperties: + type: boolean + type: object + cluster: + additionalProperties: + type: boolean + type: object + has_all_requested: + type: boolean + index: + additionalProperties: + additionalProperties: type: boolean - ssl: + type: object type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - type: - enum: - - logstash + username: + type: string + required: + - username + - has_all_requested + - cluster + - index + - application + Security_Lists_API_ListType: + enum: + - binary + - boolean + - byte + - date + - date_nanos + - date_range + - double + - double_range + - float + - float_range + - geo_point + - geo_shape + - half_float + - integer + - integer_range + - ip + - ip_range + - keyword + - long + - long_range + - shape + - short + - text + type: string + Security_Lists_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Lists_API_PlatformErrorResponse: + type: object + properties: + error: type: string + message: + type: string + statusCode: + type: integer required: - - name - Fleet_package_info: - title: Package information + - statusCode + - error + - message + Security_Lists_API_SiemErrorResponse: type: object properties: - assets: + message: + type: string + status_code: + type: integer + required: + - status_code + - message + Security_Osquery_API_ArrayQueries: + items: + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueriesItem' + type: array + Security_Osquery_API_ArrayQueriesItem: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_Id' + platform: + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_Query' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_CreateLiveQueryRequestBody: + type: object + properties: + agent_all: + type: boolean + agent_ids: items: type: string type: array - categories: + agent_platforms: items: type: string type: array - conditions: - type: object - properties: - elasticsearch: - type: object - properties: - subscription: - enum: - - basic - - gold - - platinum - - enterprise - type: string - kibana: - type: object - properties: - versions: - type: string - data_streams: + agent_policy_ids: items: - type: object - properties: - ingeset_pipeline: - type: string - name: - type: string - package: - type: string - release: - type: string - title: - type: string - type: - type: string - vars: - items: - type: object - properties: - default: - type: string - name: - type: string - required: - - name - - default - type: array - required: - - title - - name - - release - - ingeset_pipeline - - type - - package + type: string type: array - description: - type: string - download: - type: string - elasticsearch: - type: object - properties: - privileges: - type: object - properties: - cluster: - items: - type: string - type: array - format_version: - type: string - icons: + alert_ids: items: type: string type: array - internal: - type: boolean + case_ids: + items: + type: string + type: array + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + event_ids: + items: + type: string + type: array + metadata: + nullable: true + type: object + pack_id: + $ref: '#/components/schemas/Security_Osquery_API_PackIdOrUndefined' + queries: + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueries' + query: + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' + saved_query_id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' + Security_Osquery_API_CreatePacksRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + enabled: + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' name: + $ref: '#/components/schemas/Security_Osquery_API_PackName' + policy_ids: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' + queries: + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' + shards: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_CreateSavedQueryRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + interval: + $ref: '#/components/schemas/Security_Osquery_API_Interval' + platform: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_DefaultSuccessResponse: + type: object + properties: {} + Security_Osquery_API_Description: + type: string + Security_Osquery_API_DescriptionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Description' + nullable: true + Security_Osquery_API_ECSMapping: + additionalProperties: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem' + type: object + Security_Osquery_API_ECSMappingItem: + type: object + properties: + field: type: string - path: + value: + oneOf: + - type: string + - items: + type: string + type: array + Security_Osquery_API_ECSMappingOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' + nullable: true + Security_Osquery_API_Enabled: + type: boolean + Security_Osquery_API_EnabledOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Enabled' + nullable: true + Security_Osquery_API_FindLiveQueryRequestQuery: + type: object + properties: + kuery: + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindPacksRequestQuery: + type: object + properties: + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindSavedQueryRequestQuery: + type: object + properties: + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_GetLiveQueryResultsRequestQuery: + type: object + properties: + kuery: + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_Id: + type: string + Security_Osquery_API_Interval: + type: string + Security_Osquery_API_IntervalOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Interval' + nullable: true + Security_Osquery_API_KueryOrUndefined: + nullable: true + type: string + Security_Osquery_API_ObjectQueries: + additionalProperties: + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueriesItem' + type: object + Security_Osquery_API_ObjectQueriesItem: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_Id' + platform: + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_Query' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + saved_query_id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_PackId: + type: string + Security_Osquery_API_PackIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + nullable: true + Security_Osquery_API_PackName: + type: string + Security_Osquery_API_PageOrUndefined: + nullable: true + type: integer + Security_Osquery_API_PageSizeOrUndefined: + nullable: true + type: integer + Security_Osquery_API_Platform: + type: string + Security_Osquery_API_PlatformOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Platform' + nullable: true + Security_Osquery_API_PolicyIds: + items: + type: string + type: array + Security_Osquery_API_PolicyIdsOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIds' + nullable: true + Security_Osquery_API_Query: + type: string + Security_Osquery_API_QueryOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Query' + nullable: true + Security_Osquery_API_Removed: + type: boolean + Security_Osquery_API_RemovedOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Removed' + nullable: true + Security_Osquery_API_SavedQueryId: + type: string + Security_Osquery_API_SavedQueryIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + nullable: true + Security_Osquery_API_Shards: + additionalProperties: + type: number + type: object + Security_Osquery_API_Snapshot: + type: boolean + Security_Osquery_API_SnapshotOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Snapshot' + nullable: true + Security_Osquery_API_SortOrderOrUndefined: + oneOf: + - nullable: true type: string - readme: + - enum: + - asc + - desc + Security_Osquery_API_SortOrUndefined: + nullable: true + type: string + Security_Osquery_API_UpdatePacksRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + enabled: + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + policy_ids: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' + queries: + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' + shards: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_UpdateSavedQueryRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + interval: + $ref: '#/components/schemas/Security_Osquery_API_IntervalOrUndefined' + platform: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_Version: + type: string + Security_Osquery_API_VersionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Version' + nullable: true + Security_Timeline_API_BareNote: + type: object + properties: + created: + nullable: true + type: number + createdBy: + nullable: true type: string - release: - deprecated: true - description: >- - release label is deprecated, derive from the version instead - (packages follow semver) - enum: - - experimental - - beta - - ga + eventId: + nullable: true type: string - screenshots: - items: - type: object - properties: - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - - path - type: array - source: - type: object - properties: - license: - enum: - - Apache-2.0 - - Elastic-2.0 - type: string - title: + note: + nullable: true + type: string + timelineId: + type: string + updated: + nullable: true + type: number + updatedBy: + nullable: true + type: string + required: + - timelineId + Security_Timeline_API_BarePinnedEvent: + type: object + properties: + created: + nullable: true + type: number + createdBy: + nullable: true type: string - type: + eventId: type: string - version: + timelineId: + type: string + updated: + nullable: true + type: number + updatedBy: + nullable: true type: string required: - - name - - title - - version - - description - - type - - categories - - conditions - - assets - - format_version - - download - - path - Fleet_package_policy: - allOf: - - type: object - properties: - id: - type: string - inputs: - oneOf: - - items: {} - type: array - - type: object - revision: - type: number - required: - - id - - revision - - $ref: '#/components/schemas/Fleet_new_package_policy' - title: Package policy - Fleet_package_policy_request: - title: Package Policy Request + - eventId + - timelineId + Security_Timeline_API_ColumnHeaderResult: type: object properties: - description: - description: Package policy description - example: my description - type: string - force: - description: >- - Force package policy creation even if package is not verified, or if - the agent policy is managed. + aggregatable: + nullable: true type: boolean - id: - description: Package policy unique identifier - type: string - inputs: - additionalProperties: - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - description: >- - Stream level variable (see integration documentation for - more information) - type: object - description: >- - Input streams (see integration documentation to know what - streams are available) - type: object - vars: - description: >- - Input level variable (see integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration documentation to know what - inputs are available) - example: - nginx-logfile: - enabled: true - streams: - nginx.access: - enabled: true - vars: - ignore_older: 72h - paths: - - /var/log/nginx/access.log* - preserve_original_event: false - tags: - - nginx-access - type: object - name: - description: Package policy name (should be unique) - example: nginx-123 + category: + nullable: true type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the agent - policy's namespace. - example: customnamespace + columnHeaderType: + nullable: true type: string - output_id: - description: Output ID to send package data to - example: output-id + description: nullable: true type: string - overrides: - description: >- - Override settings that are defined in the package policy. The - override option should be used only in unusual circumstances and not - as a routine procedure. + example: nullable: true - type: object - properties: - inputs: - type: object - package: - type: object - properties: - name: - description: Package name - example: nginx - type: string - version: - description: Package version - example: 1.6.0 - type: string - required: - - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - example: agent-policy-id + type: string + id: nullable: true type: string - policy_ids: - description: Agent policy IDs where that package policy will be added - example: - - agent-policy-id + indexes: items: type: string + nullable: true type: array - vars: - description: >- - Package root level variable (see integration documentation for more - information) - type: object - required: - - name - - package - Fleet_package_usage_stats: - title: Package usage stats - type: object - properties: - agent_policy_count: - type: integer - required: - - agent_policy_count - Fleet_proxies: - title: Fleet Proxy + name: + nullable: true + type: string + placeholder: + nullable: true + type: string + searchable: + nullable: true + type: boolean + type: + nullable: true + type: string + Security_Timeline_API_DataProviderQueryMatch: type: object properties: - certificate: + enabled: + nullable: true + type: boolean + excluded: + nullable: true + type: boolean + id: + nullable: true type: string - certificate_authorities: + kqlQuery: + nullable: true type: string - certificate_key: + name: + nullable: true type: string + queryMatch: + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' + nullable: true + type: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' + nullable: true + Security_Timeline_API_DataProviderResult: + type: object + properties: + and: + items: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderQueryMatch' + nullable: true + type: array + enabled: + nullable: true + type: boolean + excluded: + nullable: true + type: boolean id: + nullable: true type: string - name: + kqlQuery: + nullable: true type: string - proxy_headers: - type: object - url: + name: + nullable: true type: string - required: - - name - - url - Fleet_saved_object_type: + queryMatch: + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' + nullable: true + type: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' + nullable: true + Security_Timeline_API_DataProviderType: + description: >- + The type of data provider to create. Valid values are `default` and + `template`. + enum: + - default + - template + type: string + Security_Timeline_API_DocumentIds: oneOf: - - enum: - - dashboard - - visualization - - search - - index_pattern - - map - - lens - - security_rule - - csp_rule_template - - ml_module - - tag - - osquery_pack_asset - - osquery_saved_query + - items: + type: string + type: array + - type: string + Security_Timeline_API_FavoriteTimelineResponse: + type: object + properties: + code: + nullable: true + type: number + favorite: + items: + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' + type: array + message: + nullable: true type: string - - enum: - - index - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - - ml_model + savedObjectId: + type: string + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + version: type: string - title: Saved Object type - Fleet_search_result: - title: Search result + required: + - savedObjectId + - version + Security_Timeline_API_FavoriteTimelineResult: type: object properties: - description: - type: string - download: + favoriteDate: + nullable: true + type: number + fullName: + nullable: true type: string - icons: + userName: + nullable: true type: string - installationInfo: - $ref: '#/components/schemas/Fleet_installation_info' - name: + Security_Timeline_API_FilterTimelineResult: + type: object + properties: + exists: + nullable: true type: string - path: + match_all: + nullable: true type: string - savedObject: - deprecated: true + meta: + nullable: true type: object - status: + properties: + alias: + nullable: true + type: string + controlledBy: + nullable: true + type: string + disabled: + nullable: true + type: boolean + field: + nullable: true + type: string + formattedValue: + nullable: true + type: string + index: + nullable: true + type: string + key: + nullable: true + type: string + negate: + nullable: true + type: boolean + params: + nullable: true + type: string + type: + nullable: true + type: string + value: + nullable: true + type: string + missing: + nullable: true type: string - title: + query: + nullable: true type: string - type: + range: + nullable: true type: string - version: + script: + nullable: true type: string - required: - - description - - download - - icons - - name - - path - - title - - type - - version - - status - Fleet_settings: - title: Settings + Security_Timeline_API_GetNotesResult: type: object properties: - fleet_server_hosts: - deprecated: true + notes: items: - type: string + $ref: '#/components/schemas/Security_Timeline_API_Note' type: array - has_seen_add_data_notice: - type: boolean - id: - type: string - prerelease_integrations_enabled: - type: boolean + totalCount: + type: number required: - - fleet_server_hosts - - id - Fleet_upgrade_agent: - title: Upgrade agent + - totalCount + - notes + Security_Timeline_API_ImportTimelineResult: type: object properties: - force: - description: Force upgrade, skipping validation (should be used with caution) - type: boolean - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: - type: string - version: - type: string - required: - - version - Fleet_upgrade_agent_diff: - items: - items: - $ref: '#/components/schemas/Fleet_full_agent_policy_input' - type: array - title: Package policy Upgrade dryrun - type: array - Fleet_upgrade_diff: - items: - allOf: - - $ref: '#/components/schemas/Fleet_package_policy' - - allOf: - - $ref: '#/components/schemas/Fleet_new_package_policy' - - type: object - properties: - errors: - items: - type: object - properties: - key: - type: string - message: - type: string - type: array - missingVars: - items: - type: string - type: array + errors: + items: type: object - title: Package policy Upgrade dryrun - type: array - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. + properties: + error: + type: object + properties: + message: + type: string + status_code: + type: number + id: + type: string + type: array + success: + type: boolean + success_count: + type: number + timelines_installed: + type: number + timelines_updated: + type: number + Security_Timeline_API_ImportTimelines: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - type: object + properties: + eventNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + globalNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + savedObjectId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - savedObjectId + - version + - pinnedEventIds + - eventNotes + - globalNotes + Security_Timeline_API_Note: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_BareNote' + - type: object + properties: + noteId: + type: string + version: + type: string + required: + - noteId + - version + Security_Timeline_API_PersistPinnedEventResponse: + oneOf: + - allOf: + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + - $ref: >- + #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody + - nullable: true + type: object + Security_Timeline_API_PersistTimelineResponse: type: object properties: - status: - additionalProperties: false + data: type: object properties: - overall: - additionalProperties: false + persistTimeline: type: object properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string + timeline: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' required: - - level + - timeline required: - - overall + - persistTimeline required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. + - data + Security_Timeline_API_PinnedEvent: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' + - type: object + properties: + pinnedEventId: + type: string + version: + type: string + required: + - pinnedEventId + - version + Security_Timeline_API_PinnedEventBaseResponseBody: + type: object + properties: + code: + type: number + message: + type: string + required: + - code + Security_Timeline_API_QueryMatchResult: + type: object + properties: + displayField: + nullable: true + type: string + displayValue: + nullable: true + type: string + field: + nullable: true + type: string + operator: + nullable: true + type: string + value: + oneOf: + - nullable: true + type: string + - items: + type: string + nullable: true + type: array + Security_Timeline_API_ResolvedTimeline: + type: object + properties: + alias_purpose: + $ref: >- + #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose + alias_target_id: + type: string + outcome: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome' + timeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + required: + - timeline + - outcome + Security_Timeline_API_ResponseNote: + type: object + properties: + code: + type: number + message: + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_Note' + required: + - code + - message + - note + Security_Timeline_API_RowRendererId: + enum: + - alert + - alerts + - auditd + - auditd_file + - library + - netflow + - plain + - registry + - suricata + - system + - system_dns + - system_endgame_process + - system_file + - system_fim + - system_security_event + - system_socket + - threat_match + - zeek + type: string + Security_Timeline_API_SavedObjectIds: + oneOf: + - items: + type: string + type: array + - type: string + Security_Timeline_API_SavedObjectResolveAliasPurpose: + enum: + - savedObjectConversion + - savedObjectImport + type: string + Security_Timeline_API_SavedObjectResolveOutcome: + enum: + - exactMatch + - aliasMatch + - conflict + type: string + Security_Timeline_API_SavedTimeline: type: object properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. + columns: + items: + $ref: '#/components/schemas/Security_Timeline_API_ColumnHeaderResult' + nullable: true + type: array + created: + nullable: true + type: number + createdBy: + nullable: true type: string - status: - additionalProperties: false + dataProviders: + items: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderResult' + nullable: true + type: array + dataViewId: + nullable: true + type: string + dateRange: + nullable: true type: object properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical + end: + oneOf: + - nullable: true type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. + - nullable: true + type: number + start: + oneOf: + - nullable: true type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object - required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. + - nullable: true + type: number + description: + nullable: true type: string - version: - additionalProperties: false + eqlOptions: + nullable: true type: object properties: - build_date: - description: The date and time of this build. + eventCategoryField: + nullable: true type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional + query: + nullable: true type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. + size: + oneOf: + - nullable: true + type: string + - nullable: true + type: number + tiebreakerField: + nullable: true + type: string + timestampField: + nullable: true + type: string + eventType: + nullable: true + type: string + excludedRowRendererIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_RowRendererId' + nullable: true + type: array + favorite: + items: + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' + nullable: true + type: array + filters: + items: + $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult' + nullable: true + type: array + indexNames: + items: + type: string + nullable: true + type: array + kqlMode: + nullable: true + type: string + kqlQuery: + $ref: >- + #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult + nullable: true + savedQueryId: + nullable: true + type: string + savedSearchId: + nullable: true + type: string + sort: + $ref: '#/components/schemas/Security_Timeline_API_Sort' + nullable: true + status: + enum: + - active + - draft + - immutable + nullable: true + type: string + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + title: + nullable: true + type: string + updated: + nullable: true + type: number + updatedBy: + nullable: true + type: string + Security_Timeline_API_SavedTimelineWithSavedObjectId: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - type: object + properties: + savedObjectId: type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. + version: type: string required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date - required: - - name - - uuid - - version - - status - - metrics - Machine_learning_APIs_mlSync200Response: + - savedObjectId + - version + Security_Timeline_API_SerializedFilterQueryResult: + type: object properties: - datafeedsAdded: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. - type: object - datafeedsRemoved: - additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. + filterQuery: + nullable: true type: object - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - title: Successful sync API response + properties: + kuery: + nullable: true + type: object + properties: + expression: + nullable: true + type: string + kind: + nullable: true + type: string + serializedQuery: + nullable: true + type: string + Security_Timeline_API_Sort: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SortObject' + - items: + $ref: '#/components/schemas/Security_Timeline_API_SortObject' + type: array + Security_Timeline_API_SortFieldTimeline: + description: The field to sort the timelines by. + enum: + - title + - description + - updated + - created + type: string + Security_Timeline_API_SortObject: type: object - Machine_learning_APIs_mlSync4xxResponse: properties: - error: - example: Unauthorized + columnId: + nullable: true type: string - message: + columnType: + nullable: true type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful sync API response - type: object - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for anomaly detection jobs - type: object - Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for datafeeds - type: object - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for data frame analytics jobs - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: If saved objects are missing for trained models, they are created. - type: object - title: Sync API response for created saved objects - type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: + sortDirection: + nullable: true + type: string + Security_Timeline_API_TimelineResponse: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - $ref: >- + #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId + - type: object + properties: + eventIdToNoteIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + items: + type: string + nullable: true + type: array + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + Security_Timeline_API_TimelineSavedToReturnObject: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - type: object + properties: + eventIdToNoteIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + items: + type: string + nullable: true + type: array + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + savedObjectId: + type: string + version: + type: string + required: + - savedObjectId + - version + Security_Timeline_API_TimelineStatus: description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. - properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - type: object - title: Sync API response for deleted saved objects - type: object - Machine_learning_APIs_mlSyncResponseSuccess: - description: The success or failure of the synchronization. - type: boolean - Machine_learning_APIs_mlSyncResponseTrainedModels: + The status of the timeline. Valid values are `active`, `draft`, and + `immutable`. + enum: + - active + - draft + - immutable + type: string + Security_Timeline_API_TimelineType: description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. - properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for trained models - type: object + The type of timeline to create. Valid values are `default` and + `template`. + enum: + - default + - template + type: string Serverless_saved_objects_400_response: title: Bad request type: object @@ -16682,6 +33500,44 @@ tags: permanently breaks future Kibana versions. name: saved objects x-displayName: Saved objects + - description: Manage and interact with Security Assistant resources. + name: Security AI Assistant API + x-displayName: Security AI assistant + - description: >- + You can create rules that automatically turn events and external alerts + sent to Elastic Security into detection alerts. These alerts are displayed + on the Detections page. + name: Security Detections API + x-displayName: Security detections + - description: >- + Endpoint Exceptions API allows you to manage detection rule endpoint + exceptions to prevent a rule from generating an alert from incoming events + even when the rule's other criteria are met. + name: Security Endpoint Exceptions API + x-displayName: Security endpoint exceptions + - description: Interact with and manage endpoints running the Elastic Defend integration. + name: Security Endpoint Management API + x-displayName: Security endpoint management + - description: '' + name: Security Entity Analytics API + x-displayName: Security entity analytics + - description: >- + Exceptions API allows you to manage detection rule exceptions to prevent a + rule from generating an alert from incoming events even when the rule's + other criteria are met. + name: Security Exceptions API + x-displayName: Security exceptions + - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + name: Security Lists API + x-displayName: Security lists + - description: Run live queries, manage packs and saved queries. + name: Security Osquery API + x-displayName: Security Osquery + - description: >- + You can create Timelines and Timeline templates via the API, as well as + import new Timelines from an ndjson file. + name: Security Timeline API + x-displayName: Security timeline - description: SLO APIs enable you to define, manage and track service-level objectives name: slo - name: spaces diff --git a/oas_docs/output/kibana.staging.yaml b/oas_docs/output/kibana.staging.yaml index 3114d0bb7622..91c28d6ec938 100644 --- a/oas_docs/output/kibana.staging.yaml +++ b/oas_docs/output/kibana.staging.yaml @@ -42240,33 +42240,42 @@ tags: x-displayName: Saved objects - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API + x-displayName: Security AI assistant - description: >- You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. name: Security Detections API + x-displayName: Security detections - description: >- Endpoint Exceptions API allows you to manage detection rule endpoint exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. name: Security Endpoint Exceptions API + x-displayName: Security endpoint exceptions - description: Interact with and manage endpoints running the Elastic Defend integration. name: Security Endpoint Management API + x-displayName: Security endpoint management - description: '' name: Security Entity Analytics API + x-displayName: Security entity analytics - description: >- Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met. name: Security Exceptions API + x-displayName: Security exceptions - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. name: Security Lists API + x-displayName: Security lists - description: Run live queries, manage packs and saved queries. name: Security Osquery API + x-displayName: Security Osquery - description: >- You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. name: Security Timeline API + x-displayName: Security timeline - description: SLO APIs enable you to define, manage and track service-level objectives name: slo - name: spaces diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml index da28a9a3ade6..91c28d6ec938 100644 --- a/oas_docs/output/kibana.yaml +++ b/oas_docs/output/kibana.yaml @@ -6578,6 +6578,270 @@ paths: summary: Search for annotations tags: - APM annotations + /api/asset_criticality: + delete: + description: Delete the asset criticality record for a specific entity. + operationId: DeleteAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + - description: If 'wait_for' the request will wait for the index refresh. + in: query + name: refresh + required: false + schema: + enum: + - wait_for + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + deleted: + description: >- + True if the record was deleted or false if the record did + not exist. + type: boolean + record: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: The deleted record if it existed. + required: + - deleted + description: Successful response + '400': + description: Invalid request + summary: Delete an asset criticality record + tags: + - Security Entity Analytics API + get: + description: Get the asset criticality record for a specific entity. + operationId: GetAssetCriticalityRecord + parameters: + - description: The ID value of the asset. + in: query + name: id_value + required: true + schema: + type: string + - description: The field representing the ID. + example: host.name + in: query + name: id_field + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + '404': + description: Criticality record not found + summary: Get an asset criticality record + tags: + - Security Entity Analytics API + post: + description: > + Create or update an asset criticality record for a specific entity. + + + If a record already exists for the specified entity, that record is + overwritten with the specified value. If a record doesn't exist for the + specified entity, a new record is created. + operationId: CreateAssetCriticalityRecord + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - type: object + properties: + refresh: + description: >- + If 'wait_for' the request will wait for the index + refresh. + enum: + - wait_for + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + description: Successful response + '400': + description: Invalid request + summary: Upsert an asset criticality record + tags: + - Security Entity Analytics API + /api/asset_criticality/bulk: + post: + description: > + Bulk upsert up to 1000 asset criticality records. + + + If asset criticality records already exist for the specified entities, + those records are overwritten with the specified values. If asset + criticality records don't exist for the specified entities, new records + are created. + operationId: BulkUpsertAssetCriticalityRecords + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + example: + records: + - criticality_level: low_impact + id_field: host.name + id_value: host-1 + - criticality_level: medium_impact + id_field: host.name + id_value: host-2 + type: object + properties: + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + maxItems: 1000 + minItems: 1 + type: array + required: + - records + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + example: + errors: + - index: 0 + message: Invalid ID field + stats: + failed: 1 + successful: 1 + total: 2 + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem + type: array + stats: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats + required: + - errors + - stats + description: Bulk upload successful + '413': + description: File too large + summary: Bulk upsert asset criticality records + tags: + - Security Entity Analytics API + /api/asset_criticality/list: + get: + description: List asset criticality records, paging, sorting and filtering as needed. + operationId: FindAssetCriticalityRecords + parameters: + - description: The field to sort by. + in: query + name: sort_field + required: false + schema: + enum: + - id_value + - id_field + - criticality_level + - \@timestamp + type: string + - description: The order to sort by. + in: query + name: sort_direction + required: false + schema: + enum: + - asc + - desc + type: string + - description: The page number to return. + in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - description: The number of records to return per page. + in: query + name: per_page + required: false + schema: + maximum: 1000 + minimum: 1 + type: integer + - description: The kuery to filter by. + in: query + name: kuery + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecord + type: array + total: + minimum: 0 + type: integer + required: + - records + - page + - per_page + - total + description: Bulk upload successful + summary: List asset criticality records + tags: + - Security Entity Analytics API /api/cases: delete: description: > @@ -8444,102 +8708,52 @@ paths: summary: Preview a saved object reference swap tags: - data views - /api/encrypted_saved_objects/_rotate_key: - post: - description: > - Superuser role required. - - - If a saved object cannot be decrypted using the primary encryption key, - then Kibana will attempt to decrypt it using the specified - decryption-only keys. In most of the cases this overhead is negligible, - but if you're dealing with a large number of saved objects and - experiencing performance issues, you may want to rotate the encryption - key. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: rotateEncryptionKey - parameters: - - description: > - Specifies a maximum number of saved objects that Kibana can process - in a single batch. Bulk key rotation is an iterative process since - Kibana may not be able to fetch and process all required saved - objects in one go and splits processing into consequent batches. By - default, the batch size is 10000, which is also a maximum allowed - value. - in: query - name: batch_size - required: false - schema: - default: 10000 - type: number - - description: > - Limits encryption key rotation only to the saved objects with the - specified type. By default, Kibana tries to rotate the encryption - key for all saved object types that may contain encrypted - attributes. - in: query - name: type - required: false - schema: - type: string + /api/detection_engine/index: + delete: + operationId: DeleteAlertsIndex responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - rotateEncryptionKeyResponse: - $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: type: object properties: - failed: - description: > - Indicates the number of the saved objects that were still - encrypted with one of the old encryption keys that Kibana - failed to re-encrypt with the primary key. - type: number - successful: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - - - NOTE: In most cases, `total` will be greater than - `successful` even if `failed` is zero. The reason is that - Kibana may not need or may not be able to rotate - encryption keys for all encrypted saved objects. - type: number - total: - description: > - Indicates the total number of all encrypted saved objects - (optionally filtered by the requested `type`), regardless - of the key Kibana used for encryption. - type: number - description: Indicates a successful call. - '400': + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - '429': + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Already in progress. - summary: Rotate a key for encrypted saved objects + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Not enough permissions response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: string + description: Index does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Delete an alerts index tags: - - saved objects - /api/fleet/agent_download_sources: + - Security Detections API + - Alert index API get: - operationId: get-download-sources + operationId: ReadAlertsIndex responses: '200': content: @@ -8547,62 +8761,46 @@ paths: schema: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_download_sources' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent binary download sources - tags: - - Elastic Agent binary download sources - post: - operationId: post-download-sources - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - type: string - id: - type: string - is_default: - type: boolean - name: - type: string - required: - - name - - host - - is_default - responses: - '200': + index_mapping_outdated: + nullable: true + type: boolean + name: + type: string + required: + - name + - index_mapping_outdated + description: Successful response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent binary download source + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Not enough permissions response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Reads the alert index name if it exists tags: - - Elastic Agent binary download sources - /api/fleet/agent_download_sources/{sourceId}: - delete: - operationId: delete-download-source - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Detections API + - Alert index API + post: + operationId: CreateAlertsIndex responses: '200': content: @@ -8610,18 +8808,52 @@ paths: schema: type: object properties: - id: - type: string + acknowledged: + type: boolean required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent binary download source by ID + - acknowledged + description: Successful response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Not enough permissions response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Create an alerts index tags: - - Elastic Agent binary download sources + - Security Detections API + - Alert index API + /api/detection_engine/privileges: get: - operationId: get-one-download-source + description: > + Retrieves whether or not the user is authenticated, and the user's + Kibana + + space and index privileges, which determine if the user can create an + + index for the Elastic Security alerts generated by + + detection engine rules. + operationId: ReadPrivileges responses: '200': content: @@ -8629,602 +8861,511 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' + has_encryption_key: + type: boolean + is_authenticated: + type: boolean required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent binary download source by ID + - is_authenticated + - has_encryption_key + description: Successful response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Returns user privileges for the Kibana space tags: - - Elastic Agent binary download sources - parameters: - - in: path - name: sourceId - required: true - schema: - type: string - put: - operationId: update-download-source + - Security Detections API + - Privileges API + /api/detection_engine/rules: + delete: + description: Delete a detection rule using the `rule_id` or `id` field. + operationId: DeleteRule parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host: - type: string - is_default: - type: boolean - name: - type: string - required: - - name - - is_default - - host + - description: The rule's `id` value. + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. + in: query + name: rule_id + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_download_sources' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent binary download source by ID + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Delete a detection rule tags: - - Elastic Agent binary download sources - /api/fleet/agent_policies: + - Security Detections API + - Rules API get: - description: '' - operationId: agent-policy-list + description: Retrieve a detection rule using the `rule_id` or `id` field. + operationId: ReadRule parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' - - description: >- - When set to true, retrieve the related package policies for each - agent policy. + - description: The rule's `id` value. in: query - name: full + name: id + required: false schema: - type: boolean - - description: >- - When set to true, do not count how many agents are in the agent - policy, this can improve performance if you are searching over a - large number of agent policies. The "agents" property will always be - 0 if set to true. + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + - description: The rule's `rule_id` value. in: query - name: noAgentCount + name: rule_id + required: false schema: - type: boolean + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - total - - page - - perPage - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent policies + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Retrieve a detection rule tags: - - Elastic Agent policies - post: - operationId: create-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Detections API + - Rules API + patch: + description: >- + Update specific fields of an existing detection rule using the `rule_id` + or `id` field. + operationId: PatchRule requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_agent_policy_create_request' + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent policy + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Patch a detection rule tags: - - Elastic Agent policies - /api/fleet/agent_policies/_bulk_get: + - Security Detections API + - Rules API post: - operationId: bulk-get-agent-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' + description: Create a new detection rule. + operationId: CreateRule requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - full: - description: get full policies with package policies populated - type: boolean - ids: - description: list of agent policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent_policy' - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get agent policies + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Create a detection rule tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}: - get: - description: Get one agent policy - operationId: agent-policy-info - parameters: [] + - Security Detections API + - Rules API + put: + description: > + Update a detection rule using the `rule_id` or `id` field. The original + rule is replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` or `rule_id` values. + operationId: UpdateRule + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent policy by ID + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + description: Indicates a successful call. + summary: Update a detection rule tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' - put: - operationId: update-agent-policy + - Security Detections API + - Rules API + /api/detection_engine/rules/_bulk_action: + post: + description: >- + Apply a bulk action, such as bulk edit, duplicate, or delete, to + multiple detection rules. The bulk action is applied to all rules that + match the query or to the rules listed by their IDs. + operationId: PerformRulesBulkAction parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Enables dry run mode for the request call. + in: query + name: dry_run + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_agent_policy_update_request' + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_BulkDeleteRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDisableRules + - $ref: '#/components/schemas/Security_Detections_API_BulkEnableRules' + - $ref: '#/components/schemas/Security_Detections_API_BulkExportRules' + - $ref: >- + #/components/schemas/Security_Detections_API_BulkDuplicateRules + - $ref: >- + #/components/schemas/Security_Detections_API_BulkManualRuleRun + - $ref: '#/components/schemas/Security_Detections_API_BulkEditRules' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionResponse + - $ref: >- + #/components/schemas/Security_Detections_API_BulkExportActionResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent policy by ID + summary: Apply a bulk action to detection rules tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/copy: - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - $ref: '#/components/parameters/Fleet_format' + - Security Detections API + - Bulk API + /api/detection_engine/rules/_bulk_create: post: - operationId: agent-policy-copy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + deprecated: true + description: Create new detection rules in bulk. + operationId: BulkCreateRules requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - description: - type: string - name: - type: string - required: - - name - description: '' + items: + $ref: '#/components/schemas/Security_Detections_API_RuleCreateProps' + type: array + description: A JSON array of rules, where each rule contains the required fields. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + $ref: >- + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + description: Indicates a successful call. + summary: Create multiple detection rules + tags: + - Security Detections API + - Bulk API + /api/detection_engine/rules/_bulk_delete: + delete: + deprecated: true + description: Delete detection rules in bulk. + operationId: BulkDeleteRules + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: type: object properties: - item: - $ref: '#/components/schemas/Fleet_agent_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Copy agent policy by ID - tags: - - Elastic Agent policies - /api/fleet/agent_policies/{agentPolicyId}/download: - get: - operationId: agent-policy-download + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + rule_id: + $ref: >- + #/components/schemas/Security_Detections_API_RuleSignatureId + type: array + description: >- + A JSON array of `id` or `rule_id` fields of the rules you want to + delete. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - type: string - description: OK + $ref: >- + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Download agent policy by ID - tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /api/fleet/agent_policies/{agentPolicyId}/full: - get: - operationId: agent-policy-full - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - oneOf: - - type: string - - $ref: '#/components/schemas/Fleet_agent_policy_full' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full agent policy by ID + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Delete multiple detection rules tags: - - Elastic Agent policies - parameters: - - in: path - name: agentPolicyId - required: true - schema: - type: string - - in: query - name: download - required: false - schema: - type: string - - in: query - name: standalone - required: false - schema: - type: string - - in: query - name: kubernetes - required: false - schema: - type: string - /api/fleet/agent_policies/delete: - parameters: [] + - Security Detections API + - Bulk API post: - operationId: delete-agent-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + deprecated: true + description: Deletes multiple rules. + operationId: BulkDeleteRulesPost requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - agentPolicyId: - type: string - force: - description: >- - bypass validation checks that can prevent agent policy - deletion - type: boolean - required: - - agentPolicyId + items: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + rule_id: + $ref: >- + #/components/schemas/Security_Detections_API_RuleSignatureId + type: array + description: >- + A JSON array of `id` or `rule_id` fields of the rules you want to + delete. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - success: - type: boolean - required: - - id - - success - description: OK + $ref: >- + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent policy by ID - tags: - - Elastic Agent policies - /api/fleet/agent_status: - get: - operationId: get-agent-status - parameters: - - in: query - name: policyId - required: false - schema: - type: string - - deprecated: true - in: query - name: kuery - required: false - schema: - type: string - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - active: - type: integer - all: - type: integer - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - deprecated: true - type: integer - unenrolled: - type: integer - updating: - type: integer - required: - - active - - all - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary - tags: - - Elastic Agent status - /api/fleet/agent_status/data: - get: - operationId: get-agent-data - parameters: - - in: query - name: agentsIds - required: true - schema: - items: - type: string - type: array - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - additionalProperties: - type: object - properties: - data: - type: boolean - type: object - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get incoming agent data + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Delete multiple detection rules tags: - - Elastic Agent status - /api/fleet/agent-status: - get: + - Security Detections API + - Bulk API + /api/detection_engine/rules/_bulk_update: + patch: deprecated: true - operationId: get-agent-status-deprecated - parameters: - - in: query - name: policyId - required: false - schema: - type: string + description: >- + Update specific fields of existing detection rules using the `rule_id` + or `id` field. + operationId: BulkPatchRules + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + $ref: '#/components/schemas/Security_Detections_API_RulePatchProps' + type: array + description: A JSON array of rules, where each rule contains the required fields. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - error: - type: integer - events: - type: integer - inactive: - type: integer - offline: - type: integer - online: - type: integer - other: - type: integer - total: - type: integer - updating: - type: integer - required: - - error - - events - - inactive - - offline - - online - - other - - total - - updating - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent status summary + $ref: >- + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + description: Indicates a successful call. + summary: Patch multiple detection rules tags: - - Elastic Agent status - /api/fleet/agents: - get: - operationId: get-agents - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_show_inactive' - - $ref: '#/components/parameters/Fleet_show_upgradeable' - - $ref: '#/components/parameters/Fleet_sort_field' - - $ref: '#/components/parameters/Fleet_sort_order' - - $ref: '#/components/parameters/Fleet_with_metrics' - - in: query - name: getStatusSummary - required: false - schema: - type: boolean + - Security Detections API + - Bulk API + put: + deprecated: true + description: > + Update multiple detection rules using the `rule_id` or `id` field. The + original rules are replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` or `rule_id` values. + operationId: BulkUpdateRules + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleUpdateProps' + type: array + description: >- + A JSON array where each element includes the `id` or `rule_id` field + of the rule you want to update and the fields you want to modify. + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agents_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents + $ref: >- + #/components/schemas/Security_Detections_API_BulkCrudRulesResponse + description: Indicates a successful call. + summary: Update multiple detection rules tags: - - Elastic Agents + - Security Detections API + - Bulk API + /api/detection_engine/rules/_export: post: - operationId: get-agents-by-actions + description: > + Export detection rules to an `.ndjson` file. The following configuration + items are also included in the `.ndjson` file: + + - Actions + + - Exception lists + + > info + + > You cannot export prebuilt rules. + operationId: ExportRules parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Determines whether a summary of the exported rules is returned. + in: query + name: exclude_export_details + required: false + schema: + default: false + type: boolean + - description: File name for saving the exported rules. + in: query + name: file_name + required: false + schema: + default: export.ndjson + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: + nullable: true type: object properties: - actionIds: + objects: + description: >- + Array of `rule_id` fields. Exports all rules when + unspecified. items: - type: string + type: object + properties: + rule_id: + $ref: >- + #/components/schemas/Security_Detections_API_RuleSignatureId + required: + - rule_id type: array required: - - policy_id - required: true + - objects + required: false responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_agent_get_by_actions' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agents by action ids + description: An `.ndjson` file containing the returned rules. + format: binary + type: string + description: Indicates a successful call. + summary: Export detection rules tags: - - Elastic Agents - /api/fleet/agents/{agentId}: - delete: - operationId: delete-agent + - Security Detections API + - Import/Export API + /api/detection_engine/rules/_find: + get: + description: >- + Retrieve a paginated list of detection rules. By default, the first page + is returned, with 20 results per page. + operationId: FindRules parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_FindRulesSortField' + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_Detections_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Rules per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer responses: '200': content: @@ -9232,98 +9373,371 @@ paths: schema: type: object properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete agent by ID - tags: - - Elastic Agents - get: - operationId: get-agent + data: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RuleResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + summary: List all detection rules + tags: + - Security Detections API + - Rules API + /api/detection_engine/rules/_import: + post: + description: > + Import detection rules from an `.ndjson` file, including actions and + exception lists. The request must include: + + - The `Content-Type: multipart/form-data` HTTP header. + + - A link to the `.ndjson` file containing the rules. + operationId: ImportRules parameters: - - $ref: '#/components/parameters/Fleet_with_metrics' + - description: >- + Determines whether existing rules with the same `rule_id` are + overwritten. + in: query + name: overwrite + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing exception lists with the same `list_id` + are overwritten. + in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - description: >- + Determines whether existing actions with the same + `kibana.alert.rule.actions.id` are overwritten. + in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: Generates a new list ID for each imported exception list. + in: query + name: as_new_list + required: false + schema: + default: false + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: The `.ndjson` file containing the rules. + format: binary + type: string + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_agent' + action_connectors_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + action_connectors_success: + type: boolean + action_connectors_success_count: + minimum: 0 + type: integer + action_connectors_warnings: + items: + $ref: >- + #/components/schemas/Security_Detections_API_WarningSchema + type: array + errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_errors: + items: + $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + exceptions_success: + type: boolean + exceptions_success_count: + minimum: 0 + type: integer + rules_count: + minimum: 0 + type: integer + success: + type: boolean + success_count: + minimum: 0 + type: integer required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent by ID + - exceptions_success + - exceptions_success_count + - exceptions_errors + - rules_count + - success + - success_count + - errors + - action_connectors_errors + - action_connectors_warnings + - action_connectors_success + - action_connectors_success_count + description: Indicates a successful call. + summary: Import detection rules tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - put: - operationId: update-agent + - Security Detections API + - Import/Export API + /api/detection_engine/rules/{id}/exceptions: + post: + description: Create exception items that apply to a single detection rule. + operationId: CreateRuleExceptionListItems parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Detection rule's identifier + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_RuleId' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - tags: + items: items: - type: string + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemProps type: array - user_provided_metadata: - type: object + required: + - items + description: Rule exception list items required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create rule exception list items + tags: + - Security Exceptions API + /api/detection_engine/rules/prepackaged: + put: + description: Install and update all Elastic prebuilt detection rules and Timelines. + operationId: InstallPrebuiltRulesAndTimelines + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false type: object properties: - item: - $ref: '#/components/schemas/Fleet_agent' + rules_installed: + description: The number of rules installed + minimum: 0 + type: integer + rules_updated: + description: The number of rules updated + minimum: 0 + type: integer + timelines_installed: + description: The number of timelines installed + minimum: 0 + type: integer + timelines_updated: + description: The number of timelines updated + minimum: 0 + type: integer required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update agent by ID + - rules_installed + - rules_updated + - timelines_installed + - timelines_updated + description: Indicates a successful call + summary: Install prebuilt detection rules and Timelines tags: - - Elastic Agents - /api/fleet/agents/{agentId}/actions: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Prebuilt Rules API + /api/detection_engine/rules/prepackaged/_status: + get: + description: >- + Retrieve the status of all Elastic prebuilt detection rules and + Timelines. + operationId: ReadPrebuiltRulesAndTimelinesStatus + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + rules_custom_installed: + description: The total number of custom rules + minimum: 0 + type: integer + rules_installed: + description: The total number of installed prebuilt rules + minimum: 0 + type: integer + rules_not_installed: + description: >- + The total number of available prebuilt rules that are not + installed + minimum: 0 + type: integer + rules_not_updated: + description: The total number of outdated prebuilt rules + minimum: 0 + type: integer + timelines_installed: + description: The total number of installed prebuilt timelines + minimum: 0 + type: integer + timelines_not_installed: + description: >- + The total number of available prebuilt timelines that are + not installed + minimum: 0 + type: integer + timelines_not_updated: + description: The total number of outdated prebuilt timelines + minimum: 0 + type: integer + required: + - rules_custom_installed + - rules_installed + - rules_not_installed + - rules_not_updated + - timelines_installed + - timelines_not_installed + - timelines_not_updated + description: Indicates a successful call + summary: Retrieve the status of prebuilt detection rules and Timelines + tags: + - Security Detections API + - Prebuilt Rules API + /api/detection_engine/rules/preview: post: - operationId: new-agent-action + operationId: RulePreview parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: >- + Enables logging and returning in response ES queries, performed + during rule execution + in: query + name: enable_logged_requests + required: false + schema: + type: boolean requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - $ref: '#/components/schemas/Fleet_agent_action' + anyOf: + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + - allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_EsqlRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewParams + discriminator: + propertyName: type + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied required: true responses: '200': @@ -9332,874 +9746,1082 @@ paths: schema: type: object properties: - body: + isAborted: + type: boolean + logs: items: - type: number + $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewLogs type: array - headers: - type: string - statusCode: - type: number - description: OK + previewId: + $ref: >- + #/components/schemas/Security_Detections_API_NonEmptyString + required: + - logs + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create agent action + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Preview rule alerts generated on specified time range tags: - - Elastic Agent actions - /api/fleet/agents/{agentId}/reassign: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Rule preview API + /api/detection_engine/signals/assignees: post: - operationId: reassign-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: | + Assign users to detection alerts, and unassign them from alerts. + > info + > You cannot add and remove the same assignee in the same request. + operationId: SetAlertAssignees requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - policy_id: - type: string + assignees: + $ref: '#/components/schemas/Security_Detections_API_AlertAssignees' + description: Details about the assignees to assign and unassign. + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + description: List of alerts ids to assign and unassign passed assignees. required: - - policy_id + - assignees + - ids required: true responses: '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: OK + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent + description: Invalid request. + summary: Assign and unassign users from detection alerts tags: - - Elastic Agents - put: - deprecated: true - operationId: reassign-agent-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: + - Security Detections API + /api/detection_engine/signals/finalize_migration: + post: + description: > + Finalize successful migrations of detection alerts. This replaces the + original index's alias with the successfully migrated index's alias. + + The endpoint is idempotent; therefore, it can safely be used to poll a + given migration and, upon completion, + + finalize it. + operationId: FinalizeAlertsMigration + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - policy_id: - type: string + migration_ids: + items: + type: string + minItems: 1 + type: array required: - - policy_id + - migration_ids + description: Array of `migration_id`s to finalize required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: OK + items: + $ref: >- + #/components/schemas/Security_Detections_API_MigrationFinalizationResult + type: array + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Reassign agent + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Finalize detection alert migrations tags: - - Elastic Agents - /api/fleet/agents/{agentId}/request_diagnostics: - parameters: - - in: path - name: agentId - required: true - schema: - type: string - post: - operationId: request-diagnostics-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Detections API + - Alerts migration API + /api/detection_engine/signals/migration: + delete: + description: > + Migrations favor data integrity over shard size. Consequently, unused or + orphaned indices are artifacts of + + the migration process. A successful migration will result in both the + old and new indices being present. + + As such, the old, orphaned index can (and likely should) be deleted. + + + While you can delete these indices manually, + + the endpoint accomplishes this task by applying a deletion policy to the + relevant index, causing it to be deleted + + after 30 days. It also deletes other artifacts specific to the migration + implementation. + operationId: AlertsMigrationCleanup requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - additional_metrics: + migration_ids: items: - oneOf: - - enum: - - CPU - type: string + type: string + minItems: 1 type: array + required: + - migration_ids + description: Array of `migration_id`s to cleanup + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK + items: + $ref: >- + #/components/schemas/Security_Detections_API_MigrationCleanupResult + type: array + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Request agent diagnostics + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Clean up detection alert migrations tags: - - Elastic Agents - /api/fleet/agents/{agentId}/unenroll: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Alerts migration API post: - operationId: unenroll-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: > + Initiate a migration of detection alerts. + + Migrations are initiated per index. While the process is neither + destructive nor interferes with existing data, it may be + resource-intensive. As such, it is recommended that you plan your + migrations accordingly. + operationId: CreateAlertsMigration requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - type: boolean - revoke: - type: boolean + allOf: + - type: object + properties: + index: + items: + $ref: >- + #/components/schemas/Security_Detections_API_NonEmptyString + minItems: 1 + type: array + required: + - index + - $ref: >- + #/components/schemas/Security_Detections_API_AlertsReindexOptions + description: Alerts migration parameters + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: OK + properties: + indices: + items: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexMigrationSuccess + - $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexMigrationError + - $ref: >- + #/components/schemas/Security_Detections_API_SkippedAlertsIndexMigration + type: array + required: + - indices + description: Successful response '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Initiate a detection alert migration + tags: + - Security Detections API + - Alerts migration API + /api/detection_engine/signals/migration_status: + post: + description: >- + Retrieve indices that contain detection alerts of a particular age, + along with migration information for each of those indices. + operationId: ReadAlertsMigrationStatus + parameters: + - description: Maximum age of qualifying detection alerts + in: query + name: from + required: true + schema: + description: > + Time from which data is analyzed. For example, now-4200s means the + rule analyzes data from 70 minutes + + before its start time. Defaults to now-6m (analyzes data from 6 + minutes before the start time). + format: date-math + type: string + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - error: - type: string - message: - type: string - statusCode: - enum: - - 400 - type: number - description: BAD REQUEST - summary: Unenroll agent + indices: + items: + $ref: >- + #/components/schemas/Security_Detections_API_IndexMigrationStatus + type: array + required: + - indices + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Retrieve the status of detection alert migrations tags: - - Elastic Agents - /api/fleet/agents/{agentId}/upgrade: - parameters: - - in: path - name: agentId - required: true - schema: - type: string + - Security Detections API + - Alerts migration API + /api/detection_engine/signals/search: post: - operationId: upgrade-agent - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: Find and/or aggregate detection alerts that match the given query. + operationId: SearchAlerts requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' + description: Elasticsearch query and aggregation request + type: object + properties: + _source: + oneOf: + - type: boolean + - type: string + - items: + type: string + type: array + aggs: + additionalProperties: true + type: object + fields: + items: + type: string + type: array + query: + additionalProperties: true + type: object + runtime_mappings: + additionalProperties: true + type: object + size: + minimum: 0 + type: integer + sort: + $ref: '#/components/schemas/Security_Detections_API_AlertsSort' + track_total_hits: + type: boolean + description: Search and/or aggregation query required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_upgrade_agent' - description: OK + additionalProperties: true + description: Elasticsearch search response + type: object + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade agent + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Find and/or aggregate detection alerts tags: - - Elastic Agents - /api/fleet/agents/{agentId}/uploads: - get: - operationId: list-agent-uploads + - Security Detections API + - Alerts API + /api/detection_engine/signals/status: + post: + description: Set the status of one or more detection alerts. + operationId: SetAlertsStatus + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByIds + - $ref: >- + #/components/schemas/Security_Detections_API_SetAlertsStatusByQuery + description: >- + An object containing desired status and explicit alert ids or a query + to select alerts + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: true + description: Elasticsearch update by query response type: object - properties: - body: - type: object - properties: - item: - items: - $ref: '#/components/schemas/Fleet_agent_diagnostics' - type: array - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent uploads - tags: - - Elastic Agents - parameters: - - in: path - name: agentId - required: true - schema: - type: string - /api/fleet/agents/action_status: - get: - operationId: agents-action-status - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - in: query - name: errorSize - schema: - default: 5 - type: integer - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - actionId: - type: string - cancellationTime: - type: string - completionTime: - type: string - creationTime: - description: creation time of action - type: string - expiration: - type: string - latestErrors: - description: >- - latest errors that happened when the agents executed - the action - items: - type: object - properties: - agentId: - type: string - error: - type: string - timestamp: - type: string - type: array - nbAgentsAck: - description: number of agents that acknowledged the action - type: number - nbAgentsActionCreated: - description: number of agents included in action from kibana - type: number - nbAgentsActioned: - description: number of agents actioned - type: number - nbAgentsFailed: - description: number of agents that failed to execute the action - type: number - newPolicyId: - description: new policy id (POLICY_REASSIGN action) - type: string - policyId: - description: policy id (POLICY_CHANGE action) - type: string - revision: - description: new policy revision (POLICY_CHANGE action) - type: string - startTime: - description: start time of action (scheduled actions) - type: string - status: - enum: - - COMPLETE - - EXPIRED - - CANCELLED - - FAILED - - IN_PROGRESS - - ROLLOUT_PASSED - type: string - type: - enum: - - POLICY_REASSIGN - - UPGRADE - - UNENROLL - - FORCE_UNENROLL - - UPDATE_TAGS - - CANCEL - - REQUEST_DIAGNOSTICS - - SETTINGS - - POLICY_CHANGE - - INPUT_ACTION - type: string - version: - description: agent version number (UPGRADE action) - type: string - required: - - actionId - - complete - - nbAgentsActioned - - nbAgentsActionCreated - - nbAgentsAck - - nbAgentsFailed - - status - - creationTime - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent action status - tags: - - Elastic Agent actions - /api/fleet/agents/actions/{actionId}/cancel: - parameters: - - in: path - name: actionId - required: true - schema: - type: string - post: - operationId: agent-action-cancel - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_agent_action' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Cancel agent action + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Set a detection alert status tags: - - Elastic Agent actions - /api/fleet/agents/bulk_reassign: + - Security Detections API + - Alerts API + /api/detection_engine/signals/tags: post: - operationId: bulk-reassign-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: | + And tags to detection alerts, and remove them from alerts. + > info + > You cannot add and remove the same alert tag in the same request. + operationId: SetAlertTags requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - policy_id: policy_id schema: type: object properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - policy_id: - description: new agent policy id - type: string + ids: + $ref: '#/components/schemas/Security_Detections_API_AlertIds' + tags: + $ref: '#/components/schemas/Security_Detections_API_SetAlertTags' required: - - policy_id - - agents + - ids + - tags + description: >- + An object containing tags to add or remove and alert ids the changes + will be applied + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: + additionalProperties: true + description: Elasticsearch update by query response type: object - properties: - actionId: - type: string - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk reassign agents + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Detections_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Detections_API_PlatformErrorResponse + description: Unsuccessful authentication response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Detections_API_SiemErrorResponse' + description: Internal server error response + summary: Add and remove detection alert tags tags: - - Elastic Agents - /api/fleet/agents/bulk_request_diagnostics: - post: - operationId: bulk-request-diagnostics - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' - schema: - type: object - properties: - additional_metrics: - items: - oneOf: - - enum: - - CPU - type: string - type: array - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - required: - - agents + - Security Detections API + - Alerts API + /api/detection_engine/tags: + get: + description: List all unique tags from all detection rules. + operationId: ReadTags responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk request diagnostics from agents + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + description: Indicates a successful call + summary: List all detection rule tags tags: - - Elastic Agents - /api/fleet/agents/bulk_unenroll: + - Security Detections API + - Tags API + /api/encrypted_saved_objects/_rotate_key: post: - operationId: bulk-unenroll-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - force: false - revoke: true - schema: - type: object - properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: Unenrolls hosted agents too - type: boolean - includeInactive: - description: >- - When passing agents by KQL query, unenrolls inactive agents - too - type: boolean - revoke: - description: Revokes API keys of agents - type: boolean - required: - - agents + description: > + Superuser role required. + + + If a saved object cannot be decrypted using the primary encryption key, + then Kibana will attempt to decrypt it using the specified + decryption-only keys. In most of the cases this overhead is negligible, + but if you're dealing with a large number of saved objects and + experiencing performance issues, you may want to rotate the encryption + key. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: rotateEncryptionKey + parameters: + - description: > + Specifies a maximum number of saved objects that Kibana can process + in a single batch. Bulk key rotation is an iterative process since + Kibana may not be able to fetch and process all required saved + objects in one go and splits processing into consequent batches. By + default, the batch size is 10000, which is also a maximum allowed + value. + in: query + name: batch_size + required: false + schema: + default: 10000 + type: number + - description: > + Limits encryption key rotation only to the saved objects with the + specified type. By default, Kibana tries to rotate the encryption + key for all saved object types that may contain encrypted + attributes. + in: query + name: type + required: false + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: + examples: + rotateEncryptionKeyResponse: + $ref: '#/components/examples/Saved_objects_key_rotation_response' schema: type: object properties: - actionId: - type: string - description: OK + failed: + description: > + Indicates the number of the saved objects that were still + encrypted with one of the old encryption keys that Kibana + failed to re-encrypt with the primary key. + type: number + successful: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + + + NOTE: In most cases, `total` will be greater than + `successful` even if `failed` is zero. The reason is that + Kibana may not need or may not be able to rotate + encryption keys for all encrypted saved objects. + type: number + total: + description: > + Indicates the total number of all encrypted saved objects + (optionally filtered by the requested `type`), regardless + of the key Kibana used for encryption. + type: number + description: Indicates a successful call. '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk unenroll agents - tags: - - Elastic Agents - /api/fleet/agents/bulk_update_agent_tags: - post: - operationId: bulk-update-agent-tags - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - tagsToAdd: - - newTag - tagsToRemove: - - existingTag - schema: - type: object - properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents - type: string - - description: list of agent IDs - items: - type: string - type: array - batchSize: - type: number - tagsToAdd: - items: - type: string - type: array - tagsToRemove: - items: - type: string - type: array - required: - - agents - responses: - '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + '429': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - properties: - actionId: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk update agent tags + description: Already in progress. + summary: Rotate a key for encrypted saved objects tags: - - Elastic Agents - /api/fleet/agents/bulk_upgrade: + - saved objects + /api/endpoint_list: post: - operationId: bulk-upgrade-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - example: - agents: - - agent1 - - agent2 - rollout_duration_seconds: 3600 - source_uri: https://artifacts.elastic.co/downloads/beats/elastic-agent - start_time: '2022-08-03T14:00:00.000Z' - version: 8.4.0 - schema: - $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' - required: true + description: >- + Create an endpoint exception list, which groups endpoint exception list + items. If an endpoint exception list already exists, an empty response + is returned. + operationId: CreateEndpointList responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - actionId: - type: string - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointList + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk upgrade agents + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Create an endpoint exception list tags: - - Elastic Agents - /api/fleet/agents/files/{fileId}: + - Security Endpoint Exceptions API + /api/endpoint_list/items: delete: - operationId: delete-agent-upload-file + description: >- + Delete an endpoint exception list item using the `id` or `item_id` + field. + operationId: DeleteEndpointListItem + parameters: + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - deleted: - type: boolean - id: - type: string - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete file uploaded by agent - tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - /api/fleet/agents/files/{fileId}/{fileName}: - get: - operationId: get-agent-upload-file - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - items: - type: object - properties: - body: {} - headers: {} - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get file uploaded by agent + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Delete an endpoint exception list item tags: - - Elastic Agents - parameters: - - in: path - name: fileId - required: true - schema: - type: string - - in: path - name: fileName - required: true - schema: - type: string - /api/fleet/agents/setup: + - Security Endpoint Exceptions API get: - operationId: get-agents-setup-status + description: >- + Get the details of an endpoint exception list item using the `id` or + `item_id` field. + operationId: ReadEndpointListItem + parameters: + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_status_response' - description: OK + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + type: array + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Get agent setup info + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Get an endpoint exception list item tags: - - Elastic Agents + - Security Endpoint Exceptions API post: - operationId: setup-agents - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + description: >- + Create an endpoint exception list item, and associate it with the + endpoint exception list. + operationId: CreateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - admin_password: - type: string - admin_username: - type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - - admin_username - - admin_password + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Initiate agent setup - tags: - - Elastic Agents - /api/fleet/agents/tags: - get: - operationId: get-agent-tags - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_agent_tags_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List agent tags - tags: - - Elastic Agents - /api/fleet/data_streams: - get: - operationId: data-streams-list - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - data_streams: - items: - $ref: '#/components/schemas/Fleet_data_stream' - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List data streams - tags: - - Data streams - parameters: [] - /api/fleet/enrollment_api_keys: - get: - operationId: get-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - responses: - '200': + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - page: - type: number - perPage: - type: number - total: - type: number - required: - - items - - page - - perPage - - total - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item already exists + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Create an endpoint exception list item tags: - - Fleet enrollment API keys - post: - operationId: create-enrollment-api-keys - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - Security Endpoint Exceptions API + put: + description: >- + Update an endpoint exception list item using the `id` or `item_id` + field. + operationId: UpdateEndpointListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - name: - description: The name of the enrollment API key. Must be unique. - type: string - policy_id: - description: >- - The ID of the agent policy the Elastic Agent will be - enrolled in. + _version: type: string + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType required: - - policy_id + - type + - name + - description + - entries + description: Exception list item's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - description: OK + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key - tags: - - Fleet enrollment API keys - /api/fleet/enrollment_api_keys/{keyId}: - delete: - operationId: delete-enrollment-api-key - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Revoke enrollment API key by ID by marking it as inactive - tags: - - Fleet enrollment API keys - get: - operationId: get-enrollment-api-key - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list item not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Update an endpoint exception list item tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/enrollment-api-keys: + - Security Endpoint Exceptions API + /api/endpoint_list/items/_find: get: - deprecated: true - operationId: get-enrollment-api-keys-deprecated - parameters: [] + description: Get a list of all endpoint exception list items. + operationId: FindEndpointListItems + parameters: + - description: > + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. + in: query + name: filter + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 0 + type: integer + - description: The number of exception list items to return per page + in: query + name: per_page + required: false + schema: + minimum: 0 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string responses: '200': content: @@ -10207,206 +10829,203 @@ paths: schema: type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - type: array - list: - deprecated: true + data: items: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_EndpointListItem type: array page: - type: number - perPage: - type: number + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + pit: + type: string total: - type: number + minimum: 0 + type: integer required: - - items + - data - page - - perPage + - per_page - total - description: OK + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List enrollment API keys + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Invalid input data + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_PlatformErrorResponse + description: Insufficient privileges + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Endpoint list not found + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_SiemErrorResponse + description: Internal server error + summary: Get endpoint exception list items tags: - - Fleet enrollment API keys - post: - deprecated: true - operationId: create-enrollment-api-keys-deprecated + - Security Endpoint Exceptions API + /api/endpoint/action: + get: + description: Get a list of all response actions. + operationId: EndpointGetActionsList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetEndpointActionListRouteQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - created - type: string - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create enrollment API key + summary: Get response actions tags: - - Fleet enrollment API keys - /api/fleet/enrollment-api-keys/{keyId}: - delete: + - Security Endpoint Management API + /api/endpoint/action_log/{agent_id}: + get: deprecated: true - operationId: delete-enrollment-api-key-deprecated + description: Get an action request log for the specified agent ID. + operationId: EndpointGetActionLog parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: agent_id + required: true + schema: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionLogRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - action: - enum: - - deleted - type: string - required: - - action + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete enrollment API key by ID + summary: Get an action request log tags: - - Fleet enrollment API keys + - Security Endpoint Management API + /api/endpoint/action_status: get: - deprecated: true - operationId: get-enrollment-api-key-deprecated + description: Get the status of response actions for the specified agent IDs. + operationId: EndpointGetActionsStatus + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + agent_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_enrollment_api_key' - required: - - item + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionStatusSuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get enrollment API key by ID + summary: Get response actions status tags: - - Fleet enrollment API keys - parameters: - - in: path - name: keyId - required: true - schema: - type: string - /api/fleet/epm/bulk_assets: - post: - operationId: bulk-get-assets - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - assetIds: - description: list of items necessary to fetch assets - items: - type: object - properties: - id: - type: string - type: - type: string - type: array - required: - - assetIds + - Security Endpoint Management API + /api/endpoint/action/{action_id}: + get: + description: Get the details of a response action using the action ID. + operationId: EndpointGetActionsDetails + parameters: + - in: path + name: action_id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get assets + summary: Get action details tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/categories: + - Security Endpoint Management API + /api/endpoint/action/{action_id}/file/{file_id}: get: - operationId: get-package-categories + description: Get information for the specified file using the file ID. + operationId: EndpointFileInfo + parameters: + - in: path + name: action_id + required: true + schema: + type: string + - in: path + name: file_id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_categories_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package categories + summary: Get file information tags: - - Elastic Package Manager (EPM) - parameters: - - description: >- - Whether to include prerelease packages in categories count (e.g. beta, - rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental - schema: - default: false - type: boolean - - in: query - name: include_policy_templates - schema: - default: false - type: boolean - /api/fleet/epm/packages: + - Security Endpoint Management API + /api/endpoint/action/{action_id}/file/{file_id}/download: get: - operationId: list-all-packages + description: Download a file from an endpoint. + operationId: EndpointFileDownload parameters: - - description: >- - Whether to exclude the install status of each package. Enabling this - option will opt in to caching for the response via `cache-control` - headers. If you don't need up-to-date installation info for a - package, and are querying for a list of available packages, - providing this flag can improve performance substantially. - in: query - name: excludeInstallStatus - schema: - default: false - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean - - deprecated: true - in: query - name: experimental + - in: path + name: action_id + required: true schema: - default: false - type: boolean - - in: query - name: category + type: string + - in: path + name: file_id + required: true schema: type: string responses: @@ -10414,966 +11033,536 @@ paths: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_get_packages_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List packages + summary: Download a file tags: - - Elastic Package Manager (EPM) + - Security Endpoint Management API + /api/endpoint/action/execute: post: - description: '' - operationId: install-package-by-upload - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean + description: Run a shell command on an endpoint. + operationId: EndpointExecuteAction requestBody: content: - application/gzip; Elastic-Api-Version=2023-10-31: - schema: - format: binary - type: string - application/zip; Elastic-Api-Version=2023-10-31: + application/json; Elastic-Api-Version=2023-10-31: schema: - format: binary - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ExecuteRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - _meta: - type: object - properties: - install_source: - enum: - - upload - - registry - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - '429': - $ref: '#/components/responses/Fleet_error' - summary: Install by package by direct upload + summary: Run a command tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/_bulk: + - Security Endpoint Management API + /api/endpoint/action/get_file: post: - operationId: bulk-install-packages - parameters: - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean + description: Get a file from an endpoint. + operationId: EndpointGetFileAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - description: force install to ignore package verification errors - type: boolean - packages: - description: list of packages to install - items: - oneOf: - - description: package name - type: string - - type: object - properties: - name: - description: package name - type: string - version: - description: package version - type: string - type: array - required: - - packages + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetFileRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk install packages + summary: Get a file tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgkey}: - delete: - deprecated: true - operationId: delete-package-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string + - Security Endpoint Management API + /api/endpoint/action/isolate: + post: + description: >- + Isolate an endpoint from the network. The endpoint remains isolated + until it's released. + operationId: EndpointIsolateAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_IsolateRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete ackage + summary: Isolate an endpoint tags: - - Elastic Package Manager (EPM) - get: - deprecated: true - operationId: get-package-deprecated - parameters: - - in: path - name: pkgkey - required: true - schema: - type: string - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean + - Security Endpoint Management API + /api/endpoint/action/kill_process: + post: + description: Terminate a running process on an endpoint. + operationId: EndpointKillProcessAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_KillProcessRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - response: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - savedObject: - type: string - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject - type: object + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + summary: Terminate a process tags: - - Elastic Package Manager (EPM) + - Security Endpoint Management API + /api/endpoint/action/running_procs: post: - deprecated: true - description: '' - operationId: install-package-deprecated - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgkey - required: true - schema: - type: string - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean + description: Get a list of all processes running on an endpoint. + operationId: EndpointGetProcessesAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_GetProcessesRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - response: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - response + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package + summary: Get running processes tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}: - delete: - operationId: delete-package - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: delete package even if policies used by agents - in: query - name: force - schema: - type: boolean + - Security Endpoint Management API + /api/endpoint/action/scan: + post: + description: Scan a specific file or directory on an endpoint for malware. + operationId: EndpointScanAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - deprecated: true - type: object - properties: - force: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ScanRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package + summary: Scan a file or directory tags: - - Elastic Package Manager (EPM) + - Security Endpoint Management API + /api/endpoint/action/state: get: - operationId: get-package + description: >- + Get a response actions state, which reports whether encryption is + enabled. + operationId: EndpointGetActionsState responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - allOf: - - properties: - item: - $ref: '#/components/schemas/Fleet_package_info' - - properties: - keepPoliciesUpToDate: - type: boolean - latestVersion: - type: string - licensePath: - type: string - notice: - type: string - savedObject: - deprecated: true - type: object - status: - enum: - - installed - - installing - - install_failed - - not_installed - type: string - required: - - status - - savedObject - type: object + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ActionStateSuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package + summary: Get actions state tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion + - Security Endpoint Management API + /api/endpoint/action/suspend_process: + post: + description: Suspend a running process on an endpoint. + operationId: EndpointSuspendProcessAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuspendProcessRouteRequestBody required: true - schema: - type: string - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - - description: >- - Return all fields from the package manifest, not just those supported - by the Elastic Package Registry - in: query - name: full - schema: - type: boolean - - description: >- - Whether to return prerelease versions of packages (e.g. beta, rc, - preview) - in: query - name: prerelease - schema: - default: false - type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse + description: OK + summary: Suspend a process + tags: + - Security Endpoint Management API + /api/endpoint/action/unisolate: post: - description: '' - operationId: install-package - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - description: avoid erroring out on unexpected mapping update errors - in: query - name: ignoreMappingUpdateErrors - schema: - default: false - type: boolean - - description: >- - Skip data stream rollover during index template mapping or settings - update - in: query - name: skipDataStreamRollover - schema: - default: false - type: boolean + description: Release an isolated endpoint, allowing it to rejoin a network. + operationId: EndpointUnisolateAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - force: - type: boolean - ignore_constraints: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UnisolateRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - _meta: - type: object - properties: - install_source: - enum: - - registry - - upload - - bundled - type: string - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Install package + summary: Release an isolated endpoint tags: - - Elastic Package Manager (EPM) - put: - description: '' - operationId: update-package + - Security Endpoint Management API + /api/endpoint/action/upload: + post: + description: Upload a file to an endpoint. + operationId: EndpointUploadAction requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - keepPoliciesUpToDate: - type: boolean + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_UploadRouteRequestBody + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - id: - type: string - type: - oneOf: - - $ref: >- - #/components/schemas/Fleet_kibana_saved_object_type - - $ref: >- - #/components/schemas/Fleet_elasticsearch_asset_type - required: - - id - - type - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package settings - tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: - get: - operationId: packages-get-file - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - body: - type: object - headers: - type: object - statusCode: - type: number + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package file + summary: Upload a file tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - in: path - name: filePath - required: true - schema: - type: string - /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + - Security Endpoint Management API + /api/endpoint/isolate: post: - description: '' - operationId: reauthorize-transforms - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: >- - Whether to include prerelease packages in categories count (e.g. - beta, rc, preview) - in: query - name: prerelease - schema: - default: false - type: boolean + deprecated: true + description: > + Isolate an endpoint from the network. + + > info + + > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/isolate`. + operationId: EndpointIsolateRedirect requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - transforms: - items: - type: object - properties: - transformId: - type: string - type: array + agent_type: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_AgentTypes + alert_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_AlertIds + case_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_CaseIds + comment: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Comment + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Parameters + required: + - endpoint_ids + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: object - properties: - error: - type: string - success: - type: boolean - transformId: - type: string - required: - - transformId - - error - type: array - required: - - items + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Authorize transforms + '308': + description: Permanent Redirect + headers: + Location: + description: Permanently redirects to "/api/endpoint/action/isolate" + schema: + example: /api/endpoint/action/isolate + type: string + summary: Isolate an endpoint tags: - - Elastic Package Manager (EPM) - /api/fleet/epm/packages/{pkgName}/stats: + - Security Endpoint Management API + /api/endpoint/metadata: get: - operationId: get-package-stats + operationId: GetEndpointMetadataList + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ListRequestQuery responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - response: - $ref: '#/components/schemas/Fleet_package_usage_stats' - required: - - response + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package stats + summary: Get a metadata list tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - /api/fleet/epm/packages/limited: + - Security Endpoint Management API + /api/endpoint/metadata/{id}: get: - operationId: list-limited-packages + operationId: GetEndpointMetadata + parameters: + - in: path + name: id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - type: string - type: array + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get limited package list + summary: Get metadata tags: - - Elastic Package Manager (EPM) - parameters: [] - /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: + - Security Endpoint Management API + /api/endpoint/metadata/transforms: get: - operationId: get-inputs-template + operationId: GetEndpointMetadataTransform responses: '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get inputs template + summary: Get metadata transforms tags: - - Elastic Package Manager (EPM) - parameters: - - in: path - name: pkgName - required: true - schema: - type: string - - in: path - name: pkgVersion - required: true - schema: - type: string - - description: Format of response - json or yaml - in: query - name: format - schema: - enum: - - json - - yaml - - yml - type: string - - description: Specify if version is prerelease - in: query - name: prerelease - schema: - type: boolean - - description: Ignore if the package is fails signature verification - in: query - name: ignoreUnverified - schema: - type: boolean - /api/fleet/epm/verification_key_id: + - Security Endpoint Management API + /api/endpoint/policy_response: get: - operationId: packages-get-verification-key-id + operationId: GetPolicyResponse + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + agentId: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentId' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - body: - type: object - properties: - id: - description: >- - the key ID of the GPG key used to verify package - signatures - nullable: true - type: string - headers: - type: object - statusCode: - type: number + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package signature verification key ID + summary: Get a policy response tags: - - Elastic Package Manager (EPM) - parameters: [] - /api/fleet/fleet_server_hosts: + - Security Endpoint Management API + /api/endpoint/policy/summaries: get: - operationId: get-fleet-server-hosts + deprecated: true + operationId: GetAgentPolicySummary + parameters: + - in: query + name: query + required: true + schema: + type: object + properties: + package_name: + type: string + policy_id: + nullable: true + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_fleet_server_host' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List Fleet Server hosts - tags: - - Fleet Server hosts - post: - operationId: post-fleet-server-hosts - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - host_urls: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - type: string - required: - - name - - host_urls - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create Fleet Server host + summary: Get an agent policy summary tags: - - Fleet Server hosts - /api/fleet/fleet_server_hosts/{itemId}: - delete: - operationId: delete-fleet-server-hosts + - Security Endpoint Management API + /api/endpoint/protection_updates_note/{package_policy_id}: + get: + operationId: GetProtectionUpdatesNote parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: package_policy_id + required: true + schema: + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete Fleet Server host by ID + summary: Get a protection updates note tags: - - Fleet Server hosts - get: - operationId: get-one-fleet-server-hosts + - Security Endpoint Management API + post: + operationId: CreateUpdateProtectionUpdatesNote + parameters: + - in: path + name: package_policy_id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + note: + type: string + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get Fleet Server host by ID + summary: Create or update a protection updates note tags: - - Fleet Server hosts - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-server-hosts + - Security Endpoint Management API + /api/endpoint/suggestions/{suggestion_type}: + post: + operationId: GetEndpointSuggestions parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: suggestion_type + required: true + schema: + enum: + - eventFilters + type: string requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - host_urls: - items: - type: string - type: array - is_default: - type: boolean - is_internal: - type: boolean - name: + field: type: string - proxy_id: - description: >- - The ID of the proxy to use for this fleet server host. See - the proxies API for more information. - nullable: true + fieldMeta: {} + filters: {} + query: type: string + required: + - parameters + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_fleet_server_host' - required: - - item + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update Fleet Server host by ID + summary: Get suggestions tags: - - Fleet Server hosts - /api/fleet/health_check: + - Security Endpoint Management API + /api/endpoint/unisolate: post: - operationId: fleet-server-health-check - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + deprecated: true + description: > + Release an isolated endpoint, allowing it to rejoin a network. + + > info + + > This URL will return a 308 permanent redirect to `POST :/api/endpoint/action/unisolate`. + operationId: EndpointUnisolateRedirect requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - host: - deprecated: true - type: string - id: - type: string + agent_type: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_AgentTypes + alert_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_AlertIds + case_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_CaseIds + comment: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Comment + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Parameters required: - - id + - endpoint_ids required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - host: - deprecated: true - type: string - id: - description: Fleet Server host id - type: string - status: - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_SuccessResponse description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Fleet Server health check + '308': + description: Permanent Redirect + headers: + Location: + description: Permanently redirects to "/api/endpoint/action/unisolate" + schema: + example: /api/endpoint/action/unisolate + type: string + summary: Release an isolated endpoint tags: - - Fleet internals - /api/fleet/kubernetes: + - Security Endpoint Management API + /api/entity_store/engines: get: - operationId: get-full-k8s-manifest - parameters: - - in: query - name: download - required: false - schema: - type: boolean - - in: query - name: fleetServer - required: false - schema: - type: string - - in: query - name: enrolToken - required: false - schema: - type: string + operationId: ListEntityEngines responses: '200': content: @@ -11381,19 +11570,33 @@ paths: schema: type: object properties: - item: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get full K8s agent manifest + count: + type: integer + engines: + items: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + type: array + description: Successful response + summary: List the Entity Engines tags: - - Fleet Kubernetes - /api/fleet/logstash_api_keys: - post: - operationId: generate-logstash-api-key + - Security Entity Analytics API + /api/entity_store/engines/{entityType}: + delete: + operationId: DeleteEntityEngine parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + - description: Control flag to also delete the entity data. + in: query + name: data + required: false + schema: + type: boolean responses: '200': content: @@ -11401,87 +11604,76 @@ paths: schema: type: object properties: - api_key: - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Generate Logstash API key + deleted: + type: boolean + description: Successful response + summary: Delete the Entity Engine tags: - - Fleet outputs - /api/fleet/outputs: + - Security Entity Analytics API get: - operationId: get-outputs + operationId: GetEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_output_create_request' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List outputs + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + description: Successful response + summary: Get an Entity Engine tags: - - Fleet outputs + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/init: post: - operationId: post-outputs + operationId: InitEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_output_create_request' + type: object + properties: + filter: + type: string + indexPattern: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + description: Schema for the engine initialization required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create output + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineDescriptor + description: Successful response + summary: Initialize an Entity Engine tags: - - Fleet outputs - /api/fleet/outputs/{outputId}: - delete: - operationId: delete-output + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/start: + post: + operationId: StartEntityEngine parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete output by ID - tags: - - Fleet outputs - get: - operationId: get-output + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -11489,29 +11681,22 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_output_create_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get output by ID + started: + type: boolean + description: Successful response + summary: Start an Entity Engine tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - put: - operationId: update-output + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/stats: + post: + operationId: GetEntityEngineStats parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_output_update_request' + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -11519,17 +11704,37 @@ paths: schema: type: object properties: - item: - $ref: '#/components/schemas/Fleet_output_update_request' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update output by ID + indexPattern: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_IndexPattern + indices: + items: + type: object + type: array + status: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EngineStatus + transforms: + items: + type: object + type: array + type: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityType + description: Successful response + summary: Get Entity Engine stats tags: - - Fleet outputs - /api/fleet/outputs/{outputId}/health: - get: - operationId: get-output-health + - Security Entity Analytics API + /api/entity_store/engines/{entityType}/stop: + post: + operationId: StopEntityEngine + parameters: + - description: The entity type of the engine (either 'user' or 'host'). + in: path + name: entityType + required: true + schema: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' responses: '200': content: @@ -11537,35 +11742,56 @@ paths: schema: type: object properties: - message: - description: long message if unhealthy - type: string - state: - description: state of output, HEALTHY or DEGRADED - type: string - timestamp: - description: timestamp of reported state - type: string - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get latest output health + stopped: + type: boolean + description: Successful response + summary: Stop an Entity Engine tags: - - Fleet outputs - parameters: - - in: path - name: outputId - required: true - schema: - type: string - /api/fleet/package_policies: + - Security Entity Analytics API + /api/entity_store/entities/list: get: - operationId: get-package-policies + description: List entities records, paging, sorting and filtering as needed. + operationId: ListEntities parameters: - - $ref: '#/components/parameters/Fleet_page_size' - - $ref: '#/components/parameters/Fleet_page_index' - - $ref: '#/components/parameters/Fleet_kuery' - - $ref: '#/components/parameters/Fleet_format' + - in: query + name: sort_field + required: false + schema: + type: string + - in: query + name: sort_order + required: false + schema: + enum: + - asc + - desc + type: string + - in: query + name: page + required: false + schema: + minimum: 1 + type: integer + - in: query + name: per_page + required: false + schema: + maximum: 10000 + minimum: 1 + type: integer + - description: An ES query to filter by. + in: query + name: filterQuery + required: false + schema: + type: string + - in: query + name: entities_types + required: true + schema: + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + type: array responses: '200': content: @@ -11573,584 +11799,596 @@ paths: schema: type: object properties: - items: + inspect: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_InspectQuery + page: + minimum: 1 + type: integer + per_page: + maximum: 1000 + minimum: 1 + type: integer + records: items: - $ref: '#/components/schemas/Fleet_package_policy' + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_Entity type: array - page: - type: number - perPage: - type: number total: - type: number + minimum: 0 + type: integer required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List package policies + - records + - page + - per_page + - total + description: Entities returned successfully + summary: List Entity Store Entities tags: - - Fleet package policies - parameters: [] - post: - operationId: create-package-policy + - Security Entity Analytics API + /api/exception_lists: + delete: + description: Delete an exception list using the `id` or `list_id` field. + operationId: DeleteExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - description: >- - You should use inputs as an object and not use the deprecated inputs - array. + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - '409': - $ref: '#/components/responses/Fleet_error' - summary: Create package policy - tags: - - Fleet package policies - /api/fleet/package_policies/_bulk_get: - post: - operationId: bulk-get-package-policies - parameters: - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - ids: - description: list of package policy ids - items: - type: string - type: array - ignoreMissing: - type: boolean - required: - - ids - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - required: - - items - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Bulk get package policies + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Delete an exception list tags: - - Fleet package policies - /api/fleet/package_policies/{packagePolicyId}: - delete: - operationId: delete-package-policy + - Security Exceptions API + get: + description: Get the details of an exception list using the `id` or `list_id` field. + operationId: ReadExceptionList parameters: + - description: Either `id` or `list_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Either `id` or `list_id` must be specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' - in: query - name: force + name: namespace_type + required: false schema: - type: boolean + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy by ID - tags: - - Fleet package policies - get: - operationId: get-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_format' - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get package policy by ID - tags: - - Fleet package policies - parameters: - - in: path - name: packagePolicyId - required: true - schema: - type: string - put: - operationId: update-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - - $ref: '#/components/parameters/Fleet_format' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Fleet_package_policy_request' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_package_policy' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update package policy by ID - tags: - - Fleet package policies - /api/fleet/package_policies/delete: - post: - operationId: post-delete-package-policy - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - force: - type: boolean - packagePolicyIds: - items: - type: string - type: array - required: - - packagePolicyIds - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete package policy + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list details tags: - - Fleet package policies - /api/fleet/package_policies/upgrade: + - Security Exceptions API post: - operationId: upgrade-package-policy + description: > + An exception list groups exception items and can be associated with + detection rules. You can assign detection rules with multiple exception + lists. + + > info + + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. + operationId: CreateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - packagePolicyIds: - items: - type: string - type: array + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion + default: 1 required: - - packagePolicyIds + - name + - description + - type + description: Exception list's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - id: - type: string - name: - type: string - success: - type: boolean - required: - - id - - success - type: array - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response '409': - $ref: '#/components/responses/Fleet_error' - summary: Upgrade package policy to a newer package version + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create an exception list tags: - - Fleet package policies - /api/fleet/package_policies/upgrade/dryrun: - post: - operationId: upgrade-package-policy-dry-run + - Security Exceptions API + put: + description: Update an exception list using the `id` or `list_id` field. + operationId: UpdateExceptionList requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - packagePolicyIds: - items: - type: string - type: array - packageVersion: + _version: type: string + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListTags + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListType + version: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListVersion required: - - packagePolicyIds + - name + - description + - type + description: Exception list's properties + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - properties: - agent_diff: - $ref: '#/components/schemas/Fleet_upgrade_agent_diff' - diff: - $ref: '#/components/schemas/Fleet_upgrade_diff' - hasErrors: - type: boolean - required: - - hasErrors - type: array - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Dry run package policy upgrade - tags: - - Fleet package policies - /api/fleet/proxies: - get: - operationId: get-fleet-proxies - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - items: - items: - $ref: '#/components/schemas/Fleet_proxies' - type: array - page: - type: integer - perPage: - type: integer - total: - type: integer - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: List proxies - tags: - - Fleet proxies - post: - operationId: post-fleet-proxies - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - required: - - name - - url - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Create proxy - tags: - - Fleet proxies - /api/fleet/proxies/{itemId}: - delete: - operationId: delete-fleet-proxies - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - id: - type: string - required: - - id - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Delete proxy by ID - tags: - - Fleet proxies - get: - operationId: get-one-fleet-proxies - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get proxy by ID - tags: - - Fleet proxies - parameters: - - in: path - name: itemId - required: true - schema: - type: string - put: - operationId: update-fleet-proxies - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - name: - type: string - proxy_headers: - type: object - url: - type: string - responses: - '200': + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_proxies' - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update proxy by ID + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list tags: - - Fleet proxies - /api/fleet/service_tokens: + - Security Exceptions API + /api/exception_lists/_duplicate: post: - operationId: generate-service-token + description: Duplicate an existing exception list. + operationId: DuplicateExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Exception list's human identifier + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions + required: true + schema: + default: 'true' + enum: + - 'true' + - 'false' + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list to duplicate not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Duplicate an exception list tags: - - Fleet service tokens - /api/fleet/service-tokens: + - Security Exceptions API + /api/exception_lists/_export: post: - deprecated: true - operationId: generate-service-token-deprecated + description: Export an exception list and its associated items to an NDJSON file. + operationId: ExportExceptionList parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: Exception list's identifier + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human identifier + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: true + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + - description: >- + Determines whether to include expired exceptions in the exported + list + in: query + name: include_expired_exceptions + required: true + schema: + default: 'true' + enum: + - 'true' + - 'false' + type: string responses: '200': content: - application/json; Elastic-Api-Version=2023-10-31: + application/ndjson; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - name: - type: string - value: - type: string - description: OK + description: >- + A `.ndjson` file containing specified exception list and its + items + format: binary + type: string + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: Create service token - tags: - - Fleet service tokens - /api/fleet/settings: - get: - operationId: get-settings - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get settings - tags: - - Fleet internals - put: - operationId: update-settings - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - additional_yaml_config: - type: string - fleet_server_hosts: - description: Protocol and path must be the same for each URL - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_settings_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Update settings - tags: - - Fleet internals - /api/fleet/setup: - post: - operationId: setup - parameters: - - $ref: '#/components/parameters/Fleet_kbn_xsrf' - responses: - '200': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Fleet_fleet_setup_response' - description: OK - '400': - $ref: '#/components/responses/Fleet_error' + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response '500': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - message: - type: string - description: Internal Server Error - summary: Initiate Fleet setup + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Export an exception list tags: - - Fleet internals - /api/fleet/uninstall_tokens: + - Security Exceptions API + /api/exception_lists/_find: get: - operationId: get-uninstall-tokens + description: Get a list of all exception lists. + operationId: FindExceptionLists parameters: - - description: The number of items to return + - description: > + Filters the returned results according to the value of the specified + field. + + + Uses the `so type.field name:field` value syntax, where `so type` + can be: + + + - `exception-list`: Specify a space-aware exception list. + + - `exception-list-agnostic`: Specify an exception list that is + shared across spaces. in: query - name: perPage + name: filter required: false schema: - default: 20 - minimum: 5 + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListsFilter + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) + in: query + name: namespace_type + required: false + schema: + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - description: The page number to return + in: query + name: page + required: false + schema: + minimum: 1 type: integer - - $ref: '#/components/parameters/Fleet_page_index' - - description: Partial match filtering for policy IDs + - description: The number of exception lists to return per page in: query - name: policyId + name: per_page + required: false + schema: + minimum: 1 + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + type: string + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order required: false schema: + enum: + - desc + - asc type: string responses: '200': @@ -12159,126 +12397,112 @@ paths: schema: type: object properties: - items: + data: items: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - required: - - id - - policy_id - - created_at + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionList type: array page: - type: number - perPage: - type: number + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer total: - type: number + minimum: 0 + type: integer required: - - items - - total + - data - page - - perPage - description: OK + - per_page + - total + description: Successful response '400': - $ref: '#/components/responses/Fleet_error' - summary: List metadata for latest uninstall tokens per agent policy - tags: - - Fleet uninstall tokens - /api/fleet/uninstall_tokens/{uninstallTokenId}: - get: - operationId: get-uninstall-token - parameters: - - in: path - name: uninstallTokenId - required: true - schema: - type: string - responses: - '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - properties: - item: - type: object - properties: - created_at: - type: string - id: - type: string - policy_id: - type: string - token: - type: string - required: - - id - - token - - policy_id - - created_at - required: - - item - description: OK - '400': - $ref: '#/components/responses/Fleet_error' - summary: Get one decrypted uninstall token by its ID - tags: - - Fleet uninstall tokens - /api/ml/saved_objects/sync: - get: - description: > - Synchronizes Kibana saved objects for machine learning jobs and trained - models in the default space. You must have `all` privileges for the - **Machine Learning** feature in the **Analytics** section of the Kibana - feature privileges. This API runs automatically when you start Kibana - and periodically thereafter. - operationId: mlSync - parameters: - - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - syncExample: - $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' - description: Indicates a successful call - '401': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' - description: Authorization information is missing or invalid. - summary: Sync saved objects in the default space + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception lists tags: - - ml - /api/saved_objects/_bulk_create: + - Security Exceptions API + /api/exception_lists/_import: post: - deprecated: true - operationId: bulkCreateSavedObjects + description: Import an exception list and its associated items from an NDJSON file. + operationId: ImportExceptionList parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: When true, overwrites the document with the same identifier. + - description: > + Determines whether existing exception lists with the same `list_id` + are overwritten. + + If any exception items have the same `item_id`, those are also + overwritten. in: query name: overwrite + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_exceptions + required: false + schema: + default: false + type: boolean + - in: query + name: overwrite_action_connectors + required: false + schema: + default: false + type: boolean + - description: > + Determines whether the list being imported will have a new `list_id` + generated. + + Additional `item_id`'s are generated for each exception item. Both + the exception + + list and its items are overwritten. + in: query + name: as_new_list + required: false schema: + default: false type: boolean requestBody: content: - application/json; Elastic-Api-Version=2023-10-31: + multipart/form-data; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - type: array + type: object + properties: + file: + description: A `.ndjson` file containing the exception list + format: binary + type: string required: true responses: '200': @@ -12286,2486 +12510,10179 @@ paths: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Create saved objects - tags: - - saved objects - /api/saved_objects/_bulk_delete: - post: - deprecated: true - description: | - WARNING: When you delete a saved object, it cannot be recovered. - operationId: bulkDeleteSavedObjects + properties: + errors: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkErrorArray + success: + type: boolean + success_count: + minimum: 0 + type: integer + success_count_exception_list_items: + minimum: 0 + type: integer + success_count_exception_lists: + minimum: 0 + type: integer + success_exception_list_items: + type: boolean + success_exception_lists: + type: boolean + required: + - errors + - success + - success_count + - success_exception_lists + - success_count_exception_lists + - success_exception_list_items + - success_count_exception_list_items + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Import an exception list + tags: + - Security Exceptions API + /api/exception_lists/items: + delete: + description: Delete an exception list item using the `id` or `item_id` field. + operationId: DeleteExceptionListItem parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - When true, force delete objects that exist in multiple namespaces. - Note that the option applies to the whole request. Use the delete - object API to specify per-object deletion behavior. TIP: Use this if - you attempted to delete objects and received an HTTP 400 error with - the following message: "Unable to delete saved object that exists in - multiple namespaces, use the force option to delete it anyway". - WARNING: When you bulk delete objects that exist in multiple - namespaces, the API also deletes legacy url aliases that reference - the object. These requests are batched to minimise the impact but - they can place a heavy load on Kibana. Make sure you limit the - number of objects that exist in multiple namespaces in a single bulk - delete operation. + - description: Either `id` or `item_id` must be specified in: query - name: force + name: id + required: false schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Delete saved objects + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Delete an exception list item tags: - - saved objects - /api/saved_objects/_bulk_get: - post: - deprecated: true - operationId: bulkGetSavedObjects + - Security Exceptions API + get: + description: >- + Get the details of an exception list item using the `id` or `item_id` + field. + operationId: ReadExceptionListItem parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true + - description: Either `id` or `item_id` must be specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + - description: Either `id` or `item_id` must be specified + in: query + name: item_id + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a successful call. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Get saved objects + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list item tags: - - saved objects - /api/saved_objects/_bulk_resolve: + - Security Exceptions API post: - deprecated: true description: > - Retrieve multiple Kibana saved objects by identifier using any legacy - URL aliases if they exist. Under certain circumstances when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved by the bulk resolve API - using either its new ID or its old ID. - operationId: bulkResolveSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + Create an exception item and associate it with the specified exception + list. + + > info + + > Before creating exception items, you must create an exception list. + operationId: CreateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - items: - type: object - type: array + type: object + properties: + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags + default: [] + type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemType + required: + - list_id + - type + - name + - description + - entries + description: Exception list item's properties required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Resolve saved objects - tags: - - saved objects - /api/saved_objects/_bulk_update: - post: - deprecated: true - description: Update the attributes for multiple Kibana saved objects. - operationId: bulkUpdateSavedObjects - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - items: - type: object - type: array - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: > - Indicates a successful call. NOTE: This HTTP response code indicates - that the bulk operation succeeded. Errors pertaining to individual - objects will be returned in the response body. - '400': + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Update saved objects + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create an exception list item tags: - - saved objects - /api/saved_objects/_export: - post: - description: > - Retrieve sets of saved objects that you want to import into Kibana. - - You must include `type` or `objects` in the request body. - - - Exported saved objects are not backwards compatible and cannot be - imported into an older version of Kibana. - - - NOTE: The `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be exported. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: exportSavedObjectsDefault - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - Security Exceptions API + put: + description: Update an exception list item using the `id` or `item_id` field. + operationId: UpdateExceptionListItem requestBody: content: application/json; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsRequest: - $ref: '#/components/examples/Saved_objects_export_objects_request' schema: type: object properties: - excludeExportDetails: - default: false - description: Do not add export details entry at the end of the stream. - type: boolean - includeReferencesDeep: - description: >- - Includes all of the referenced objects in the exported - objects. - type: boolean - objects: - description: A list of objects to export. - items: - type: object - type: array + _version: + type: string + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string + id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemId + description: Either `id` or `item_id` must be specified + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + description: Either `id` or `item_id` must be specified + list_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemMeta + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemTags type: - description: >- - The saved object types to include in the export. Use `*` to - export all the types. - oneOf: - - type: string - - items: - type: string - type: array + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemType + required: + - type + - name + - description + - entries + description: Exception list item's properties required: true responses: '200': content: - application/x-ndjson; Elastic-Api-Version=2023-10-31: - examples: - exportSavedObjectsResponse: - $ref: '#/components/examples/Saved_objects_export_objects_response' + application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: true - type: object - description: Indicates a successful call. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItem' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Export saved objects + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Update an exception list item tags: - - saved objects - /api/saved_objects/_find: + - Security Exceptions API + /api/exception_lists/items/_find: get: - deprecated: true - description: Retrieve a paginated set of Kibana saved objects. - operationId: findSavedObjects + description: Get a list of all exception list items in the specified list. + operationId: FindExceptionListItems parameters: - - description: > - An aggregation structure, serialized as a string. The field format - is similar to filter, meaning that to use a saved object type - attribute in the aggregation, the `savedObjectType.attributes.title: - "myTitle"` format must be used. For root fields, the syntax is - `savedObjectType.rootField`. NOTE: As objects change in Kibana, the - results on each page of the response also change. Use the find API - for traditional paginated results, but avoid using it to export - large amounts of data. - in: query - name: aggs - schema: - type: string - - description: The default operator to use for the `simple_query_string`. - in: query - name: default_search_operator - schema: - type: string - - description: The fields to return in the attributes key of the response. + - description: List's id in: query - name: fields + name: list_id + required: true schema: - oneOf: - - type: string - - type: array + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListHumanId + type: array - description: > - The filter is a KQL string with the caveat that if you filter with - an attribute from your saved object type, it should look like that: - `savedObjectType.attributes.title: "myTitle"`. However, if you use a - root attribute of a saved object such as `updated_at`, you will have - to define your filter like that: `savedObjectType.updated_at > - 2018-12-22`. + Filters the returned results according to the value of the specified + field, + + using the `:` syntax. in: query name: filter + required: false schema: - type: string - - description: >- - Filters to objects that do not have a relationship with the type and - identifier combination. - in: query - name: has_no_reference - schema: - type: object - - description: >- - The operator to use for the `has_no_reference` parameter. Either - `OR` or `AND`. Defaults to `OR`. - in: query - name: has_no_reference_operator - schema: - type: string - - description: >- - Filters to objects that have a relationship with the type and ID - combination. + default: [] + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_FindExceptionListItemsFilter + type: array + - description: > + Determines whether the returned containers are Kibana associated + with a Kibana space + + or available in all spaces (`agnostic` or `single`) in: query - name: has_reference + name: namespace_type + required: false schema: - type: object - - description: >- - The operator to use for the `has_reference` parameter. Either `OR` - or `AND`. Defaults to `OR`. - in: query - name: has_reference_operator + default: + - single + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + type: array + - in: query + name: search + required: false schema: type: string - - description: The page of objects to return. + - description: The page number to return in: query name: page + required: false schema: + minimum: 0 type: integer - - description: The number of objects to return per page. + - description: The number of exception list items to return per page in: query name: per_page + required: false schema: + minimum: 0 type: integer - - description: >- - An Elasticsearch `simple_query_string` query that filters the - objects in the response. - in: query - name: search - schema: - type: string - - description: >- - The fields to perform the `simple_query_string` parsed query - against. - in: query - name: search_fields - schema: - oneOf: - - type: string - - type: array - - description: > - Sorts the response. Includes "root" and "type" fields. "root" fields - exist for all saved objects, such as "updated_at". "type" fields are - specific to an object type, such as fields returned in the - attributes key of the response. When a single type is defined in the - type parameter, the "root" and "type" fields are allowed, and - validity checks are made in that order. When multiple types are - defined in the type parameter, only "root" fields are allowed. + - description: Determines which field is used to sort the results in: query name: sort_field + required: false schema: - type: string - - description: The saved object types to include. + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` in: query - name: type - required: true + name: sort_order + required: false schema: - oneOf: - - type: string - - type: array + enum: + - desc + - asc + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. + properties: + data: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItem + type: array + page: + minimum: 1 + type: integer + per_page: + minimum: 1 + type: integer + pit: + type: string + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request - summary: Search for saved objects - tags: - - saved objects - /api/saved_objects/_import: - post: - description: > - Create sets of Kibana saved objects from a file created by the export - API. - - Saved objects can be imported only into the same version, a newer minor - on the same major, or the next major. Exported saved objects are not - backwards compatible and cannot be imported into an older version of - Kibana. - - - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: importSavedObjectsDefault + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get exception list items + tags: + - Security Exceptions API + /api/exception_lists/summary: + get: + description: Get a summary of the specified exception list. + operationId: ReadExceptionListSummary parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Creates copies of saved objects, regenerates each object ID, and - resets the origin. When used, potential conflict errors are avoided. - NOTE: This option cannot be used with the `overwrite` and - `compatibilityMode` options. + - description: Exception list's identifier generated upon creation in: query - name: createNewCopies + name: id required: false schema: - type: boolean - - description: > - Overwrites saved objects when they already exist. When used, - potential conflict errors are automatically resolved by overwriting - the destination object. NOTE: This option cannot be used with the - `createNewCopies` option. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + - description: Exception list's human readable identifier in: query - name: overwrite + name: list_id required: false schema: - type: boolean - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. Use this option only if you encounter issues with imported - saved objects. NOTE: This option cannot be used with the - `createNewCopies` option. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + - in: query + name: namespace_type + required: false + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionNamespaceType + default: single + - description: Search filter clause in: query - name: compatibilityMode + name: filter required: false schema: - type: boolean - requestBody: - content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - importObjectsRequest: - $ref: '#/components/examples/Saved_objects_import_objects_request' - schema: - type: object - properties: - file: - description: > - A file exported using the export API. NOTE: The - `savedObjects.maxImportExportSize` configuration setting - limits the number of saved objects which may be included in - this file. Similarly, the - `savedObjects.maxImportPayloadBytes` setting limits the - overall size of the file that can be imported. - required: true + type: string responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - importObjectsResponse: - $ref: '#/components/examples/Saved_objects_import_objects_response' schema: type: object properties: - errors: - description: > - Indicates the import was unsuccessful and specifies the - objects that failed to import. - - - NOTE: One object may result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and conflict error. - items: - type: object - type: array - success: - description: > - Indicates when the import was successfully completed. When - set to false, some objects may not have been created. For - additional information, refer to the `errors` and - `successResults` properties. - type: boolean - successCount: - description: Indicates the number of successfully imported records. + linux: + minimum: 0 type: integer - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are created only when all resolvable errors - are addressed, including conflicts and missing references. - If objects are created as new copies, each entry in the - `successResults` array includes a `destinationId` - attribute. - items: - type: object - type: array - description: Indicates a successful call. + macos: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + windows: + minimum: 0 + type: integer + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Import saved objects + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Get an exception list summary tags: - - saved objects - x-codeSamples: - - label: Import with createNewCopies - lang: cURL - source: | - curl \ - -X POST api/saved_objects/_import?createNewCopies=true - -H "kbn-xsrf: true" - --form file=@file.ndjson - /api/saved_objects/_resolve_import_errors: + - Security Exceptions API + /api/exceptions/shared: post: description: > - To resolve errors from the Import objects API, you can: - - - * Retry certain saved objects - - * Overwrite specific saved objects - - * Change references to different saved objects + An exception list groups exception items and can be associated with + detection rules. A shared exception list can apply to multiple detection + rules. + > info - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - operationId: resolveImportErrors - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - description: > - Applies various adjustments to the saved objects that are being - imported to maintain compatibility between different Kibana - versions. When enabled during the initial import, also enable when - resolving import errors. This option cannot be used with the - `createNewCopies` option. - in: query - name: compatibilityMode - required: false - schema: - type: boolean - - description: > - Creates copies of the saved objects, regenerates each object ID, and - resets the origin. When enabled during the initial import, also - enable when resolving import errors. - in: query - name: createNewCopies - required: false - schema: - type: boolean + > All exception items added to the same list are evaluated using `OR` + logic. That is, if any of the items in a list evaluate to `true`, the + exception prevents the rule from generating an alert. Likewise, `OR` + logic is used for evaluating exceptions when more than one exception + list is assigned to a rule. To use the `AND` operator, you can define + multiple clauses (`entries`) in a single exception item. + operationId: CreateSharedExceptionList requestBody: content: - multipart/form-data; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsRequest: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_request + application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - file: - description: The same file given to the import API. - format: binary - type: string - retries: - description: >- - The retry operations, which can specify how to resolve - different types of errors. - items: - type: object - properties: - destinationId: - description: >- - Specifies the destination ID that the imported object - should have, if different from the current ID. - type: string - id: - description: The saved object ID. - type: string - ignoreMissingReferences: - description: >- - When set to `true`, ignores missing reference errors. - When set to `false`, does nothing. - type: boolean - overwrite: - description: >- - When set to `true`, the source object overwrites the - conflicting destination object. When set to `false`, - does nothing. - type: boolean - replaceReferences: - description: >- - A list of `type`, `from`, and `to` used to change the - object references. - items: - type: object - properties: - from: - type: string - to: - type: string - type: - type: string - type: array - type: - description: The saved object type. - type: string - required: - - type - - id - type: array + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + name: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListName required: - - retries + - name + - description required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: - examples: - resolveImportErrorsResponse: - $ref: >- - #/components/examples/Saved_objects_resolve_missing_reference_response schema: - type: object - properties: - errors: - description: > - Specifies the objects that failed to resolve. - - - NOTE: One object can result in multiple errors, which - requires separate steps to resolve. For instance, a - `missing_references` error and a `conflict` error. - items: - type: object - type: array - success: - description: > - Indicates a successful import. When set to `false`, some - objects may not have been created. For additional - information, refer to the `errors` and `successResults` - properties. - type: boolean - successCount: - description: | - Indicates the number of successfully resolved records. - type: number - successResults: - description: > - Indicates the objects that are successfully imported, with - any metadata if applicable. - - - NOTE: Objects are only created when all resolvable errors - are addressed, including conflict and missing references. - items: - type: object - type: array - description: Indicates a successful call. + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionList' + description: Successful response '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve import errors - tags: - - saved objects - /api/saved_objects/{type}: - post: - deprecated: true - description: Create a Kibana saved object with a randomly generated identifier. - operationId: createSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: If true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_references' - required: - - attributes - required: true - responses: - '200': + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + - $ref: >- + #/components/schemas/Security_Exceptions_API_SiemErrorResponse + description: Invalid input data response + '401': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a successful call. + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Exceptions_API_PlatformErrorResponse + description: Not enough privileges response '409': content: application/json; Elastic-Api-Version=2023-10-31: schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Exception list already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Exceptions_API_SiemErrorResponse' + description: Internal server error response + summary: Create a shared exception list tags: - - saved objects - /api/saved_objects/{type}/{id}: + - Security Exceptions API + /api/fleet/agent_download_sources: get: - deprecated: true - description: Retrieve a single Kibana saved object by identifier. - operationId: getSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + operationId: get-download-sources responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. + properties: + items: + items: + $ref: '#/components/schemas/Fleet_download_sources' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Get a saved object + $ref: '#/components/responses/Fleet_error' + summary: List agent binary download sources tags: - - saved objects + - Elastic Agent binary download sources post: - deprecated: true - description: >- - Create a Kibana saved object and specify its identifier instead of using - a randomly generated ID. - operationId: createSavedObjectId - parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - - description: If true, overwrites the document with the same identifier. - in: query - name: overwrite - schema: - type: boolean + operationId: post-download-sources requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object properties: - attributes: - $ref: '#/components/schemas/Saved_objects_attributes' - initialNamespaces: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' - references: - $ref: '#/components/schemas/Saved_objects_initial_namespaces' + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string required: - - attributes - required: true + - name + - host + - is_default responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Create a saved object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent binary download source tags: - - saved objects - put: - deprecated: true - description: Update the attributes for Kibana saved objects. - operationId: updateSavedObject + - Elastic Agent binary download sources + /api/fleet/agent_download_sources/{sourceId}: + delete: + operationId: delete-download-source parameters: - - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - required: true + - $ref: '#/components/parameters/Fleet_kbn_xsrf' responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates the object was not found. - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - type: object - description: Indicates a conflict error. - summary: Update a saved object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent binary download source by ID tags: - - saved objects - /api/saved_objects/resolve/{type}/{id}: + - Elastic Agent binary download sources get: - deprecated: true - description: > - Retrieve a single Kibana saved object by identifier using any legacy URL - alias if it exists. Under certain circumstances, when Kibana is - upgraded, saved object migrations may necessitate regenerating some - object IDs to enable new features. When an object's ID is regenerated, a - legacy URL alias is created for that object, preserving its old ID. In - such a scenario, that object can be retrieved using either its new ID or - its old ID. - operationId: resolveSavedObject - parameters: - - $ref: '#/components/parameters/Saved_objects_saved_object_id' - - $ref: '#/components/parameters/Saved_objects_saved_object_type' + operationId: get-one-download-source responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: type: object - description: Indicates a successful call. + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/Saved_objects_400_response' - description: Bad request. - summary: Resolve a saved object - tags: - - saved objects - /api/security/role: - get: - operationId: '%2Fapi%2Fsecurity%2Frole#0' - parameters: [] - responses: {} - summary: Get all roles + $ref: '#/components/responses/Fleet_error' + summary: Get agent binary download source by ID tags: - - roles - /api/security/role/{name}: - delete: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1' + - Elastic Agent binary download sources + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + put: + operationId: update-download-source parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - minLength: 1 - type: string - responses: {} - summary: Delete a role + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + type: string + is_default: + type: boolean + name: + type: string + required: + - name + - is_default + - host + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_download_sources' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent binary download source by ID tags: - - roles + - Elastic Agent binary download sources + /api/fleet/agent_policies: get: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0' + description: '' + operationId: agent-policy-list parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + - description: >- + When set to true, retrieve the related package policies for each + agent policy. + in: query + name: full schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: name - required: true + type: boolean + - description: >- + When set to true, do not count how many agents are in the agent + policy, this can improve performance if you are searching over a + large number of agent policies. The "agents" property will always be + 0 if set to true. + in: query + name: noAgentCount schema: - minLength: 1 - type: string - responses: {} - summary: Get a role + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent policies tags: - - roles - put: - operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' + - Elastic Agent policies + post: + operationId: create-agent-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: name - required: true - schema: - maxLength: 1024 - minLength: 1 - type: string - - in: query - name: createOnly - required: false - schema: - default: false - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_create_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent policy + tags: + - Elastic Agent policies + /api/fleet/agent_policies/_bulk_get: + post: + operationId: bulk-get-agent-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - description: - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - clusters: - items: - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - type: string - type: array - kibana: + full: + description: get full policies with package policies populated + type: boolean + ids: + description: list of agent policy ids items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - type: string - type: array - - items: - type: string - type: array - feature: - additionalProperties: - items: - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - type: string - type: array - default: - - '*' - required: - - base + type: string type: array - metadata: - additionalProperties: {} - type: object + ignoreMissing: + type: boolean required: - - elasticsearch - responses: {} - summary: Create or update a role + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_agent_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get agent policies tags: - - roles - /api/security/roles: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}: + get: + description: Get one agent policy + operationId: agent-policy-info + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' + put: + operationId: update-agent-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_policy_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent policy by ID + tags: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/copy: + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - $ref: '#/components/parameters/Fleet_format' post: - operationId: '%2Fapi%2Fsecurity%2Froles#0' + operationId: agent-policy-copy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - roles: - additionalProperties: - additionalProperties: false - type: object - properties: - description: - maxLength: 2048 - type: string - elasticsearch: - additionalProperties: false - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - names - - privileges - type: array - remote_cluster: - items: - additionalProperties: false - type: object - properties: - clusters: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - required: - - privileges - - clusters - type: array - remote_indices: - items: - additionalProperties: false - type: object - properties: - allow_restricted_indices: - type: boolean - clusters: - items: - type: string - minItems: 1 - type: array - field_security: - additionalProperties: - items: - type: string - type: array - type: object - names: - items: - type: string - minItems: 1 - type: array - privileges: - items: - type: string - minItems: 1 - type: array - query: - type: string - required: - - clusters - - names - - privileges - type: array - run_as: - items: - type: string - type: array - kibana: - items: - additionalProperties: false - type: object - properties: - base: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - items: - type: string - type: array - - items: - type: string - type: array - feature: - additionalProperties: - items: - type: string - type: array - type: object - spaces: - anyOf: - - items: - enum: - - '*' - type: string - maxItems: 1 - minItems: 1 - type: array - - items: - type: string - type: array - default: - - '*' - required: - - base - type: array - metadata: - additionalProperties: {} - type: object - required: - - elasticsearch - type: object + description: + type: string + name: + type: string required: - - roles - responses: {} - summary: Create or update roles + - name + description: '' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Copy agent policy by ID tags: - - roles - /api/spaces/_copy_saved_objects: + - Elastic Agent policies + /api/fleet/agent_policies/{agentPolicyId}/download: + get: + operationId: agent-policy-download + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Download agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/{agentPolicyId}/full: + get: + operationId: agent-policy-full + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + oneOf: + - type: string + - $ref: '#/components/schemas/Fleet_agent_policy_full' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full agent policy by ID + tags: + - Elastic Agent policies + parameters: + - in: path + name: agentPolicyId + required: true + schema: + type: string + - in: query + name: download + required: false + schema: + type: string + - in: query + name: standalone + required: false + schema: + type: string + - in: query + name: kubernetes + required: false + schema: + type: string + /api/fleet/agent_policies/delete: + parameters: [] post: - description: Copy saved objects to spaces - operationId: '%2Fapi%2Fspaces%2F_copy_saved_objects#0' + operationId: delete-agent-policy parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - compatibilityMode: - default: false - type: boolean - createNewCopies: - default: true - type: boolean - includeReferences: - default: false - type: boolean - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - overwrite: - default: false + agentPolicyId: + type: string + force: + description: >- + bypass validation checks that can prevent agent policy + deletion type: boolean - spaces: - items: - type: string - type: array required: - - spaces - - objects - responses: {} - summary: '' - tags: [] - /api/spaces/_disable_legacy_url_aliases: - post: - description: Disable legacy URL aliases - operationId: '%2Fapi%2Fspaces%2F_disable_legacy_url_aliases#0' + - agentPolicyId + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + success: + type: boolean + required: + - id + - success + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent policy by ID + tags: + - Elastic Agent policies + /api/fleet/agent_status: + get: + operationId: get-agent-status parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: policyId + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + - deprecated: true + in: query + name: kuery + required: false schema: - example: 'true' type: string - requestBody: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - additionalProperties: false - type: object - properties: - aliases: + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + active: + type: integer + all: + type: integer + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + deprecated: true + type: integer + unenrolled: + type: integer + updating: + type: integer + required: + - active + - all + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary + tags: + - Elastic Agent status + /api/fleet/agent_status/data: + get: + operationId: get-agent-data + parameters: + - in: query + name: agentsIds + required: true + schema: + items: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: items: - additionalProperties: false - type: object - properties: - sourceId: - type: string - targetSpace: - type: string - targetType: - type: string - required: - - targetSpace - - targetType - - sourceId - type: array - required: - - aliases - responses: {} - summary: '' - tags: [] - /api/spaces/_get_shareable_references: - post: - description: Get shareable references - operationId: '%2Fapi%2Fspaces%2F_get_shareable_references#0' + items: + additionalProperties: + type: object + properties: + data: + type: boolean + type: object + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get incoming agent data + tags: + - Elastic Agent status + /api/fleet/agent-status: + get: + deprecated: true + operationId: get-agent-status-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version + - in: query + name: policyId + required: false schema: - default: '2023-10-31' - enum: - - '2023-10-31' type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: integer + events: + type: integer + inactive: + type: integer + offline: + type: integer + online: + type: integer + other: + type: integer + total: + type: integer + updating: + type: integer + required: + - error + - events + - inactive + - offline + - online + - other + - total + - updating + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent status summary + tags: + - Elastic Agent status + /api/fleet/agents: + get: + operationId: get-agents + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_show_inactive' + - $ref: '#/components/parameters/Fleet_show_upgradeable' + - $ref: '#/components/parameters/Fleet_sort_field' + - $ref: '#/components/parameters/Fleet_sort_order' + - $ref: '#/components/parameters/Fleet_with_metrics' + - in: query + name: getStatusSummary + required: false schema: - example: 'true' - type: string + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agents_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents + tags: + - Elastic Agents + post: + operationId: get-agents-by-actions + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - objects: + actionIds: items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id + type: string type: array required: - - objects - responses: {} - summary: '' - tags: [] - /api/spaces/_resolve_copy_saved_objects_errors: - post: - description: Resolve conflicts copying saved objects - operationId: '%2Fapi%2Fspaces%2F_resolve_copy_saved_objects_errors#0' + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_agent_get_by_actions' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agents by action ids + tags: + - Elastic Agents + /api/fleet/agents/{agentId}: + delete: + operationId: delete-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete agent by ID + tags: + - Elastic Agents + get: + operationId: get-agent + parameters: + - $ref: '#/components/parameters/Fleet_with_metrics' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent by ID + tags: + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + put: + operationId: update-agent + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - compatibilityMode: - default: false - type: boolean - createNewCopies: - default: true - type: boolean - includeReferences: - default: false - type: boolean - objects: + tags: items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id + type: string type: array - retries: - additionalProperties: - items: - additionalProperties: false - type: object - properties: - createNewCopy: - type: boolean - destinationId: - type: string - id: - type: string - ignoreMissingReferences: - type: boolean - overwrite: - default: false - type: boolean - type: - type: string - required: - - type - - id - type: array + user_provided_metadata: type: object - required: - - retries - - objects - responses: {} - summary: '' - tags: [] - /api/spaces/_update_objects_spaces: + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update agent by ID + tags: + - Elastic Agents + /api/fleet/agents/{agentId}/actions: + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: Update saved objects in spaces - operationId: '%2Fapi%2Fspaces%2F_update_objects_spaces#0' + operationId: new-agent-action parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - objects: - items: - additionalProperties: false - type: object - properties: - id: - type: string - type: - type: string - required: - - type - - id - type: array - spacesToAdd: - items: - type: string - type: array - spacesToRemove: - items: + action: + $ref: '#/components/schemas/Fleet_agent_action' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + items: + type: number + type: array + headers: type: string - type: array - required: - - objects - - spacesToAdd - - spacesToRemove - responses: {} - summary: '' - tags: [] - /api/spaces/space: - get: - description: Get all spaces - operationId: '%2Fapi%2Fspaces%2Fspace#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: query - name: purpose - required: false - schema: - enum: - - any - - copySavedObjectsIntoSpace - - shareSavedObjectsIntoSpace - type: string - - in: query - name: include_authorized_purposes - required: true - schema: - anyOf: - - items: {} - type: array - - type: boolean - - type: number - - type: object - - type: string - nullable: true - oneOf: - - enum: - - false - type: boolean - x-oas-optional: true - - type: boolean - x-oas-optional: true - responses: {} - summary: '' + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create agent action tags: - - spaces + - Elastic Agent actions + /api/fleet/agents/{agentId}/reassign: + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: Create a space - operationId: '%2Fapi%2Fspaces%2Fspace#1' + operationId: reassign-agent parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _reserved: - type: boolean - color: - type: string - description: - type: string - disabledFeatures: - default: [] - items: - type: string - type: array - id: - type: string - imageUrl: - type: string - initials: - maxLength: 2 - type: string - name: - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic + policy_id: type: string required: - - id - - name - responses: {} - summary: '' - tags: - - spaces - /api/spaces/space/{id}: - delete: - description: Delete a space - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: id - required: true - schema: - type: string - responses: {} - summary: '' - tags: - - spaces - get: - description: Get a space - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - in: path - name: id - required: true - schema: - type: string - responses: {} - summary: '' + - policy_id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent tags: - - spaces + - Elastic Agents put: - description: Update a space - operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + deprecated: true + operationId: reassign-agent-deprecated parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: A required header to protect against CSRF attacks - in: header - name: kbn-xsrf - required: true - schema: - example: 'true' - type: string - - in: path - name: id - required: true - schema: - type: string + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - additionalProperties: false type: object properties: - _reserved: - type: boolean - color: - type: string - description: - type: string - disabledFeatures: - default: [] - items: - type: string - type: array - id: - type: string - imageUrl: - type: string - initials: - maxLength: 2 - type: string - name: - minLength: 1 - type: string - solution: - enum: - - security - - oblt - - es - - classic + policy_id: type: string required: - - id - - name - responses: {} - summary: '' - tags: - - spaces - /api/status: - get: - operationId: '%2Fapi%2Fstatus#0' - parameters: - - description: The version of the API to use - in: header - name: elastic-api-version - schema: - default: '2023-10-31' - enum: - - '2023-10-31' - type: string - - description: Set to "true" to get the response in v7 format. - in: query - name: v7format - required: false - schema: - type: boolean - - description: Set to "true" to get the response in v8 format. - in: query - name: v8format - required: false - schema: - type: boolean + - policy_id + required: true responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: Overall status is OK and Kibana should be functioning normally. - '503': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - anyOf: - - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' - - $ref: >- - #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse - description: >- - Kibana's operational status. A minimal response is sent for - unauthorized users. - description: >- - Kibana or some of it's essential services are unavailable. Kibana - may be degraded or unavailable. - summary: Get Kibana's current status + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Reassign agent tags: - - system - /s/{spaceId}/api/observability/slos: - get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: findSlosOp + - Elastic Agents + /api/fleet/agents/{agentId}/request_diagnostics: + parameters: + - in: path + name: agentId + required: true + schema: + type: string + post: + operationId: request-diagnostics-agent parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - description: A valid kql query to filter the SLO with - example: 'slo.name:latency* and slo.tags : "prod"' - in: query - name: kqlQuery - schema: - type: string - - description: The page to use for pagination, must be greater or equal than 1 - example: 1 - in: query - name: page - schema: - default: 1 - type: integer - - description: Number of SLOs returned by page - example: 25 - in: query - name: perPage - schema: - default: 25 - maximum: 5000 - type: integer - - description: Sort by field - example: status - in: query - name: sortBy - schema: - default: status - enum: - - sli_value - - status - - error_budget_consumed - - error_budget_remaining - type: string - - description: Sort order - example: asc - in: query - name: sortDirection - schema: - default: asc - enum: - - asc - - desc - type: string - - description: >- - Hide stale SLOs from the list as defined by stale SLO threshold in - SLO settings - in: query - name: hideStale - schema: - type: boolean + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_find_slo_response' - description: Successful request + type: object + properties: + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get a paginated list of SLOs + $ref: '#/components/responses/Fleet_error' + summary: Request agent diagnostics tags: - - slo + - Elastic Agents + /api/fleet/agents/{agentId}/unenroll: + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: > - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: createSloOp + operationId: unenroll-agent parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_request' - required: true + type: object + properties: + force: + type: boolean + revoke: + type: boolean responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_create_slo_response' - description: Successful request + type: object + description: OK '400': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '409': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_409_response' - description: Conflict - The SLO id already exists - summary: Create an SLO + type: object + properties: + error: + type: string + message: + type: string + statusCode: + enum: + - 400 + type: number + description: BAD REQUEST + summary: Unenroll agent tags: - - slo - /s/{spaceId}/api/observability/slos/_delete_instances: + - Elastic Agents + /api/fleet/agents/{agentId}/upgrade: + parameters: + - in: path + name: agentId + required: true + schema: + type: string post: - description: > - The deletion occurs for the specified list of `sloId` and `instanceId`. - You must have `all` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloInstancesOp + operationId: upgrade-agent parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + $ref: '#/components/schemas/Fleet_upgrade_agent' required: true responses: - '204': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - summary: Batch delete rollup and summary data + $ref: '#/components/schemas/Fleet_upgrade_agent' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade agent tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}: - delete: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: deleteSloOp - parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - Elastic Agents + /api/fleet/agents/{agentId}/uploads: + get: + operationId: list-agent-uploads responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Delete an SLO + type: object + properties: + body: + type: object + properties: + item: + items: + $ref: '#/components/schemas/Fleet_agent_diagnostics' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent uploads tags: - - slo + - Elastic Agents + parameters: + - in: path + name: agentId + required: true + schema: + type: string + /api/fleet/agents/action_status: get: - description: > - You must have the `read` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: getSloOp + operationId: agents-action-status parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' - - description: the specific instanceId used by the summary calculation - example: host-abcde - in: query - name: instanceId + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - in: query + name: errorSize schema: - type: string + default: 5 + type: integer responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_with_summary_response' - description: Successful request + type: object + properties: + items: + items: + type: object + properties: + actionId: + type: string + cancellationTime: + type: string + completionTime: + type: string + creationTime: + description: creation time of action + type: string + expiration: + type: string + latestErrors: + description: >- + latest errors that happened when the agents executed + the action + items: + type: object + properties: + agentId: + type: string + error: + type: string + timestamp: + type: string + type: array + nbAgentsAck: + description: number of agents that acknowledged the action + type: number + nbAgentsActionCreated: + description: number of agents included in action from kibana + type: number + nbAgentsActioned: + description: number of agents actioned + type: number + nbAgentsFailed: + description: number of agents that failed to execute the action + type: number + newPolicyId: + description: new policy id (POLICY_REASSIGN action) + type: string + policyId: + description: policy id (POLICY_CHANGE action) + type: string + revision: + description: new policy revision (POLICY_CHANGE action) + type: string + startTime: + description: start time of action (scheduled actions) + type: string + status: + enum: + - COMPLETE + - EXPIRED + - CANCELLED + - FAILED + - IN_PROGRESS + - ROLLOUT_PASSED + type: string + type: + enum: + - POLICY_REASSIGN + - UPGRADE + - UNENROLL + - FORCE_UNENROLL + - UPDATE_TAGS + - CANCEL + - REQUEST_DIAGNOSTICS + - SETTINGS + - POLICY_CHANGE + - INPUT_ACTION + type: string + version: + description: agent version number (UPGRADE action) + type: string + required: + - actionId + - complete + - nbAgentsActioned + - nbAgentsActionCreated + - nbAgentsAck + - nbAgentsFailed + - status + - creationTime + - type + type: array + required: + - items + description: OK '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent action status + tags: + - Elastic Agent actions + /api/fleet/agents/actions/{actionId}/cancel: + parameters: + - in: path + name: actionId + required: true + schema: + type: string + post: + operationId: agent-action-cancel + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Get an SLO + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_agent_action' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Cancel agent action tags: - - slo - put: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: updateSloOp + - Elastic Agent actions + /api/fleet/agents/bulk_reassign: + post: + operationId: bulk-reassign-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' requestBody: content: application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + policy_id: policy_id schema: - $ref: '#/components/schemas/SLOs_update_slo_request' - required: true + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + policy_id: + description: new agent policy id + type: string + required: + - policy_id + - agents responses: '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + type: object + properties: + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Update an SLO + $ref: '#/components/responses/Fleet_error' + summary: Bulk reassign agents tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/_reset: + - Elastic Agents + /api/fleet/agents/bulk_request_diagnostics: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: resetSloOp + operationId: bulk-request-diagnostics parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: 'fleet-agents.policy_id : ("policy1" or "policy2")' + schema: + type: object + properties: + additional_metrics: + items: + oneOf: + - enum: + - CPU + type: string + type: array + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + required: + - agents responses: - '204': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_slo_definition_response' - description: Successful request + type: object + properties: + actionId: + type: string + description: OK '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Reset an SLO + $ref: '#/components/responses/Fleet_error' + summary: Bulk request diagnostics from agents tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/disable: + - Elastic Agents + /api/fleet/agents/bulk_unenroll: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: disableSloOp + operationId: bulk-unenroll-agents parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + force: false + revoke: true + schema: + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Unenrolls hosted agents too + type: boolean + includeInactive: + description: >- + When passing agents by KQL query, unenrolls inactive agents + too + type: boolean + revoke: + description: Revokes API keys of agents + type: boolean + required: + - agents responses: '200': - description: Successful request - '400': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Disable an SLO + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk unenroll agents tags: - - slo - /s/{spaceId}/api/observability/slos/{sloId}/enable: + - Elastic Agents + /api/fleet/agents/bulk_update_agent_tags: post: - description: > - You must have the `write` privileges for the **SLOs** feature in the - **Observability** section of the Kibana feature privileges. - operationId: enableSloOp + operationId: bulk-update-agent-tags parameters: - - $ref: '#/components/parameters/SLOs_kbn_xsrf' - - $ref: '#/components/parameters/SLOs_space_id' - - $ref: '#/components/parameters/SLOs_slo_id' + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + tagsToAdd: + - newTag + tagsToRemove: + - existingTag + schema: + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + batchSize: + type: number + tagsToAdd: + items: + type: string + type: array + tagsToRemove: + items: + type: string + type: array + required: + - agents responses: - '204': - description: Successful request - '400': + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_400_response' - description: Bad request - '401': + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk update agent tags + tags: + - Elastic Agents + /api/fleet/agents/bulk_upgrade: + post: + operationId: bulk-upgrade-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + example: + agents: + - agent1 + - agent2 + rollout_duration_seconds: 3600 + source_uri: https://artifacts.elastic.co/downloads/beats/elastic-agent + start_time: '2022-08-03T14:00:00.000Z' + version: 8.4.0 + schema: + $ref: '#/components/schemas/Fleet_bulk_upgrade_agents' + required: true + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_401_response' - description: Unauthorized response - '403': + type: object + properties: + actionId: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk upgrade agents + tags: + - Elastic Agents + /api/fleet/agents/files/{fileId}: + delete: + operationId: delete-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_403_response' - description: Unauthorized response - '404': + type: object + properties: + body: + type: object + properties: + deleted: + type: boolean + id: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete file uploaded by agent + tags: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + /api/fleet/agents/files/{fileId}/{fileName}: + get: + operationId: get-agent-upload-file + responses: + '200': content: application/json; Elastic-Api-Version=2023-10-31: schema: - $ref: '#/components/schemas/SLOs_404_response' - description: Not found response - summary: Enable an SLO + type: object + properties: + body: + type: object + properties: + items: + type: object + properties: + body: {} + headers: {} + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get file uploaded by agent tags: - - slo -components: - examples: - Alerting_get_health_response: - summary: Retrieve information about the health of the alerting framework. - value: - alerting_framework_health: - decryption_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - execution_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - read_health: - status: ok - timestamp: '2023-01-13T01:28:00.280Z' - has_permanent_encryption_key: true - is_sufficiently_secure: true - Alerting_get_rule_types_response: - summary: Retrieve rule types associated with Kibana machine learning features - value: - - action_groups: - - id: anomaly_score_match - name: Anomaly score matched the condition - - id: recovered - name: Recovered - action_variables: - context: - - description: The bucket timestamp of the anomaly - name: timestamp - - description: The bucket time of the anomaly in ISO8601 format - name: timestampIso8601 - - description: List of job IDs that triggered the alert - name: jobIds - - description: Alert info message - name: message - - description: Indicate if top hits contain interim results - name: isInterim - - description: Anomaly score at the time of the notification action - name: score - - description: Top records - name: topRecords - - description: Top influencers - name: topInfluencers - - description: URL to open in the Anomaly Explorer - name: anomalyExplorerUrl - useWithTripleBracesInTemplates: true - params: [] - state: [] - alerts: - context: ml.anomaly-detection - mappings: - fieldMap: - kibana.alert.anomaly_score: - array: false - type: double - required: false - kibana.alert.anomaly_timestamp: - array: false - type: date - required: false - kibana.alert.is_interim: - array: false - type: boolean - required: false - kibana.alert.job_id: - array: false - type: keyword - required: true - kibana.alert.top_influencers: - array: true - dynamic: false - type: object - properties: - influencer_field_name: - type: keyword - influencer_field_value: - type: keyword - influencer_score: - type: double - initial_influencer_score: - type: double - is_interim: - type: boolean - job_id: - type: keyword - timestamp: - type: date - required: false - kibana.alert.top_records: - array: true - dynamic: false - type: object - properties: - actual: - type: double - by_field_name: - type: keyword - by_field_value: - type: keyword - detector_index: - type: integer - field_name: - type: keyword - function: - type: keyword - initial_record_score: - type: double - is_interim: - type: boolean - job_id: - type: keyword - over_field_name: - type: keyword - over_field_value: - type: keyword - partition_field_name: - type: keyword - partition_field_value: - type: keyword - record_score: - type: double - timestamp: - type: date - typical: - type: double - required: false - shouldWrite: true - authorized_consumers: - alerts: - all: true - read: true - apm: - all: true - read: true - discover: - all: true - read: true - infrastructure: - all: true - read: true - logs: - all: true - read: true - ml: - all: true - read: true - monitoring: - all: true - read: true - siem: - all: true - read: true - slo: - all: true - read: true - stackAlerts: - all: true - read: true - uptime: - all: true - read: true - category: management - default_action_group_id: anomaly_score_match - does_set_recovery_context: true - enabled_in_license: true - has_alerts_mappings: true - has_fields_for_a_a_d: false - id: xpack.ml.anomaly_detection_alert - is_exportable: true - minimum_license_required: platinum - name: Anomaly detection alert - producer: ml - recovery_action_group: - id: recovered - name: Recovered - rule_task_timeout: 5m - - action_groups: - - id: anomaly_detection_realtime_issue - name: Issue detected - - id: recovered - name: Recovered - action_variables: - context: - - description: Results of the rule execution - name: results - - description: Alert info message - name: message - params: [] - state: [] - authorized_consumers: - alerts: - all: true - read: true - apm: + - Elastic Agents + parameters: + - in: path + name: fileId + required: true + schema: + type: string + - in: path + name: fileName + required: true + schema: + type: string + /api/fleet/agents/setup: + get: + operationId: get-agents-setup-status + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_status_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get agent setup info + tags: + - Elastic Agents + post: + operationId: setup-agents + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + admin_password: + type: string + admin_username: + type: string + required: + - admin_username + - admin_password + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Initiate agent setup + tags: + - Elastic Agents + /api/fleet/agents/tags: + get: + operationId: get-agent-tags + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_agent_tags_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List agent tags + tags: + - Elastic Agents + /api/fleet/data_streams: + get: + operationId: data-streams-list + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data_streams: + items: + $ref: '#/components/schemas/Fleet_data_stream' + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List data streams + tags: + - Data streams + parameters: [] + /api/fleet/enrollment_api_keys: + get: + operationId: get-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + operationId: create-enrollment-api-keys + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + description: The name of the enrollment API key. Must be unique. + type: string + policy_id: + description: >- + The ID of the agent policy the Elastic Agent will be + enrolled in. + type: string + required: + - policy_id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + /api/fleet/enrollment_api_keys/{keyId}: + delete: + operationId: delete-enrollment-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Revoke enrollment API key by ID by marking it as inactive + tags: + - Fleet enrollment API keys + get: + operationId: get-enrollment-api-key + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/enrollment-api-keys: + get: + deprecated: true + operationId: get-enrollment-api-keys-deprecated + parameters: [] + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - page + - perPage + - total + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List enrollment API keys + tags: + - Fleet enrollment API keys + post: + deprecated: true + operationId: create-enrollment-api-keys-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - created + type: string + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create enrollment API key + tags: + - Fleet enrollment API keys + /api/fleet/enrollment-api-keys/{keyId}: + delete: + deprecated: true + operationId: delete-enrollment-api-key-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + action: + enum: + - deleted + type: string + required: + - action + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete enrollment API key by ID + tags: + - Fleet enrollment API keys + get: + deprecated: true + operationId: get-enrollment-api-key-deprecated + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_enrollment_api_key' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get enrollment API key by ID + tags: + - Fleet enrollment API keys + parameters: + - in: path + name: keyId + required: true + schema: + type: string + /api/fleet/epm/bulk_assets: + post: + operationId: bulk-get-assets + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + assetIds: + description: list of items necessary to fetch assets + items: + type: object + properties: + id: + type: string + type: + type: string + type: array + required: + - assetIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_bulk_assets_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get assets + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/categories: + get: + operationId: get-package-categories + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_categories_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package categories + tags: + - Elastic Package Manager (EPM) + parameters: + - description: >- + Whether to include prerelease packages in categories count (e.g. beta, + rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: include_policy_templates + schema: + default: false + type: boolean + /api/fleet/epm/packages: + get: + operationId: list-all-packages + parameters: + - description: >- + Whether to exclude the install status of each package. Enabling this + option will opt in to caching for the response via `cache-control` + headers. If you don't need up-to-date installation info for a + package, and are querying for a list of available packages, + providing this flag can improve performance substantially. + in: query + name: excludeInstallStatus + schema: + default: false + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + - deprecated: true + in: query + name: experimental + schema: + default: false + type: boolean + - in: query + name: category + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_get_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List packages + tags: + - Elastic Package Manager (EPM) + post: + description: '' + operationId: install-package-by-upload + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/gzip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + application/zip; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - upload + - registry + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '429': + $ref: '#/components/responses/Fleet_error' + summary: Install by package by direct upload + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/_bulk: + post: + operationId: bulk-install-packages + parameters: + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + description: force install to ignore package verification errors + type: boolean + packages: + description: list of packages to install + items: + oneOf: + - description: package name + type: string + - type: object + properties: + name: + description: package name + type: string + version: + description: package version + type: string + type: array + required: + - packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_bulk_install_packages_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk install packages + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgkey}: + delete: + deprecated: true + operationId: delete-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete ackage + tags: + - Elastic Package Manager (EPM) + get: + deprecated: true + operationId: get-package-deprecated + parameters: + - in: path + name: pkgkey + required: true + schema: + type: string + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + response: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + savedObject: + type: string + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + post: + deprecated: true + description: '' + operationId: install-package-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgkey + required: true + schema: + type: string + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}: + delete: + operationId: delete-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: delete package even if policies used by agents + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + deprecated: true + type: object + properties: + force: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package + tags: + - Elastic Package Manager (EPM) + get: + operationId: get-package + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + allOf: + - properties: + item: + $ref: '#/components/schemas/Fleet_package_info' + - properties: + keepPoliciesUpToDate: + type: boolean + latestVersion: + type: string + licensePath: + type: string + notice: + type: string + savedObject: + deprecated: true + type: object + status: + enum: + - installed + - installing + - install_failed + - not_installed + type: string + required: + - status + - savedObject + type: object + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + - description: >- + Return all fields from the package manifest, not just those supported + by the Elastic Package Registry + in: query + name: full + schema: + type: boolean + - description: >- + Whether to return prerelease versions of packages (e.g. beta, rc, + preview) + in: query + name: prerelease + schema: + default: false + type: boolean + post: + description: '' + operationId: install-package + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - description: avoid erroring out on unexpected mapping update errors + in: query + name: ignoreMappingUpdateErrors + schema: + default: false + type: boolean + - description: >- + Skip data stream rollover during index template mapping or settings + update + in: query + name: skipDataStreamRollover + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + ignore_constraints: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _meta: + type: object + properties: + install_source: + enum: + - registry + - upload + - bundled + type: string + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Install package + tags: + - Elastic Package Manager (EPM) + put: + description: '' + operationId: update-package + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + keepPoliciesUpToDate: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + id: + type: string + type: + oneOf: + - $ref: >- + #/components/schemas/Fleet_kibana_saved_object_type + - $ref: >- + #/components/schemas/Fleet_elasticsearch_asset_type + required: + - id + - type + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package settings + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}: + get: + operationId: packages-get-file + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package file + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - in: path + name: filePath + required: true + schema: + type: string + /api/fleet/epm/packages/{pkgName}/{pkgVersion}/transforms/authorize: + post: + description: '' + operationId: reauthorize-transforms + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: >- + Whether to include prerelease packages in categories count (e.g. + beta, rc, preview) + in: query + name: prerelease + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + transforms: + items: + type: object + properties: + transformId: + type: string + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + error: + type: string + success: + type: boolean + transformId: + type: string + required: + - transformId + - error + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Authorize transforms + tags: + - Elastic Package Manager (EPM) + /api/fleet/epm/packages/{pkgName}/stats: + get: + operationId: get-package-stats + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + response: + $ref: '#/components/schemas/Fleet_package_usage_stats' + required: + - response + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package stats + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + /api/fleet/epm/packages/limited: + get: + operationId: list-limited-packages + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: string + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get limited package list + tags: + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs: + get: + operationId: get-inputs-template + responses: + '200': + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get inputs template + tags: + - Elastic Package Manager (EPM) + parameters: + - in: path + name: pkgName + required: true + schema: + type: string + - in: path + name: pkgVersion + required: true + schema: + type: string + - description: Format of response - json or yaml + in: query + name: format + schema: + enum: + - json + - yaml + - yml + type: string + - description: Specify if version is prerelease + in: query + name: prerelease + schema: + type: boolean + - description: Ignore if the package is fails signature verification + in: query + name: ignoreUnverified + schema: + type: boolean + /api/fleet/epm/verification_key_id: + get: + operationId: packages-get-verification-key-id + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: object + properties: + id: + description: >- + the key ID of the GPG key used to verify package + signatures + nullable: true + type: string + headers: + type: object + statusCode: + type: number + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package signature verification key ID + tags: + - Elastic Package Manager (EPM) + parameters: [] + /api/fleet/fleet_server_hosts: + get: + operationId: get-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_fleet_server_host' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List Fleet Server hosts + tags: + - Fleet Server hosts + post: + operationId: post-fleet-server-hosts + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + type: string + required: + - name + - host_urls + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create Fleet Server host + tags: + - Fleet Server hosts + /api/fleet/fleet_server_hosts/{itemId}: + delete: + operationId: delete-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete Fleet Server host by ID + tags: + - Fleet Server hosts + get: + operationId: get-one-fleet-server-hosts + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get Fleet Server host by ID + tags: + - Fleet Server hosts + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-server-hosts + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host_urls: + items: + type: string + type: array + is_default: + type: boolean + is_internal: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this fleet server host. See + the proxies API for more information. + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_fleet_server_host' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update Fleet Server host by ID + tags: + - Fleet Server hosts + /api/fleet/health_check: + post: + operationId: fleet-server-health-check + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + type: string + required: + - id + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + host: + deprecated: true + type: string + id: + description: Fleet Server host id + type: string + status: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Fleet Server health check + tags: + - Fleet internals + /api/fleet/kubernetes: + get: + operationId: get-full-k8s-manifest + parameters: + - in: query + name: download + required: false + schema: + type: boolean + - in: query + name: fleetServer + required: false + schema: + type: string + - in: query + name: enrolToken + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get full K8s agent manifest + tags: + - Fleet Kubernetes + /api/fleet/logstash_api_keys: + post: + operationId: generate-logstash-api-key + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + api_key: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Generate Logstash API key + tags: + - Fleet outputs + /api/fleet/outputs: + get: + operationId: get-outputs + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_output_create_request' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List outputs + tags: + - Fleet outputs + post: + operationId: post-outputs + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_create_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create output + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}: + delete: + operationId: delete-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete output by ID + tags: + - Fleet outputs + get: + operationId: get-output + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_create_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get output by ID + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + put: + operationId: update-output + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_output_update_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_output_update_request' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update output by ID + tags: + - Fleet outputs + /api/fleet/outputs/{outputId}/health: + get: + operationId: get-output-health + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + description: long message if unhealthy + type: string + state: + description: state of output, HEALTHY or DEGRADED + type: string + timestamp: + description: timestamp of reported state + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get latest output health + tags: + - Fleet outputs + parameters: + - in: path + name: outputId + required: true + schema: + type: string + /api/fleet/package_policies: + get: + operationId: get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_page_size' + - $ref: '#/components/parameters/Fleet_page_index' + - $ref: '#/components/parameters/Fleet_kuery' + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List package policies + tags: + - Fleet package policies + parameters: [] + post: + operationId: create-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + description: >- + You should use inputs as an object and not use the deprecated inputs + array. + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Create package policy + tags: + - Fleet package policies + /api/fleet/package_policies/_bulk_get: + post: + operationId: bulk-get-package-policies + parameters: + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + description: list of package policy ids + items: + type: string + type: array + ignoreMissing: + type: boolean + required: + - ids + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + required: + - items + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Bulk get package policies + tags: + - Fleet package policies + /api/fleet/package_policies/{packagePolicyId}: + delete: + operationId: delete-package-policy + parameters: + - in: query + name: force + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy by ID + tags: + - Fleet package policies + get: + operationId: get-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_format' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get package policy by ID + tags: + - Fleet package policies + parameters: + - in: path + name: packagePolicyId + required: true + schema: + type: string + put: + operationId: update-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + - $ref: '#/components/parameters/Fleet_format' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_package_policy_request' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_package_policy' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update package policy by ID + tags: + - Fleet package policies + /api/fleet/package_policies/delete: + post: + operationId: post-delete-package-policy + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + force: + type: boolean + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete package policy + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade: + post: + operationId: upgrade-package-policy + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + id: + type: string + name: + type: string + success: + type: boolean + required: + - id + - success + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '409': + $ref: '#/components/responses/Fleet_error' + summary: Upgrade package policy to a newer package version + tags: + - Fleet package policies + /api/fleet/package_policies/upgrade/dryrun: + post: + operationId: upgrade-package-policy-dry-run + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + packagePolicyIds: + items: + type: string + type: array + packageVersion: + type: string + required: + - packagePolicyIds + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + properties: + agent_diff: + $ref: '#/components/schemas/Fleet_upgrade_agent_diff' + diff: + $ref: '#/components/schemas/Fleet_upgrade_diff' + hasErrors: + type: boolean + required: + - hasErrors + type: array + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Dry run package policy upgrade + tags: + - Fleet package policies + /api/fleet/proxies: + get: + operationId: get-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + $ref: '#/components/schemas/Fleet_proxies' + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List proxies + tags: + - Fleet proxies + post: + operationId: post-fleet-proxies + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create proxy + tags: + - Fleet proxies + /api/fleet/proxies/{itemId}: + delete: + operationId: delete-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + required: + - id + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Delete proxy by ID + tags: + - Fleet proxies + get: + operationId: get-one-fleet-proxies + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get proxy by ID + tags: + - Fleet proxies + parameters: + - in: path + name: itemId + required: true + schema: + type: string + put: + operationId: update-fleet-proxies + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_proxies' + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update proxy by ID + tags: + - Fleet proxies + /api/fleet/service_tokens: + post: + operationId: generate-service-token + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/service-tokens: + post: + deprecated: true + operationId: generate-service-token-deprecated + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + name: + type: string + value: + type: string + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Create service token + tags: + - Fleet service tokens + /api/fleet/settings: + get: + operationId: get-settings + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get settings + tags: + - Fleet internals + put: + operationId: update-settings + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + additional_yaml_config: + type: string + fleet_server_hosts: + description: Protocol and path must be the same for each URL + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_settings_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Update settings + tags: + - Fleet internals + /api/fleet/setup: + post: + operationId: setup + parameters: + - $ref: '#/components/parameters/Fleet_kbn_xsrf' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Fleet_fleet_setup_response' + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + description: Internal Server Error + summary: Initiate Fleet setup + tags: + - Fleet internals + /api/fleet/uninstall_tokens: + get: + operationId: get-uninstall-tokens + parameters: + - description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + minimum: 5 + type: integer + - $ref: '#/components/parameters/Fleet_page_index' + - description: Partial match filtering for policy IDs + in: query + name: policyId + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + items: + items: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + required: + - id + - policy_id + - created_at + type: array + page: + type: number + perPage: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: List metadata for latest uninstall tokens per agent policy + tags: + - Fleet uninstall tokens + /api/fleet/uninstall_tokens/{uninstallTokenId}: + get: + operationId: get-uninstall-token + parameters: + - in: path + name: uninstallTokenId + required: true + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + item: + type: object + properties: + created_at: + type: string + id: + type: string + policy_id: + type: string + token: + type: string + required: + - id + - token + - policy_id + - created_at + required: + - item + description: OK + '400': + $ref: '#/components/responses/Fleet_error' + summary: Get one decrypted uninstall token by its ID + tags: + - Fleet uninstall tokens + /api/lists: + delete: + description: | + Delete a list using the list ID. + > info + > When you delete a list, all of its list items are also deleted. + operationId: DeleteList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - in: query + name: deleteReferences + required: false + schema: + default: false + type: boolean + - in: query + name: ignoreReferences + required: false + schema: + default: false + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list + tags: + - Security Lists API + get: + description: Get the details of a list using the list ID. + operationId: ReadList + parameters: + - description: List's `id` value + in: query + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list details + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list using the list ID. + operationId: PatchList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list + tags: + - Security Lists API + post: + description: Create a new list. + operationId: CreateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + version: + default: 1 + minimum: 1 + type: integer + required: + - name + - description + - type + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list + tags: + - Security Lists API + put: + description: > + Update a list using the list ID. The original list is replaced, and all + unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateList + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + version: + minimum: 1 + type: integer + required: + - id + - name + - description + description: List's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list + tags: + - Security Lists API + /api/lists/_find: + get: + description: >- + Get a paginated subset of lists. By default, the first page is returned, + with 20 results per page. + operationId: FindLists + parameters: + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of lists to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: '#/components/schemas/Security_Lists_API_FindListsCursor' + data: + items: + $ref: '#/components/schemas/Security_Lists_API_List' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get lists + tags: + - Security Lists API + /api/lists/index: + delete: + description: Delete the `.lists` and `.items` data streams. + operationId: DeleteListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete list data streams + tags: + - Security Lists API + get: + description: Verify that `.lists` and `.items` data streams exist. + operationId: ReadListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + list_index: + type: boolean + list_item_index: + type: boolean + required: + - list_index + - list_item_index + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream(s) not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get status of list data streams + tags: + - Security Lists API + post: + description: Create `.lists` and `.items` data streams in the relevant space. + operationId: CreateListIndex + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + acknowledged: + type: boolean + required: + - acknowledged + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List data stream exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create list data streams + tags: + - Security Lists API + /api/lists/items: + delete: + description: Delete a list item using its `id`, or its `list_id` and `value` fields. + operationId: DeleteListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + default: 'false' + enum: + - 'true' + - 'false' + - wait_for + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Delete a list item + tags: + - Security Lists API + get: + description: Get the details of a list item. + operationId: ReadListItem + parameters: + - description: Required if `list_id` and `value` are not specified + in: query + name: id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: Required if `id` is not specified + in: query + name: value + required: false + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Lists_API_ListItem' + - items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get a list item + tags: + - Security Lists API + patch: + description: Update specific fields of an existing list item using the list item ID. + operationId: PatchListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Patch a list item + tags: + - Security Lists API + post: + description: > + Create a list item and associate it with the specified list. + + + All list items in the same list must be the same type. For example, each + list item in an `ip` list must define a specific IP address. + + > info + + > Before creating a list item, you must create a list. + operationId: CreateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + refresh: + description: >- + Determines when changes made by the request are made visible + to search + enum: + - 'true' + - 'false' + - wait_for + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - list_id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item already exists response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Create a list item + tags: + - Security Lists API + put: + description: > + Update a list item using the list item ID. The original list item is + replaced, and all unspecified fields are deleted. + + > info + + > You cannot modify the `id` value. + operationId: UpdateListItem + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + _version: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - value + description: List item's properties + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List item not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Update a list item + tags: + - Security Lists API + /api/lists/items/_export: + post: + description: Export list item values from the specified list. + operationId: ExportListItems + parameters: + - description: List's id to export + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: A `.txt` file containing list items from the specified list + format: binary + type: string + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List not found response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Export list items + tags: + - Security Lists API + /api/lists/items/_find: + get: + description: Get all list items in the specified list. + operationId: FindListItems + parameters: + - description: List's id + in: query + name: list_id + required: true + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: The page number to return + in: query + name: page + required: false + schema: + type: integer + - description: The number of list items to return per page + in: query + name: per_page + required: false + schema: + type: integer + - description: Determines which field is used to sort the results + in: query + name: sort_field + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + - description: Determines the sort order, which can be `desc` or `asc` + in: query + name: sort_order + required: false + schema: + enum: + - desc + - asc + type: string + - description: > + Returns the list that come after the last list returned in the + previous call + + (use the cursor value returned in the previous call). This parameter + uses + + the `tie_breaker_id` field to ensure all lists are sorted and + returned correctly. + in: query + name: cursor + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsCursor' + - description: > + Filters the returned results according to the value of the specified + field, + + using the : syntax. + in: query + name: filter + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_FindListItemsFilter' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cursor: + $ref: >- + #/components/schemas/Security_Lists_API_FindListItemsCursor + data: + items: + $ref: '#/components/schemas/Security_Lists_API_ListItem' + type: array + page: + minimum: 0 + type: integer + per_page: + minimum: 0 + type: integer + total: + minimum: 0 + type: integer + required: + - data + - page + - per_page + - total + - cursor + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list items + tags: + - Security Lists API + /api/lists/items/_import: + post: + description: > + Import list items from a TXT or CSV file. The maximum file size is 9 + million bytes. + + + You can import items to a new or existing list. + operationId: ImportListItems + parameters: + - description: | + List's id. + + Required when importing to an existing list. + in: query + name: list_id + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListId' + - description: > + Type of the importing list. + + + Required when importing a new list that is `list_id` is not + specified. + in: query + name: type + required: false + schema: + $ref: '#/components/schemas/Security_Lists_API_ListType' + - in: query + name: serializer + required: false + schema: + type: string + - in: query + name: deserializer + required: false + schema: + type: string + - description: >- + Determines when changes made by the request are made visible to + search + in: query + name: refresh + required: false + schema: + enum: + - 'true' + - 'false' + - wait_for + type: string + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: + description: >- + A `.txt` or `.csv` file containing newline separated list + items + format: binary + type: string + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_List' + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: List with specified list_id does not exist response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Import list items + tags: + - Security Lists API + /api/lists/privileges: + get: + operationId: ReadListPrivileges + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + is_authenticated: + type: boolean + listItems: + $ref: '#/components/schemas/Security_Lists_API_ListItemPrivileges' + lists: + $ref: '#/components/schemas/Security_Lists_API_ListPrivileges' + required: + - lists + - listItems + - is_authenticated + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: >- + #/components/schemas/Security_Lists_API_PlatformErrorResponse + - $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Invalid input data response + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Unsuccessful authentication response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_PlatformErrorResponse' + description: Not enough privileges response + '500': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Lists_API_SiemErrorResponse' + description: Internal server error response + summary: Get list privileges + tags: + - Security Lists API + /api/ml/saved_objects/sync: + get: + description: > + Synchronizes Kibana saved objects for machine learning jobs and trained + models in the default space. You must have `all` privileges for the + **Machine Learning** feature in the **Analytics** section of the Kibana + feature privileges. This API runs automatically when you start Kibana + and periodically thereafter. + operationId: mlSync + parameters: + - $ref: '#/components/parameters/Machine_learning_APIs_simulateParam' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + syncExample: + $ref: '#/components/examples/Machine_learning_APIs_mlSyncExample' + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync200Response' + description: Indicates a successful call + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Machine_learning_APIs_mlSync4xxResponse' + description: Authorization information is missing or invalid. + summary: Sync saved objects in the default space + tags: + - ml + /api/note: + delete: + description: Delete a note from a Timeline using the note ID. + operationId: DeleteNote + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - nullable: true + type: object + properties: + noteId: + type: string + required: + - noteId + - nullable: true + type: object + properties: + noteIds: + items: + type: string + nullable: true + type: array + required: + - noteIds + description: The ID of the note to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + description: Indicates the note was successfully deleted. + summary: Delete a note + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get all notes for a given document. + operationId: GetNotes + parameters: + - in: query + name: documentIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_DocumentIds' + - in: query + name: savedObjectIds + schema: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectIds' + - in: query + name: page + schema: + nullable: true + type: string + - in: query + name: perPage + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: sortField + schema: + nullable: true + type: string + - in: query + name: sortOrder + schema: + nullable: true + type: string + - in: query + name: filter + schema: + nullable: true + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_GetNotesResult' + - type: object + description: Indicates the requested notes were returned. + summary: Get notes + tags: + - Security Timeline API + - access:securitySolution + patch: + description: Add a note to a Timeline or update an existing note. + operationId: PersistNoteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventDataView: + nullable: true + type: string + eventIngested: + nullable: true + type: string + eventTimestamp: + nullable: true + type: string + note: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + noteId: + nullable: true + type: string + overrideOwner: + nullable: true + type: boolean + version: + nullable: true + type: string + required: + - note + description: The note to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistNote: + $ref: >- + #/components/schemas/Security_Timeline_API_ResponseNote + required: + - persistNote + required: + - data + description: Indicates the note was successfully created. + summary: Add or update a note + tags: + - Security Timeline API + - access:securitySolution + /api/osquery/live_queries: + get: + description: Get a list of all live queries. + operationId: OsqueryFindLiveQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindLiveQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live queries + tags: + - Security Osquery API + post: + description: Create and run a live query. + operationId: OsqueryCreateLiveQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateLiveQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a live query + tags: + - Security Osquery API + /api/osquery/live_queries/{id}: + get: + description: Get the details of a live query using the query ID. + operationId: OsqueryGetLiveQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + schema: + additionalProperties: true + type: object + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query details + tags: + - Security Osquery API + /api/osquery/live_queries/{id}/results/{actionId}: + get: + description: Get the results of a live query using the query action ID. + operationId: OsqueryGetLiveQueryResults + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: path + name: actionId + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_Id' + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_GetLiveQueryResultsRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get live query results + tags: + - Security Osquery API + /api/osquery/packs: + get: + description: Get a list of all query packs. + operationId: OsqueryFindPacks + parameters: + - in: query + name: query + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_FindPacksRequestQuery' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get packs + tags: + - Security Osquery API + post: + description: Create a query pack. + operationId: OsqueryCreatePacks + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_CreatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a pack + tags: + - Security Osquery API + /api/osquery/packs/{id}: + delete: + description: Delete a query pack using the pack ID. + operationId: OsqueryDeletePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a pack + tags: + - Security Osquery API + get: + description: Get the details of a query pack using the pack ID. + operationId: OsqueryGetPacksDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get pack details + tags: + - Security Osquery API + put: + description: | + Update a query pack using the pack ID. + > info + > You cannot update a prebuilt pack. + operationId: OsqueryUpdatePacks + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_Osquery_API_UpdatePacksRequestBody' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a pack + tags: + - Security Osquery API + /api/osquery/saved_queries: + get: + description: Get a list of all saved queries. + operationId: OsqueryFindSavedQueries + parameters: + - in: query + name: query + required: true + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_FindSavedQueryRequestQuery + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved queries + tags: + - Security Osquery API + post: + description: Create and run a saved query. + operationId: OsqueryCreateSavedQuery + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_CreateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Create a saved query + tags: + - Security Osquery API + /api/osquery/saved_queries/{id}: + delete: + description: Delete a saved query using the query ID. + operationId: OsqueryDeleteSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Delete a saved query + tags: + - Security Osquery API + get: + description: Get the details of a saved query using the query ID. + operationId: OsqueryGetSavedQueryDetails + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Get saved query details + tags: + - Security Osquery API + put: + description: | + Update a saved query using the query ID. + > info + > You cannot update a prebuilt saved query. + operationId: OsqueryUpdateSavedQuery + parameters: + - in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_UpdateSavedQueryRequestBody + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Osquery_API_DefaultSuccessResponse + description: OK + summary: Update a saved query + tags: + - Security Osquery API + /api/pinned_event: + patch: + description: Pin an event to an existing Timeline. + operationId: PersistPinnedEventRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + eventId: + type: string + pinnedEventId: + nullable: true + type: string + timelineId: + type: string + required: + - eventId + - timelineId + description: The pinned event to add or update, along with additional metadata. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistPinnedEventOnTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistPinnedEventResponse + required: + - persistPinnedEventOnTimeline + required: + - data + description: Indicates the event was successfully pinned to the Timeline. + summary: Pin an event + tags: + - Security Timeline API + - access:securitySolution + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + cleanup_successful: + type: boolean + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse + description: Unexpected error + summary: Cleanup the Risk Engine + tags: + - Security Entity Analytics API + /api/risk_score/engine/schedule_now: + post: + description: >- + Schedule the risk scoring engine to run as soon as possible. You can use + this to recalculate entity risk scores after updating their asset + criticality. + operationId: ScheduleRiskEngineNow + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: {} + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowResponse + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_TaskManagerUnavailableResponse + description: Task manager is unavailable + default: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse + description: Unexpected error + summary: Run the risk scoring engine + tags: + - Security Entity Analytics API + /api/saved_objects/_bulk_create: + post: + deprecated: true + operationId: bulkCreateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: When true, overwrites the document with the same identifier. + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Create saved objects + tags: + - saved objects + /api/saved_objects/_bulk_delete: + post: + deprecated: true + description: | + WARNING: When you delete a saved object, it cannot be recovered. + operationId: bulkDeleteSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + When true, force delete objects that exist in multiple namespaces. + Note that the option applies to the whole request. Use the delete + object API to specify per-object deletion behavior. TIP: Use this if + you attempted to delete objects and received an HTTP 400 error with + the following message: "Unable to delete saved object that exists in + multiple namespaces, use the force option to delete it anyway". + WARNING: When you bulk delete objects that exist in multiple + namespaces, the API also deletes legacy url aliases that reference + the object. These requests are batched to minimise the impact but + they can place a heavy load on Kibana. Make sure you limit the + number of objects that exist in multiple namespaces in a single bulk + delete operation. + in: query + name: force + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Delete saved objects + tags: + - saved objects + /api/saved_objects/_bulk_get: + post: + deprecated: true + operationId: bulkGetSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Get saved objects + tags: + - saved objects + /api/saved_objects/_bulk_resolve: + post: + deprecated: true + description: > + Retrieve multiple Kibana saved objects by identifier using any legacy + URL aliases if they exist. Under certain circumstances when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved by the bulk resolve API + using either its new ID or its old ID. + operationId: bulkResolveSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Resolve saved objects + tags: + - saved objects + /api/saved_objects/_bulk_update: + post: + deprecated: true + description: Update the attributes for multiple Kibana saved objects. + operationId: bulkUpdateSavedObjects + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + items: + type: object + type: array + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: > + Indicates a successful call. NOTE: This HTTP response code indicates + that the bulk operation succeeded. Errors pertaining to individual + objects will be returned in the response body. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Update saved objects + tags: + - saved objects + /api/saved_objects/_export: + post: + description: > + Retrieve sets of saved objects that you want to import into Kibana. + + You must include `type` or `objects` in the request body. + + + Exported saved objects are not backwards compatible and cannot be + imported into an older version of Kibana. + + + NOTE: The `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be exported. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: exportSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsRequest: + $ref: '#/components/examples/Saved_objects_export_objects_request' + schema: + type: object + properties: + excludeExportDetails: + default: false + description: Do not add export details entry at the end of the stream. + type: boolean + includeReferencesDeep: + description: >- + Includes all of the referenced objects in the exported + objects. + type: boolean + objects: + description: A list of objects to export. + items: + type: object + type: array + type: + description: >- + The saved object types to include in the export. Use `*` to + export all the types. + oneOf: + - type: string + - items: + type: string + type: array + required: true + responses: + '200': + content: + application/x-ndjson; Elastic-Api-Version=2023-10-31: + examples: + exportSavedObjectsResponse: + $ref: '#/components/examples/Saved_objects_export_objects_response' + schema: + additionalProperties: true + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Export saved objects + tags: + - saved objects + /api/saved_objects/_find: + get: + deprecated: true + description: Retrieve a paginated set of Kibana saved objects. + operationId: findSavedObjects + parameters: + - description: > + An aggregation structure, serialized as a string. The field format + is similar to filter, meaning that to use a saved object type + attribute in the aggregation, the `savedObjectType.attributes.title: + "myTitle"` format must be used. For root fields, the syntax is + `savedObjectType.rootField`. NOTE: As objects change in Kibana, the + results on each page of the response also change. Use the find API + for traditional paginated results, but avoid using it to export + large amounts of data. + in: query + name: aggs + schema: + type: string + - description: The default operator to use for the `simple_query_string`. + in: query + name: default_search_operator + schema: + type: string + - description: The fields to return in the attributes key of the response. + in: query + name: fields + schema: + oneOf: + - type: string + - type: array + - description: > + The filter is a KQL string with the caveat that if you filter with + an attribute from your saved object type, it should look like that: + `savedObjectType.attributes.title: "myTitle"`. However, if you use a + root attribute of a saved object such as `updated_at`, you will have + to define your filter like that: `savedObjectType.updated_at > + 2018-12-22`. + in: query + name: filter + schema: + type: string + - description: >- + Filters to objects that do not have a relationship with the type and + identifier combination. + in: query + name: has_no_reference + schema: + type: object + - description: >- + The operator to use for the `has_no_reference` parameter. Either + `OR` or `AND`. Defaults to `OR`. + in: query + name: has_no_reference_operator + schema: + type: string + - description: >- + Filters to objects that have a relationship with the type and ID + combination. + in: query + name: has_reference + schema: + type: object + - description: >- + The operator to use for the `has_reference` parameter. Either `OR` + or `AND`. Defaults to `OR`. + in: query + name: has_reference_operator + schema: + type: string + - description: The page of objects to return. + in: query + name: page + schema: + type: integer + - description: The number of objects to return per page. + in: query + name: per_page + schema: + type: integer + - description: >- + An Elasticsearch `simple_query_string` query that filters the + objects in the response. + in: query + name: search + schema: + type: string + - description: >- + The fields to perform the `simple_query_string` parsed query + against. + in: query + name: search_fields + schema: + oneOf: + - type: string + - type: array + - description: > + Sorts the response. Includes "root" and "type" fields. "root" fields + exist for all saved objects, such as "updated_at". "type" fields are + specific to an object type, such as fields returned in the + attributes key of the response. When a single type is defined in the + type parameter, the "root" and "type" fields are allowed, and + validity checks are made in that order. When multiple types are + defined in the type parameter, only "root" fields are allowed. + in: query + name: sort_field + schema: + type: string + - description: The saved object types to include. + in: query + name: type + required: true + schema: + oneOf: + - type: string + - type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request + summary: Search for saved objects + tags: + - saved objects + /api/saved_objects/_import: + post: + description: > + Create sets of Kibana saved objects from a file created by the export + API. + + Saved objects can be imported only into the same version, a newer minor + on the same major, or the next major. Exported saved objects are not + backwards compatible and cannot be imported into an older version of + Kibana. + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: importSavedObjectsDefault + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Creates copies of saved objects, regenerates each object ID, and + resets the origin. When used, potential conflict errors are avoided. + NOTE: This option cannot be used with the `overwrite` and + `compatibilityMode` options. + in: query + name: createNewCopies + required: false + schema: + type: boolean + - description: > + Overwrites saved objects when they already exist. When used, + potential conflict errors are automatically resolved by overwriting + the destination object. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: overwrite + required: false + schema: + type: boolean + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. Use this option only if you encounter issues with imported + saved objects. NOTE: This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + importObjectsRequest: + $ref: '#/components/examples/Saved_objects_import_objects_request' + schema: + type: object + properties: + file: + description: > + A file exported using the export API. NOTE: The + `savedObjects.maxImportExportSize` configuration setting + limits the number of saved objects which may be included in + this file. Similarly, the + `savedObjects.maxImportPayloadBytes` setting limits the + overall size of the file that can be imported. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + importObjectsResponse: + $ref: '#/components/examples/Saved_objects_import_objects_response' + schema: + type: object + properties: + errors: + description: > + Indicates the import was unsuccessful and specifies the + objects that failed to import. + + + NOTE: One object may result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and conflict error. + items: + type: object + type: array + success: + description: > + Indicates when the import was successfully completed. When + set to false, some objects may not have been created. For + additional information, refer to the `errors` and + `successResults` properties. + type: boolean + successCount: + description: Indicates the number of successfully imported records. + type: integer + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are created only when all resolvable errors + are addressed, including conflicts and missing references. + If objects are created as new copies, each entry in the + `successResults` array includes a `destinationId` + attribute. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Import saved objects + tags: + - saved objects + x-codeSamples: + - label: Import with createNewCopies + lang: cURL + source: | + curl \ + -X POST api/saved_objects/_import?createNewCopies=true + -H "kbn-xsrf: true" + --form file=@file.ndjson + /api/saved_objects/_resolve_import_errors: + post: + description: > + To resolve errors from the Import objects API, you can: + + + * Retry certain saved objects + + * Overwrite specific saved objects + + * Change references to different saved objects + + + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + operationId: resolveImportErrors + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - description: > + Applies various adjustments to the saved objects that are being + imported to maintain compatibility between different Kibana + versions. When enabled during the initial import, also enable when + resolving import errors. This option cannot be used with the + `createNewCopies` option. + in: query + name: compatibilityMode + required: false + schema: + type: boolean + - description: > + Creates copies of the saved objects, regenerates each object ID, and + resets the origin. When enabled during the initial import, also + enable when resolving import errors. + in: query + name: createNewCopies + required: false + schema: + type: boolean + requestBody: + content: + multipart/form-data; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsRequest: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_request + schema: + type: object + properties: + file: + description: The same file given to the import API. + format: binary + type: string + retries: + description: >- + The retry operations, which can specify how to resolve + different types of errors. + items: + type: object + properties: + destinationId: + description: >- + Specifies the destination ID that the imported object + should have, if different from the current ID. + type: string + id: + description: The saved object ID. + type: string + ignoreMissingReferences: + description: >- + When set to `true`, ignores missing reference errors. + When set to `false`, does nothing. + type: boolean + overwrite: + description: >- + When set to `true`, the source object overwrites the + conflicting destination object. When set to `false`, + does nothing. + type: boolean + replaceReferences: + description: >- + A list of `type`, `from`, and `to` used to change the + object references. + items: + type: object + properties: + from: + type: string + to: + type: string + type: + type: string + type: array + type: + description: The saved object type. + type: string + required: + - type + - id + type: array + required: + - retries + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + examples: + resolveImportErrorsResponse: + $ref: >- + #/components/examples/Saved_objects_resolve_missing_reference_response + schema: + type: object + properties: + errors: + description: > + Specifies the objects that failed to resolve. + + + NOTE: One object can result in multiple errors, which + requires separate steps to resolve. For instance, a + `missing_references` error and a `conflict` error. + items: + type: object + type: array + success: + description: > + Indicates a successful import. When set to `false`, some + objects may not have been created. For additional + information, refer to the `errors` and `successResults` + properties. + type: boolean + successCount: + description: | + Indicates the number of successfully resolved records. + type: number + successResults: + description: > + Indicates the objects that are successfully imported, with + any metadata if applicable. + + + NOTE: Objects are only created when all resolvable errors + are addressed, including conflict and missing references. + items: + type: object + type: array + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve import errors + tags: + - saved objects + /api/saved_objects/{type}: + post: + deprecated: true + description: Create a Kibana saved object with a randomly generated identifier. + operationId: createSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: If true, overwrites the document with the same identifier. + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_references' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + /api/saved_objects/{type}/{id}: + get: + deprecated: true + description: Retrieve a single Kibana saved object by identifier. + operationId: getSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Get a saved object + tags: + - saved objects + post: + deprecated: true + description: >- + Create a Kibana saved object and specify its identifier instead of using + a randomly generated ID. + operationId: createSavedObjectId + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + - description: If true, overwrites the document with the same identifier. + in: query + name: overwrite + schema: + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + attributes: + $ref: '#/components/schemas/Saved_objects_attributes' + initialNamespaces: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + references: + $ref: '#/components/schemas/Saved_objects_initial_namespaces' + required: + - attributes + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Create a saved object + tags: + - saved objects + put: + deprecated: true + description: Update the attributes for Kibana saved objects. + operationId: updateSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_kbn_xsrf' + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates the object was not found. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a conflict error. + summary: Update a saved object + tags: + - saved objects + /api/saved_objects/resolve/{type}/{id}: + get: + deprecated: true + description: > + Retrieve a single Kibana saved object by identifier using any legacy URL + alias if it exists. Under certain circumstances, when Kibana is + upgraded, saved object migrations may necessitate regenerating some + object IDs to enable new features. When an object's ID is regenerated, a + legacy URL alias is created for that object, preserving its old ID. In + such a scenario, that object can be retrieved using either its new ID or + its old ID. + operationId: resolveSavedObject + parameters: + - $ref: '#/components/parameters/Saved_objects_saved_object_id' + - $ref: '#/components/parameters/Saved_objects_saved_object_type' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Saved_objects_400_response' + description: Bad request. + summary: Resolve a saved object + tags: + - saved objects + /api/security_ai_assistant/anonymization_fields/_bulk_action: + post: + description: >- + Apply a bulk action to multiple anonymization fields. The bulk action is + applied to all anonymization fields that match the filter or to the list + of anonymization fields by their IDs. + operationId: PerformAnonymizationFieldsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of anonymization fields IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter anonymization fields + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to anonymization fields + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/anonymization_fields/_find: + get: + description: Get a list of all anonymization fields. + operationId: FindAnonymizationFields + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindAnonymizationFieldsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: AnonymizationFields per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get anonymization fields + tags: + - Security AI Assistant API + - AnonymizationFields API + /api/security_ai_assistant/chat/complete: + post: + description: Create a model response for the given chat conversation. + operationId: ChatComplete + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatCompleteProps' + required: true + responses: + '200': + content: + application/octet-stream; Elastic-Api-Version=2023-10-31: + schema: + format: binary + type: string + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a model response + tags: + - Security AI Assistant API + - Chat Complete API + /api/security_ai_assistant/current_user/conversations: + post: + description: Create a new Security AI Assistant conversation. + operationId: CreateConversation + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationCreateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Create a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/current_user/conversations/_find: + get: + description: Get a list of all conversations for the current user. + operationId: FindConversations + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindConversationsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Conversations per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get conversations + tags: + - Security AI Assistant API + - Conversations API + /api/security_ai_assistant/current_user/conversations/{id}: + delete: + description: Delete an existing conversation using the conversation ID. + operationId: DeleteConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Delete a conversation + tags: + - Security AI Assistant API + - Conversation API + get: + description: Get the details of an existing conversation using the conversation ID. + operationId: ReadConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get a conversation + tags: + - Security AI Assistant API + - Conversations API + put: + description: Update an existing conversation using the conversation ID. + operationId: UpdateConversation + parameters: + - description: The conversation's `id` value. + in: path + name: id + required: true + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationUpdateProps + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Update a conversation + tags: + - Security AI Assistant API + - Conversation API + /api/security_ai_assistant/prompts/_bulk_action: + post: + description: >- + Apply a bulk action to multiple prompts. The bulk action is applied to + all prompts that match the filter or to the list of prompts by their + IDs. + operationId: PerformPromptsBulkAction + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + create: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptCreateProps + type: array + delete: + type: object + properties: + ids: + description: Array of prompts IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter promps + type: string + update: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptUpdateProps + type: array + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResponse + description: Indicates a successful call. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Apply a bulk action to prompts + tags: + - Security AI Assistant API + - Bulk API + /api/security_ai_assistant/prompts/_find: + get: + description: Get a list of all prompts. + operationId: FindPrompts + parameters: + - in: query + name: fields + required: false + schema: + items: + type: string + type: array + - description: Search query + in: query + name: filter + required: false + schema: + type: string + - description: Field to sort by + in: query + name: sort_field + required: false + schema: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_FindPromptsSortField + - description: Sort order + in: query + name: sort_order + required: false + schema: + $ref: '#/components/schemas/Security_AI_Assistant_API_SortOrder' + - description: Page number + in: query + name: page + required: false + schema: + default: 1 + minimum: 1 + type: integer + - description: Prompts per page + in: query + name: per_page + required: false + schema: + default: 20 + minimum: 0 + type: integer + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptResponse + type: array + page: + type: integer + perPage: + type: integer + total: + type: integer + required: + - page + - perPage + - total + - data + description: Successful response + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + summary: Get prompts + tags: + - Security AI Assistant API + - Prompts API + /api/security/role: + get: + operationId: '%2Fapi%2Fsecurity%2Frole#0' + parameters: [] + responses: {} + summary: Get all roles + tags: + - roles + /api/security/role/{name}: + delete: + operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: name + required: true + schema: + minLength: 1 + type: string + responses: {} + summary: Delete a role + tags: + - roles + get: + operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: name + required: true + schema: + minLength: 1 + type: string + responses: {} + summary: Get a role + tags: + - roles + put: + operationId: '%2Fapi%2Fsecurity%2Frole%2F%7Bname%7D#2' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: name + required: true + schema: + maxLength: 1024 + minLength: 1 + type: string + - in: query + name: createOnly + required: false + schema: + default: false + type: boolean + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + description: + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + type: boolean + field_security: + additionalProperties: + items: + type: string + type: array + type: object + names: + items: + type: string + minItems: 1 + type: array + privileges: + items: + type: string + minItems: 1 + type: array + query: + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + type: string + minItems: 1 + type: array + privileges: + items: + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + type: boolean + clusters: + items: + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + type: string + type: array + type: object + names: + items: + type: string + minItems: 1 + type: array + privileges: + items: + type: string + minItems: 1 + type: array + query: + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + type: string + type: array + - items: + type: string + type: array + feature: + additionalProperties: + items: + type: string + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + responses: {} + summary: Create or update a role + tags: + - roles + /api/security/roles: + post: + operationId: '%2Fapi%2Fsecurity%2Froles#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + roles: + additionalProperties: + additionalProperties: false + type: object + properties: + description: + maxLength: 2048 + type: string + elasticsearch: + additionalProperties: false + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + type: boolean + field_security: + additionalProperties: + items: + type: string + type: array + type: object + names: + items: + type: string + minItems: 1 + type: array + privileges: + items: + type: string + minItems: 1 + type: array + query: + type: string + required: + - names + - privileges + type: array + remote_cluster: + items: + additionalProperties: false + type: object + properties: + clusters: + items: + type: string + minItems: 1 + type: array + privileges: + items: + type: string + minItems: 1 + type: array + required: + - privileges + - clusters + type: array + remote_indices: + items: + additionalProperties: false + type: object + properties: + allow_restricted_indices: + type: boolean + clusters: + items: + type: string + minItems: 1 + type: array + field_security: + additionalProperties: + items: + type: string + type: array + type: object + names: + items: + type: string + minItems: 1 + type: array + privileges: + items: + type: string + minItems: 1 + type: array + query: + type: string + required: + - clusters + - names + - privileges + type: array + run_as: + items: + type: string + type: array + kibana: + items: + additionalProperties: false + type: object + properties: + base: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - items: + type: string + type: array + - items: + type: string + type: array + feature: + additionalProperties: + items: + type: string + type: array + type: object + spaces: + anyOf: + - items: + enum: + - '*' + type: string + maxItems: 1 + minItems: 1 + type: array + - items: + type: string + type: array + default: + - '*' + required: + - base + type: array + metadata: + additionalProperties: {} + type: object + required: + - elasticsearch + type: object + required: + - roles + responses: {} + summary: Create or update roles + tags: + - roles + /api/spaces/_copy_saved_objects: + post: + description: Copy saved objects to spaces + operationId: '%2Fapi%2Fspaces%2F_copy_saved_objects#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + type: boolean + createNewCopies: + default: true + type: boolean + includeReferences: + default: false + type: boolean + objects: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + overwrite: + default: false + type: boolean + spaces: + items: + type: string + type: array + required: + - spaces + - objects + responses: {} + summary: '' + tags: [] + /api/spaces/_disable_legacy_url_aliases: + post: + description: Disable legacy URL aliases + operationId: '%2Fapi%2Fspaces%2F_disable_legacy_url_aliases#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + aliases: + items: + additionalProperties: false + type: object + properties: + sourceId: + type: string + targetSpace: + type: string + targetType: + type: string + required: + - targetSpace + - targetType + - sourceId + type: array + required: + - aliases + responses: {} + summary: '' + tags: [] + /api/spaces/_get_shareable_references: + post: + description: Get shareable references + operationId: '%2Fapi%2Fspaces%2F_get_shareable_references#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + objects: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + required: + - objects + responses: {} + summary: '' + tags: [] + /api/spaces/_resolve_copy_saved_objects_errors: + post: + description: Resolve conflicts copying saved objects + operationId: '%2Fapi%2Fspaces%2F_resolve_copy_saved_objects_errors#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + compatibilityMode: + default: false + type: boolean + createNewCopies: + default: true + type: boolean + includeReferences: + default: false + type: boolean + objects: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + retries: + additionalProperties: + items: + additionalProperties: false + type: object + properties: + createNewCopy: + type: boolean + destinationId: + type: string + id: + type: string + ignoreMissingReferences: + type: boolean + overwrite: + default: false + type: boolean + type: + type: string + required: + - type + - id + type: array + type: object + required: + - retries + - objects + responses: {} + summary: '' + tags: [] + /api/spaces/_update_objects_spaces: + post: + description: Update saved objects in spaces + operationId: '%2Fapi%2Fspaces%2F_update_objects_spaces#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + objects: + items: + additionalProperties: false + type: object + properties: + id: + type: string + type: + type: string + required: + - type + - id + type: array + spacesToAdd: + items: + type: string + type: array + spacesToRemove: + items: + type: string + type: array + required: + - objects + - spacesToAdd + - spacesToRemove + responses: {} + summary: '' + tags: [] + /api/spaces/space: + get: + description: Get all spaces + operationId: '%2Fapi%2Fspaces%2Fspace#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: query + name: purpose + required: false + schema: + enum: + - any + - copySavedObjectsIntoSpace + - shareSavedObjectsIntoSpace + type: string + - in: query + name: include_authorized_purposes + required: true + schema: + anyOf: + - items: {} + type: array + - type: boolean + - type: number + - type: object + - type: string + nullable: true + oneOf: + - enum: + - false + type: boolean + x-oas-optional: true + - type: boolean + x-oas-optional: true + responses: {} + summary: '' + tags: + - spaces + post: + description: Create a space + operationId: '%2Fapi%2Fspaces%2Fspace#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + type: string + description: + type: string + disabledFeatures: + default: [] + items: + type: string + type: array + id: + type: string + imageUrl: + type: string + initials: + maxLength: 2 + type: string + name: + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + responses: {} + summary: '' + tags: + - spaces + /api/spaces/space/{id}: + delete: + description: Delete a space + operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#2' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: id + required: true + schema: + type: string + responses: {} + summary: '' + tags: + - spaces + get: + description: Get a space + operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - in: path + name: id + required: true + schema: + type: string + responses: {} + summary: '' + tags: + - spaces + put: + description: Update a space + operationId: '%2Fapi%2Fspaces%2Fspace%2F%7Bid%7D#1' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: A required header to protect against CSRF attacks + in: header + name: kbn-xsrf + required: true + schema: + example: 'true' + type: string + - in: path + name: id + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + additionalProperties: false + type: object + properties: + _reserved: + type: boolean + color: + type: string + description: + type: string + disabledFeatures: + default: [] + items: + type: string + type: array + id: + type: string + imageUrl: + type: string + initials: + maxLength: 2 + type: string + name: + minLength: 1 + type: string + solution: + enum: + - security + - oblt + - es + - classic + type: string + required: + - id + - name + responses: {} + summary: '' + tags: + - spaces + /api/status: + get: + operationId: '%2Fapi%2Fstatus#0' + parameters: + - description: The version of the API to use + in: header + name: elastic-api-version + schema: + default: '2023-10-31' + enum: + - '2023-10-31' + type: string + - description: Set to "true" to get the response in v7 format. + in: query + name: v7format + required: false + schema: + type: boolean + - description: Set to "true" to get the response in v8 format. + in: query + name: v8format + required: false + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: Overall status is OK and Kibana should be functioning normally. + '503': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + anyOf: + - $ref: '#/components/schemas/Kibana_HTTP_APIs_core_status_response' + - $ref: >- + #/components/schemas/Kibana_HTTP_APIs_core_status_redactedResponse + description: >- + Kibana's operational status. A minimal response is sent for + unauthorized users. + description: >- + Kibana or some of it's essential services are unavailable. Kibana + may be degraded or unavailable. + summary: Get Kibana's current status + tags: + - system + /api/timeline: + delete: + description: Delete one or more Timelines or Timeline templates. + operationId: DeleteTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + savedObjectIds: + items: + type: string + type: array + searchIds: + description: >- + Saved search ids that should be deleted alongside the + timelines + items: + type: string + type: array + required: + - savedObjectIds + description: The IDs of the Timelines or Timeline templates to delete. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + deleteTimeline: + type: boolean + required: + - deleteTimeline + required: + - data + description: Indicates the Timeline was successfully deleted. + summary: Delete Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + get: + description: Get the details of an existing saved Timeline or Timeline template. + operationId: GetTimeline + parameters: + - description: The ID of the template timeline to retrieve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the Timeline to retrieve. + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + type: object + properties: + getOneTimeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + required: + - getOneTimeline + required: + - data + - additionalProperties: false + type: object + description: Indicates that the (template) Timeline was found and returned. + summary: Get Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + patch: + description: >- + Update an existing Timeline. You can update the title, description, date + range, pinned events, pinned queries, and/or pinned saved queries of an + existing Timeline. + operationId: PatchTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - timelineId + - version + - timeline + description: The Timeline updates, along with the Timeline ID and version. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates that the user does not have the required access to create + a draft Timeline. + summary: Update a Timeline + tags: + - Security Timeline API + - access:securitySolution + post: + description: Create a new Timeline or Timeline template. + operationId: CreateTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + status: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + version: + nullable: true + type: string + required: + - timeline + description: >- + The required Timeline fields used to create a new Timeline, along with + optional fields that will be created if not provided. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates the Timeline was successfully created. + '405': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that there was an error in the Timeline creation. + summary: Create a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_copy: + get: + description: | + Copies and returns a timeline or timeline template. + operationId: CopyTimeline + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + timelineIdToCopy: + type: string + required: + - timeline + - timelineIdToCopy + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the timeline has been successfully copied. + summary: Copies timeline or timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_draft: + get: + description: >- + Get the details of the draft Timeline or Timeline template for the + current user. If the user doesn't have a draft Timeline, an empty + Timeline is returned. + operationId: GetDraftTimelines + parameters: + - in: query + name: timelineType + required: true + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: Indicates that the draft Timeline was successfully retrieved. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + If a draft Timeline was not found and we attempted to create one, it + indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + This should never happen, but if a draft Timeline was not found and + we attempted to create one, it indicates that there is already a + draft Timeline with the given `timelineId`. + summary: Get draft Timeline or Timeline template details + tags: + - Security Timeline API + - access:securitySolution + post: + description: > + Create a clean draft Timeline or Timeline template for the current user. + + > info + + > If the user already has a draft Timeline, the existing draft Timeline + is cleared and returned. + operationId: CleanDraftTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + required: + - timelineType + description: >- + The type of Timeline to create. Valid values are `default` and + `template`. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_PersistTimelineResponse + description: >- + Indicates that the draft Timeline was successfully created. In the + event the user already has a draft Timeline, the existing draft + Timeline is cleared and returned. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that the user does not have the required permissions to + create a draft Timeline. + '409': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + message: + type: string + status_code: + type: number + description: >- + Indicates that there is already a draft Timeline with the given + `timelineId`. + summary: Create a clean draft Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_export: + post: + description: Export Timelines as an NDJSON file. + operationId: ExportTimelines + parameters: + - description: The name of the file to export + in: query + name: file_name + required: true + schema: + type: string + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + ids: + items: + type: string + nullable: true + type: array + description: The IDs of the Timelines to export. + required: true + responses: + '200': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + description: NDJSON of the exported Timelines + type: string + description: Indicates the Timelines were successfully exported. + '400': + content: + application/ndjson; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Indicates that the export size limit was exceeded. + summary: Export Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_favorite: + patch: + description: Favorite a Timeline or Timeline template for the current user. + operationId: PersistFavoriteRoute + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineId: + nullable: true + type: string + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + required: + - timelineId + - templateTimelineId + - templateTimelineVersion + - timelineType + description: The required fields used to favorite a (template) Timeline. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + data: + type: object + properties: + persistFavorite: + $ref: >- + #/components/schemas/Security_Timeline_API_FavoriteTimelineResponse + required: + - persistFavorite + required: + - data + description: Indicates the favorite status was successfully updated. + '403': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the user does not have the required permissions to persist + the favorite status. + summary: Favorite a Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_import: + post: + description: Import Timelines. + operationId: ImportTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + file: {} + isImmutable: + enum: + - 'true' + - 'false' + type: string + required: + - file + description: The Timelines to import as a readable stream. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the import of Timelines was successful. + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: >- + Indicates the import of Timelines was unsuccessful because of an + invalid file extension. + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + id: + type: string + statusCode: + type: number + description: >- + Indicates that we were unable to locate the saved object client + necessary to handle the import. + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + id: + type: string + statusCode: + type: number + description: Indicates the import of Timelines was unsuccessful. + summary: Import Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/_prepackaged: + post: + description: Install or update prepackaged Timelines. + operationId: InstallPrepackedTimelines + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + prepackagedTimelines: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + nullable: true + type: array + timelinesToInstall: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + timelinesToUpdate: + items: + $ref: '#/components/schemas/Security_Timeline_API_ImportTimelines' + nullable: true + type: array + required: + - timelinesToInstall + - timelinesToUpdate + - prepackagedTimelines + description: The Timelines to install or update. + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: >- + #/components/schemas/Security_Timeline_API_ImportTimelineResult + description: Indicates the installation of prepackaged Timelines was successful. + '500': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: >- + Indicates the installation of prepackaged Timelines was + unsuccessful. + summary: Install prepackaged Timelines + tags: + - Security Timeline API + - access:securitySolution + /api/timeline/resolve: + get: + operationId: ResolveTimeline + parameters: + - description: The ID of the template timeline to resolve + in: query + name: template_timeline_id + schema: + type: string + - description: The ID of the timeline to resolve + in: query + name: id + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + oneOf: + - type: object + properties: + data: + $ref: >- + #/components/schemas/Security_Timeline_API_ResolvedTimeline + required: + - data + - additionalProperties: false + type: object + description: The (template) Timeline has been found + '400': + description: The request is missing parameters + '404': + description: The (template) Timeline was not found + summary: Get an existing saved Timeline or Timeline template + tags: + - Security Timeline API + - access:securitySolution + /api/timelines: + get: + description: Get a list of all saved Timelines or Timeline templates. + operationId: GetTimelines + parameters: + - description: >- + If true, only timelines that are marked as favorites by the user are + returned. + in: query + name: only_user_favorite + schema: + enum: + - 'true' + - 'false' + nullable: true + type: string + - in: query + name: timeline_type + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + - in: query + name: sort_field + schema: + $ref: '#/components/schemas/Security_Timeline_API_SortFieldTimeline' + - in: query + name: sort_order + schema: + enum: + - asc + - desc + type: string + - in: query + name: page_size + schema: + nullable: true + type: string + - in: query + name: page_index + schema: + nullable: true + type: string + - in: query + name: search + schema: + nullable: true + type: string + - in: query + name: status + schema: + $ref: '#/components/schemas/Security_Timeline_API_TimelineStatus' + nullable: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + customTemplateTimelineCount: + type: number + defaultTimelineCount: + type: number + elasticTemplateTimelineCount: + type: number + favoriteCount: + type: number + templateTimelineCount: + type: number + timeline: + items: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineResponse + type: array + totalCount: + type: number + required: + - timeline + - totalCount + description: Indicates that the (template) Timelines were found and returned. + '400': + content: + application:json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + body: + type: string + statusCode: + type: number + description: Bad request. The user supplied invalid data. + summary: Get Timelines or Timeline templates + tags: + - Security Timeline API + - access:securitySolution + /s/{spaceId}/api/observability/slos: + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: findSlosOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - description: A valid kql query to filter the SLO with + example: 'slo.name:latency* and slo.tags : "prod"' + in: query + name: kqlQuery + schema: + type: string + - description: The page to use for pagination, must be greater or equal than 1 + example: 1 + in: query + name: page + schema: + default: 1 + type: integer + - description: Number of SLOs returned by page + example: 25 + in: query + name: perPage + schema: + default: 25 + maximum: 5000 + type: integer + - description: Sort by field + example: status + in: query + name: sortBy + schema: + default: status + enum: + - sli_value + - status + - error_budget_consumed + - error_budget_remaining + type: string + - description: Sort order + example: asc + in: query + name: sortDirection + schema: + default: asc + enum: + - asc + - desc + type: string + - description: >- + Hide stale SLOs from the list as defined by stale SLO threshold in + SLO settings + in: query + name: hideStale + schema: + type: boolean + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_find_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get a paginated list of SLOs + tags: + - slo + post: + description: > + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: createSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_create_slo_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '409': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_409_response' + description: Conflict - The SLO id already exists + summary: Create an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/_delete_instances: + post: + description: > + The deletion occurs for the specified list of `sloId` and `instanceId`. + You must have `all` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloInstancesOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_delete_slo_instances_request' + required: true + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + summary: Batch delete rollup and summary data + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}: + delete: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: deleteSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Delete an SLO + tags: + - slo + get: + description: > + You must have the `read` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: getSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + - description: the specific instanceId used by the summary calculation + example: host-abcde + in: query + name: instanceId + schema: + type: string + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_with_summary_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Get an SLO + tags: + - slo + put: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: updateSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + requestBody: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_update_slo_request' + required: true + responses: + '200': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Update an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/_reset: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: resetSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_slo_definition_response' + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Reset an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/disable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: disableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '200': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Disable an SLO + tags: + - slo + /s/{spaceId}/api/observability/slos/{sloId}/enable: + post: + description: > + You must have the `write` privileges for the **SLOs** feature in the + **Observability** section of the Kibana feature privileges. + operationId: enableSloOp + parameters: + - $ref: '#/components/parameters/SLOs_kbn_xsrf' + - $ref: '#/components/parameters/SLOs_space_id' + - $ref: '#/components/parameters/SLOs_slo_id' + responses: + '204': + description: Successful request + '400': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_400_response' + description: Bad request + '401': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_401_response' + description: Unauthorized response + '403': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_403_response' + description: Unauthorized response + '404': + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + $ref: '#/components/schemas/SLOs_404_response' + description: Not found response + summary: Enable an SLO + tags: + - slo +components: + examples: + Alerting_get_health_response: + summary: Retrieve information about the health of the alerting framework. + value: + alerting_framework_health: + decryption_health: + status: ok + timestamp: '2023-01-13T01:28:00.280Z' + execution_health: + status: ok + timestamp: '2023-01-13T01:28:00.280Z' + read_health: + status: ok + timestamp: '2023-01-13T01:28:00.280Z' + has_permanent_encryption_key: true + is_sufficiently_secure: true + Alerting_get_rule_types_response: + summary: Retrieve rule types associated with Kibana machine learning features + value: + - action_groups: + - id: anomaly_score_match + name: Anomaly score matched the condition + - id: recovered + name: Recovered + action_variables: + context: + - description: The bucket timestamp of the anomaly + name: timestamp + - description: The bucket time of the anomaly in ISO8601 format + name: timestampIso8601 + - description: List of job IDs that triggered the alert + name: jobIds + - description: Alert info message + name: message + - description: Indicate if top hits contain interim results + name: isInterim + - description: Anomaly score at the time of the notification action + name: score + - description: Top records + name: topRecords + - description: Top influencers + name: topInfluencers + - description: URL to open in the Anomaly Explorer + name: anomalyExplorerUrl + useWithTripleBracesInTemplates: true + params: [] + state: [] + alerts: + context: ml.anomaly-detection + mappings: + fieldMap: + kibana.alert.anomaly_score: + array: false + type: double + required: false + kibana.alert.anomaly_timestamp: + array: false + type: date + required: false + kibana.alert.is_interim: + array: false + type: boolean + required: false + kibana.alert.job_id: + array: false + type: keyword + required: true + kibana.alert.top_influencers: + array: true + dynamic: false + type: object + properties: + influencer_field_name: + type: keyword + influencer_field_value: + type: keyword + influencer_score: + type: double + initial_influencer_score: + type: double + is_interim: + type: boolean + job_id: + type: keyword + timestamp: + type: date + required: false + kibana.alert.top_records: + array: true + dynamic: false + type: object + properties: + actual: + type: double + by_field_name: + type: keyword + by_field_value: + type: keyword + detector_index: + type: integer + field_name: + type: keyword + function: + type: keyword + initial_record_score: + type: double + is_interim: + type: boolean + job_id: + type: keyword + over_field_name: + type: keyword + over_field_value: + type: keyword + partition_field_name: + type: keyword + partition_field_value: + type: keyword + record_score: + type: double + timestamp: + type: date + typical: + type: double + required: false + shouldWrite: true + authorized_consumers: + alerts: + all: true + read: true + apm: + all: true + read: true + discover: + all: true + read: true + infrastructure: + all: true + read: true + logs: + all: true + read: true + ml: + all: true + read: true + monitoring: + all: true + read: true + siem: + all: true + read: true + slo: + all: true + read: true + stackAlerts: + all: true + read: true + uptime: + all: true + read: true + category: management + default_action_group_id: anomaly_score_match + does_set_recovery_context: true + enabled_in_license: true + has_alerts_mappings: true + has_fields_for_a_a_d: false + id: xpack.ml.anomaly_detection_alert + is_exportable: true + minimum_license_required: platinum + name: Anomaly detection alert + producer: ml + recovery_action_group: + id: recovered + name: Recovered + rule_task_timeout: 5m + - action_groups: + - id: anomaly_detection_realtime_issue + name: Issue detected + - id: recovered + name: Recovered + action_variables: + context: + - description: Results of the rule execution + name: results + - description: Alert info message + name: message + params: [] + state: [] + authorized_consumers: + alerts: + all: true + read: true + apm: all: true read: true discover: @@ -15706,140 +23623,1365 @@ components: summary: Create a data view with runtime fields. value: data_view: - name: My Logstash data view - runtimeFieldMap: - runtime_shape_name: - script: - source: emit(doc['shape_name'].value) - type: keyword - title: logstash-* - Data_views_create_runtime_field_request: - summary: Create a runtime field. + name: My Logstash data view + runtimeFieldMap: + runtime_shape_name: + script: + source: emit(doc['shape_name'].value) + type: keyword + title: logstash-* + Data_views_create_runtime_field_request: + summary: Create a runtime field. + value: + name: runtimeFoo + runtimeField: + script: + source: emit(doc["foo"].value) + type: long + Data_views_get_data_view_response: + summary: >- + The get data view API returns a JSON object that contains information + about the data view. + value: + data_view: + allowNoIndex: false + fieldAttrs: + products.manufacturer: + count: 1 + products.price: + count: 1 + products.product_name: + count: 1 + total_quantity: + count: 1 + fieldFormats: + products.base_price: + id: number + params: + pattern: $0,0.00 + products.base_unit_price: + id: number + params: + pattern: $0,0.00 + products.min_price: + id: number + params: + pattern: $0,0.00 + products.price: + id: number + params: + pattern: $0,0.00 + products.taxful_price: + id: number + params: + pattern: $0,0.00 + products.taxless_price: + id: number + params: + pattern: $0,0.00 + taxful_total_price: + id: number + params: + pattern: $0,0.[00] + taxless_total_price: + id: number + params: + pattern: $0,0.00 + fields: + _id: + aggregatable: false + count: 0 + esTypes: + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: category + type: string + currency: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: currency + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_birth_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: customer_birth_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + customer_first_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_first_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_first_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_first_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_first_name + type: string + customer_full_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_full_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_full_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_full_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_full_name + type: string + customer_gender: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_gender + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: customer_last_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + customer_last_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_last_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: customer_last_name + type: string + customer_phone: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: customer_phone + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: day_of_week + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + day_of_week_i: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: day_of_week_i + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + email: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: email + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + event.dataset: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: event.dataset + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.city_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.city_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.continent_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.continent_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.country_iso_code: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.country_iso_code + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + geoip.location: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: geoip.location + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + geoip.region_name: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: geoip.region_name + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: manufacturer + type: string + order_date: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: order_date + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + order_id: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: order_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products._id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products._id.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products._id.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products._id + type: string + products.base_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.base_unit_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.base_unit_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.category: + aggregatable: false + count: 0 + esTypes: + - text + format: + id: string + isMapped: true + name: products.category + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.category.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.category.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.category + type: string + products.created_on: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: products.created_on + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: date + products.discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.discount_percentage: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.discount_percentage + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.manufacturer: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.manufacturer + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.manufacturer.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.manufacturer.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.manufacturer + type: string + products.min_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.min_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.price: + aggregatable: true + count: 1 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_id: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + isMapped: true + name: products.product_id + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.product_name: + aggregatable: false + count: 1 + esTypes: + - text + format: + id: string + isMapped: true + name: products.product_name + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.product_name.keyword: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.product_name.keyword + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + subType: + multi: + parent: products.product_name + type: string + products.quantity: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: products.quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: products.sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + products.tax_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.tax_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxful_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxful_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.taxless_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: products.taxless_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + products.unit_discount_amount: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + isMapped: true + name: products.unit_discount_amount + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + sku: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: sku + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + taxful_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: taxful_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + taxless_total_price: + aggregatable: true + count: 0 + esTypes: + - half_float + format: + id: number + params: + pattern: $0,0.00 + isMapped: true + name: taxless_total_price + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_quantity: + aggregatable: true + count: 1 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_quantity + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + total_unique_products: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: total_unique_products + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + type: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: type + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + user: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: user + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + runtimeFieldMap: {} + sourceFilters: [] + timeFieldName: order_date + title: kibana_sample_data_ecommerce + typeMeta: {} + version: WzUsMV0= + Data_views_get_data_views_response: + summary: The get all data views API returns a list of data views. + value: + data_view: + - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + name: Kibana Sample Data eCommerce + namespaces: + - default + title: kibana_sample_data_ecommerce + typeMeta: {} + - id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + namespaces: + - default + title: kibana_sample_data_flights + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: Kibana Sample Data Logs + namespaces: + - default + title: kibana_sample_data_logs + Data_views_get_default_data_view_response: + summary: The get default data view API returns the default data view identifier. value: - name: runtimeFoo - runtimeField: - script: - source: emit(doc["foo"].value) - type: long - Data_views_get_data_view_response: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + Data_views_get_runtime_field_response: summary: >- - The get data view API returns a JSON object that contains information - about the data view. + The get runtime field API returns a JSON object that contains + information about the runtime field (`hour_of_day`) and the data view + (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). value: data_view: allowNoIndex: false - fieldAttrs: - products.manufacturer: - count: 1 - products.price: - count: 1 - products.product_name: - count: 1 - total_quantity: - count: 1 + fieldAttrs: {} fieldFormats: - products.base_price: - id: number - params: - pattern: $0,0.00 - products.base_unit_price: - id: number - params: - pattern: $0,0.00 - products.min_price: - id: number - params: - pattern: $0,0.00 - products.price: - id: number - params: - pattern: $0,0.00 - products.taxful_price: - id: number - params: - pattern: $0,0.00 - products.taxless_price: - id: number - params: - pattern: $0,0.00 - taxful_total_price: + AvgTicketPrice: id: number params: pattern: $0,0.[00] - taxless_total_price: + hour_of_day: id: number params: - pattern: $0,0.00 + pattern: '00' fields: _id: aggregatable: false count: 0 esTypes: - - _id + - _id + format: + id: string + isMapped: true + name: _id + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _index: + aggregatable: true + count: 0 + esTypes: + - _index + format: + id: string + isMapped: true + name: _index + readFromDocValues: false + scripted: false + searchable: true + shortDotsEnable: false + type: string + _score: + aggregatable: false + count: 0 + format: + id: number + isMapped: true + name: _score + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: number + _source: + aggregatable: false + count: 0 + esTypes: + - _source + format: + id: _source + isMapped: true + name: _source + readFromDocValues: false + scripted: false + searchable: false + shortDotsEnable: false + type: _source + AvgTicketPrice: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + params: + pattern: $0,0.[00] + isMapped: true + name: AvgTicketPrice + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Cancelled: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: Cancelled + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + Carrier: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Carrier + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + dayOfWeek: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: dayOfWeek + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + Dest: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: Dest + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestAirportID: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestAirportID + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCityName: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCityName + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestCountry: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: DestLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + DestRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DestWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: DestWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + DistanceKilometers: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceKilometers + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + DistanceMiles: + aggregatable: true + count: 0 + esTypes: + - float + format: + id: number + isMapped: true + name: DistanceMiles + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelay: + aggregatable: true + count: 0 + esTypes: + - boolean + format: + id: boolean + isMapped: true + name: FlightDelay + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: boolean + FlightDelayMin: + aggregatable: true + count: 0 + esTypes: + - integer + format: + id: number + isMapped: true + name: FlightDelayMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + FlightDelayType: + aggregatable: true + count: 0 + esTypes: + - keyword format: id: string isMapped: true - name: _id - readFromDocValues: false + name: FlightDelayType + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - _index: + FlightNum: aggregatable: true count: 0 esTypes: - - _index + - keyword format: id: string isMapped: true - name: _index - readFromDocValues: false + name: FlightNum + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - _score: - aggregatable: false + FlightTimeHour: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: FlightTimeHour + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + FlightTimeMin: + aggregatable: true count: 0 + esTypes: + - float format: id: number isMapped: true - name: _score + name: FlightTimeMin + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: number + hour_of_day: + aggregatable: true + count: 0 + esTypes: + - long + format: + id: number + params: + pattern: '00' + name: hour_of_day readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long scripted: false - searchable: false + searchable: true shortDotsEnable: false type: number - _source: - aggregatable: false + Origin: + aggregatable: true count: 0 esTypes: - - _source + - keyword format: - id: _source + id: string isMapped: true - name: _source - readFromDocValues: false + name: Origin + readFromDocValues: true scripted: false - searchable: false + searchable: true shortDotsEnable: false - type: _source - category: - aggregatable: false + type: string + OriginAirportID: + aggregatable: true count: 0 esTypes: - - text + - keyword format: id: string isMapped: true - name: category - readFromDocValues: false + name: OriginAirportID + readFromDocValues: true scripted: false searchable: true shortDotsEnable: false type: string - category.keyword: + OriginCityName: aggregatable: true count: 0 esTypes: @@ -15847,16 +24989,13 @@ components: format: id: string isMapped: true - name: category.keyword + name: OriginCityName readFromDocValues: true scripted: false searchable: true shortDotsEnable: false - subType: - multi: - parent: category type: string - currency: + OriginCountry: aggregatable: true count: 0 esTypes: @@ -15864,7283 +25003,15966 @@ components: format: id: string isMapped: true - name: currency + name: OriginCountry + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginLocation: + aggregatable: true + count: 0 + esTypes: + - geo_point + format: + id: geo_point + params: + transform: wkt + isMapped: true + name: OriginLocation + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: geo_point + OriginRegion: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginRegion + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + OriginWeather: + aggregatable: true + count: 0 + esTypes: + - keyword + format: + id: string + isMapped: true + name: OriginWeather + readFromDocValues: true + scripted: false + searchable: true + shortDotsEnable: false + type: string + timestamp: + aggregatable: true + count: 0 + esTypes: + - date + format: + id: date + isMapped: true + name: timestamp readFromDocValues: true scripted: false searchable: true shortDotsEnable: false + type: date + id: d3d7af60-4c81-11e8-b3d7-01146121b73d + name: Kibana Sample Data Flights + runtimeFieldMap: + hour_of_day: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + sourceFilters: [] + timeFieldName: timestamp + title: kibana_sample_data_flights + version: WzM2LDJd + fields: + - aggregatable: true + count: 0 + esTypes: + - long + name: hour_of_day + readFromDocValues: false + runtimeField: + script: + source: emit(doc['timestamp'].value.getHour()); + type: long + scripted: false + searchable: true + shortDotsEnable: false + type: number + Data_views_preview_swap_data_view_request: + summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". + value: + fromId: abcd-efg + toId: xyz-123 + Data_views_set_default_data_view_request: + summary: Set the default data view identifier. + value: + data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f + force: true + Data_views_swap_data_view_request: + summary: >- + Swap references from data view ID "abcd-efg" to "xyz-123" and remove the + data view that is no longer referenced. + value: + delete: true + fromId: abcd-efg + toId: xyz-123 + Data_views_update_data_view_request: + summary: Update some properties for a data view. + value: + data_view: + allowNoIndex: false + name: Kibana Sample Data eCommerce + timeFieldName: order_date + title: kibana_sample_data_ecommerce + refresh_fields: true + Data_views_update_field_metadata_request: + summary: Update metadata for multiple fields. + value: + fields: + field1: + count: 123 + customLabel: Field 1 label + field2: + customDescription: Field 2 description + customLabel: Field 2 label + Data_views_update_runtime_field_request: + summary: Update an existing runtime field on a data view. + value: + runtimeField: + script: + source: emit(doc["bar"].value) + Machine_learning_APIs_mlSyncExample: + summary: Two anomaly detection jobs required synchronization in this example. + value: + datafeedsAdded: {} + datafeedsRemoved: {} + savedObjectsCreated: + anomaly-detector: + myjob1: + success: true + myjob2: + success: true + savedObjectsDeleted: {} + Saved_objects_export_objects_request: + summary: Export a specific saved object. + value: + excludeExportDetails: true + includeReferencesDeep: false + objects: + - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + type: map + Saved_objects_export_objects_response: + summary: >- + The export objects API response contains a JSON record for each exported + object. + value: + attributes: + description: '' + layerListJSON: >- + [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total + Requests by + Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web + logs + count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual + Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total + Requests and + Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web + logs + count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] + mapStateJSON: >- + {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} + title: '[Logs] Total Requests and Bytes' + uiStateJSON: '{"isDarkMode":false}' + coreMigrationVersion: 8.8.0 + created_at: '2023-08-23T20:03:32.204Z' + id: de71f4f0-1902-11e9-919b-ffe5949a18d2 + managed: false + references: + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_1_join_0_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_2_source_index_pattern + type: index-pattern + - id: 90943e30-9a47-11e8-b64d-95841ca0b247 + name: layer_3_source_index_pattern + type: index-pattern + type: map + typeMigrationVersion: 8.4.0 + updated_at: '2023-08-23T20:03:32.204Z' + version: WzEzLDFd + Saved_objects_import_objects_request: + value: + file: file.ndjson + Saved_objects_import_objects_response: + summary: >- + The import objects API response indicates a successful import and the + objects are created. Since these objects are created as new copies, each + entry in the successResults array includes a destinationId attribute. + value: + success: true + successCount: 1 + successResults: + - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 + id: 90943e30-9a47-11e8-b64d-95841ca0b247 + managed: false + meta: + icon: indexPatternApp + title: Kibana Sample Data Logs + type: index-pattern + Saved_objects_key_rotation_response: + summary: Encryption key rotation using default parameters. + value: + failed: 0 + successful: 300 + total: 1000 + Saved_objects_resolve_missing_reference_request: + value: + file: file.ndjson + retries: + - id: my-pattern + overwrite: true + type: index-pattern + - destinationId: another-vis + id: my-vis + overwrite: true + type: visualization + - destinationId: yet-another-canvas + id: my-canvas + overwrite: true + type: canvas + - id: my-dashboard + type: dashboard + Saved_objects_resolve_missing_reference_response: + summary: Resolve missing reference errors. + value: + success: true + successCount: 3 + successResults: + - id: my-vis + meta: + icon: visualizeApp + title: Look at my visualization + type: visualization + - id: my-search + meta: + icon: searchApp + title: Look at my search + type: search + - id: my-dashboard + meta: + icon: dashboardApp + title: Look at my dashboard + type: dashboard + parameters: + Alerting_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Cases_alert_id: + description: An identifier for the alert. + in: path + name: alertId + required: true + schema: + example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + type: string + Cases_assignees_filter: + description: > + Filters the returned cases by assignees. Valid values are `none` or + unique identifiers for the user profiles. These identifiers can be found + by using the suggest user profile API. + in: query + name: assignees + schema: + oneOf: + - type: string + - items: type: string - customer_birth_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: customer_birth_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - customer_first_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_first_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + maxItems: 100 + type: array + Cases_case_id: + description: >- + The identifier for the case. To retrieve case IDs, use the find cases + API. All non-ASCII characters must be URL encoded. + in: path + name: caseId + required: true + schema: + example: 9c235210-6834-11ea-a78c-6ffb38a34414 + type: string + Cases_category: + description: Filters the returned cases by category. + in: query + name: category + schema: + oneOf: + - example: my-category + type: string + - items: type: string - customer_first_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_first_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_first_name + maxItems: 100 + type: array + Cases_comment_id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + case or find cases APIs. + in: path + name: commentId + required: true + schema: + example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 + type: string + Cases_configuration_id: + description: An identifier for the configuration. + in: path + name: configurationId + required: true + schema: + example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 + type: string + Cases_connector_id: + description: >- + An identifier for the connector. To retrieve connector IDs, use the find + connectors API. + in: path + name: connectorId + required: true + schema: + example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 + type: string + Cases_defaultSearchOperator: + description: he default operator to use for the simple_query_string. + example: OR + in: query + name: defaultSearchOperator + schema: + default: OR + type: string + Cases_from: + description: > + Returns only cases that were created after a specific date. The date + must be specified as a KQL data range or date match expression. + in: query + name: from + schema: + example: now-1d + type: string + Cases_ids: + description: > + The cases that you want to removed. All non-ASCII characters must be URL + encoded. + example: d4e7abb0-b462-11ec-9a8d-698504725a43 + in: query + name: ids + required: true + schema: + items: + maxItems: 100 + minItems: 1 + type: string + type: array + Cases_includeComments: + deprecated: true + description: >- + Deprecated in 8.1.0. This parameter is deprecated and will be removed in + a future release. It determines whether case comments are returned. + in: query + name: includeComments + schema: + default: true + type: boolean + Cases_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Cases_owner: + description: > + A filter to limit the response to a specific set of applications. If + this parameter is omitted, the response contains information about all + the cases that the user has access to read. + example: cases + in: query + name: owner + schema: + oneOf: + - $ref: '#/components/schemas/Cases_owners' + - items: + $ref: '#/components/schemas/Cases_owners' + type: array + Cases_page_index: + description: The page number to return. + in: query + name: page + required: false + schema: + default: 1 + type: integer + Cases_page_size: + description: The number of items to return. Limited to 100 items. + in: query + name: perPage + required: false + schema: + default: 20 + maximum: 100 + type: integer + Cases_reporters: + description: Filters the returned cases by the user name of the reporter. + example: elastic + in: query + name: reporters + schema: + oneOf: + - type: string + - items: type: string - customer_full_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_full_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + maxItems: 100 + type: array + Cases_search: + description: >- + An Elasticsearch simple_query_string query that filters the objects in + the response. + in: query + name: search + schema: + type: string + Cases_searchFields: + description: The fields to perform the simple_query_string parsed query against. + in: query + name: searchFields + schema: + oneOf: + - $ref: '#/components/schemas/Cases_searchFieldsType' + - items: + $ref: '#/components/schemas/Cases_searchFieldsType' + type: array + Cases_severity: + description: The severity of the case. + in: query + name: severity + schema: + enum: + - critical + - high + - low + - medium + type: string + Cases_sort_order: + description: Determines the sort order. + in: query + name: sortOrder + required: false + schema: + default: desc + enum: + - asc + - desc + type: string + Cases_sortField: + description: Determines which field is used to sort the results. + example: updatedAt + in: query + name: sortField + schema: + default: createdAt + enum: + - createdAt + - updatedAt + - closedAt + - title + - category + - status + - severity + type: string + Cases_status: + description: Filters the returned cases by state. + example: open + in: query + name: status + schema: + enum: + - closed + - in-progress + - open + type: string + Cases_tags: + description: Filters the returned cases by tags. + example: tag-1 + in: query + name: tags + schema: + oneOf: + - type: string + - items: type: string - customer_full_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_full_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_full_name + maxItems: 100 + type: array + Cases_to: + description: > + Returns only cases that were created before a specific date. The date + must be specified as a KQL data range or date match expression. + example: now+1d + in: query + name: to + schema: + type: string + Cases_user_action_types: + description: Determines the types of user actions to return. + example: create_case + in: query + name: types + schema: + items: + enum: + - action + - alert + - assignees + - attachment + - comment + - connector + - create_case + - description + - pushed + - settings + - severity + - status + - tags + - title + - user + type: string + type: array + Data_views_field_name: + description: The name of the runtime field. + in: path + name: fieldName + required: true + schema: + example: hour_of_day + type: string + Data_views_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Data_views_view_id: + description: An identifier for the data view. + in: path + name: viewId + required: true + schema: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + Fleet_format: + description: Simplified or legacy format for package inputs + in: query + name: format + required: false + schema: + enum: + - simplified + - legacy + type: string + Fleet_kbn_xsrf: + description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. + in: header + name: kbn-xsrf + required: true + schema: + type: string + Fleet_kuery: + in: query + name: kuery + required: false + schema: + type: string + Fleet_page_index: + in: query + name: page + required: false + schema: + default: 1 + type: integer + Fleet_page_size: + description: The number of items to return + in: query + name: perPage + required: false + schema: + default: 20 + type: integer + Fleet_show_inactive: + in: query + name: showInactive + required: false + schema: + type: boolean + Fleet_show_upgradeable: + in: query + name: showUpgradeable + required: false + schema: + type: boolean + Fleet_sort_field: + in: query + name: sortField + required: false + schema: + deprecated: true + type: string + Fleet_sort_order: + in: query + name: sortOrder + required: false + schema: + enum: + - asc + - desc + type: string + Fleet_with_metrics: + description: Return agent metrics, false by default + in: query + name: withMetrics + required: false + schema: + type: boolean + Machine_learning_APIs_simulateParam: + description: >- + When true, simulates the synchronization by returning only the list of + actions that would be performed. + example: 'true' + in: query + name: simulate + required: false + schema: + type: boolean + Saved_objects_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + Saved_objects_saved_object_id: + description: An identifier for the saved object. + in: path + name: id + required: true + schema: + type: string + Saved_objects_saved_object_type: + description: >- + Valid options include `visualization`, `dashboard`, `search`, + `index-pattern`, `config`. + in: path + name: type + required: true + schema: + type: string + SLOs_kbn_xsrf: + description: Cross-site request forgery protection + in: header + name: kbn-xsrf + required: true + schema: + type: string + SLOs_slo_id: + description: An identifier for the slo. + in: path + name: sloId + required: true + schema: + example: 9c235211-6834-11ea-a78c-6feb38a34414 + type: string + SLOs_space_id: + description: >- + An identifier for the space. If `/s/` and the identifier are omitted + from the path, the default space is used. + in: path + name: spaceId + required: true + schema: + example: default + type: string + responses: + Fleet_error: + content: + application/json; Elastic-Api-Version=2023-10-31: + schema: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: number + description: Generic Error + schemas: + Alerting_401_response: + properties: + error: + enum: + - Unauthorized + example: Unauthorized + type: string + message: + type: string + statusCode: + enum: + - 401 + example: 401 + type: integer + title: Unsuccessful rule API response + type: object + Alerting_alert_response_properties: + title: Legacy alert response properties + type: object + properties: + actions: + items: + type: object + type: array + alertTypeId: + example: .index-threshold + type: string + apiKeyOwner: + example: elastic + nullable: true + type: string + createdAt: + description: The date and time that the alert was created. + example: '2022-12-05T23:36:58.284Z' + format: date-time + type: string + createdBy: + description: The identifier for the user that created the alert. + example: elastic + type: string + enabled: + description: Indicates whether the alert is currently enabled. + example: true + type: boolean + executionStatus: + type: object + properties: + lastExecutionDate: + example: '2022-12-06T00:13:43.890Z' + format: date-time type: string - customer_gender: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_gender - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + status: + example: ok type: string - customer_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + id: + description: The identifier for the alert. + example: b530fed0-74f5-11ed-9801-35303b735aef + type: string + muteAll: + example: false + type: boolean + mutedInstanceIds: + items: + type: string + nullable: true + type: array + name: + description: The name of the alert. + example: my alert + type: string + notifyWhen: + example: onActionGroupChange + type: string + params: + additionalProperties: true + type: object + schedule: + type: object + properties: + interval: type: string - customer_last_name: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: customer_last_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + scheduledTaskId: + example: b530fed0-74f5-11ed-9801-35303b735aef + type: string + tags: + items: + type: string + type: array + throttle: + nullable: true + type: string + updatedAt: + example: '2022-12-05T23:36:58.284Z' + type: string + updatedBy: + description: The identifier for the user that updated this alert most recently. + example: elastic + nullable: true + type: string + Alerting_fieldmap_properties: + title: Field map objects in the get rule types response + type: object + properties: + array: + description: Indicates whether the field is an array. + type: boolean + dynamic: + description: Indicates whether it is a dynamic field mapping. + type: boolean + format: + description: > + Indicates the format of the field. For example, if the `type` is + `date_range`, the `format` can be + `epoch_millis||strict_date_optional_time`. + type: string + ignore_above: + description: >- + Specifies the maximum length of a string field. Longer strings are + not indexed or stored. + type: integer + index: + description: Indicates whether field values are indexed. + type: boolean + path: + description: TBD + type: string + properties: + additionalProperties: + type: object + properties: + type: + description: The data type for each object property. + type: string + description: > + Details about the object properties. This property is applicable + when `type` is `object`. + type: object + required: + description: Indicates whether the field is required. + type: boolean + scaling_factor: + description: > + The scaling factor to use when encoding values. This property is + applicable when `type` is `scaled_float`. Values will be multiplied + by this factor at index time and rounded to the closest long value. + type: integer + type: + description: Specifies the data type for the field. + example: scaled_float + type: string + Cases_4xx_response: + properties: + error: + example: Unauthorized + type: string + message: + type: string + statusCode: + example: 401 + type: integer + title: Unsuccessful cases API response + type: object + Cases_action_types: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - delete_case + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + type: string + Cases_actions: + enum: + - add + - create + - delete + - push_to_service + - update + example: create + type: string + Cases_add_alert_comment_request_properties: + description: Defines properties for case comment requests when type is alert. + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + enum: + - alert + example: alert + type: string + required: + - alertId + - index + - owner + - rule + - type + title: Add case comment request properties for alerts + Cases_add_case_comment_request: + description: >- + The add comment to case API request body varies depending on whether you + are adding an alert or a comment. + discriminator: + mapping: + alert: '#/components/schemas/Cases_add_alert_comment_request_properties' + user: '#/components/schemas/Cases_add_user_comment_request_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' + title: Add case comment request + Cases_add_user_comment_request_properties: + description: Defines properties for case comment requests when type is user. + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + example: A new comment. + maxLength: 30000 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + type: + description: The type of comment. + enum: + - user + example: user + type: string + required: + - comment + - owner + - type + title: Add case comment request properties for user comments + type: object + Cases_alert_comment_response_properties: + title: Add case comment response properties for alerts + type: object + properties: + alertId: + items: + example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 + type: string + type: array + created_at: + example: '2023-11-06T19:29:38.424Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true type: string - customer_last_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_last_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: customer_last_name + full_name: + example: null + nullable: true type: string - customer_phone: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: customer_phone - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - day_of_week: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: day_of_week - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + username: + example: elastic + nullable: true type: string - day_of_week_i: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: day_of_week_i - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number + required: + - email + - full_name + - username + id: + example: 73362370-ab1a-11ec-985f-97e55adae8b9 + type: string + index: + items: + example: .internal.alerts-security.alerts-default-000001 + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + example: null + format: date-time + nullable: true + type: string + pushed_by: + nullable: true + type: object + properties: email: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: email - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + example: null + nullable: true + type: string + full_name: + example: null + nullable: true type: string - event.dataset: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: event.dataset - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - geoip.city_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.city_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + username: + example: elastic + nullable: true type: string - geoip.continent_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.continent_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - email + - full_name + - username + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 type: string - geoip.country_iso_code: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.country_iso_code - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: The rule name. + example: security_rule type: string - geoip.location: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: geoip.location - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - geoip.region_name: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: geoip.region_name - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: + enum: + - alert + example: alert + type: string + updated_at: + format: date-time + nullable: true + type: string + updated_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true type: string - manufacturer: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: manufacturer + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + version: + example: WzMwNDgsMV0= + type: string + required: + - type + Cases_alert_identifiers: + description: > + The alert identifiers. It is required only when `type` is `alert`. You + can use an array of strings to add multiple alerts to a case, provided + that they all relate to the same rule; `index` must also be an array + with the same length or number of elements. Adding multiple alerts in + this manner is recommended rather than calling the API multiple times. + This functionality is in technical preview and may be changed or removed + in a future release. Elastic will work to fix any issues, but features + in technical preview are not subject to the support SLA of official GA + features. + example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert identifiers + x-technical-preview: true + Cases_alert_indices: + description: > + The alert indices. It is required only when `type` is `alert`. If you + are adding multiple alerts to a case, use an array of strings; the + position of each index name in the array must match the position of the + corresponding alert identifier in the `alertId` array. This + functionality is in technical preview and may be changed or removed in a + future release. Elastic will work to fix any issues, but features in + technical preview are not subject to the support SLA of official GA + features. + oneOf: + - type: string + - items: + type: string + maxItems: 1000 + type: array + title: Alert indices + x-technical-preview: true + Cases_alert_response_properties: + type: object + properties: + attached_at: + format: date-time + type: string + id: + description: The alert identifier. + type: string + index: + description: The alert index. + type: string + Cases_assignees: + description: An array containing users that are assigned to the case. + items: + type: object + properties: + uid: + description: >- + A unique identifier for the user profile. These identifiers can be + found by using the suggest user profile API. + example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 + type: string + required: + - uid + maxItems: 10 + nullable: true + type: array + Cases_case_category: + description: A word or phrase that categorizes the case. + maxLength: 50 + type: string + Cases_case_description: + description: The description for the case. + maxLength: 30000 + type: string + Cases_case_response_closed_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for closed_by + type: object + Cases_case_response_created_by_properties: + title: Case response properties for created_by + type: object + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + Cases_case_response_properties: + title: Case response properties + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + description: The case category. + nullable: true + type: string + closed_at: + format: date-time + nullable: true + type: string + closed_by: + $ref: '#/components/schemas/Cases_case_response_closed_by_properties' + comments: + description: An array of comment objects for the case. + items: + discriminator: + mapping: + alert: '#/components/schemas/Cases_alert_comment_response_properties' + user: '#/components/schemas/Cases_user_comment_response_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_alert_comment_response_properties' + - $ref: '#/components/schemas/Cases_user_comment_response_properties' + maxItems: 10000 + title: Case response properties for comments + type: array + connector: + discriminator: + mapping: + .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' + .jira: '#/components/schemas/Cases_connector_properties_jira' + .none: '#/components/schemas/Cases_connector_properties_none' + .resilient: '#/components/schemas/Cases_connector_properties_resilient' + .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' + .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' + .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + title: Case response properties for connectors + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + customFields: + description: Custom field values for the case. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + type: array + description: + example: A case description. + type: string + duration: + description: > + The elapsed time from the creation of the case to its closure (in + seconds). If the case has not been closed, the duration is set to + null. If the case was closed after less than half a second, the + duration is rounded down to zero. + example: 120 + nullable: true + type: integer + external_service: + $ref: '#/components/schemas/Cases_external_service' + id: + example: 66b9aa00-94fa-11ea-9f74-e7e108796192 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + example: + - tag-1 + items: + type: string + type: array + title: + example: Case title 1 + type: string + totalAlerts: + example: 0 + type: integer + totalComment: + example: 0 + type: integer + updated_at: + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + example: WzUzMiwxXQ== + type: string + required: + - closed_at + - closed_by + - comments + - connector + - created_at + - created_by + - description + - duration + - external_service + - id + - owner + - settings + - severity + - status + - tags + - title + - totalAlerts + - totalComment + - updated_at + - updated_by + - version + Cases_case_response_pushed_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for pushed_by + type: object + Cases_case_response_updated_by_properties: + nullable: true + properties: + email: + example: null + nullable: true + type: string + full_name: + example: null + nullable: true + type: string + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + type: string + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + title: Case response properties for updated_by + type: object + Cases_case_severity: + default: low + description: The severity of the case. + enum: + - critical + - high + - low + - medium + type: string + Cases_case_status: + description: The status of the case. + enum: + - closed + - in-progress + - open + type: string + Cases_case_tags: + description: > + The words and phrases that help categorize cases. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_case_title: + description: A title for the case. + maxLength: 160 + type: string + Cases_closure_types: + description: >- + Indicates whether a case is automatically closed when it is pushed to + external systems (`close-by-pushing`) or not automatically closed + (`close-by-user`). + enum: + - close-by-pushing + - close-by-user + example: close-by-user + type: string + Cases_connector_properties_cases_webhook: + description: Defines properties for connectors when type is `.cases-webhook`. + type: object + properties: + fields: + example: null + nullable: true + type: string + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .cases-webhook + example: .cases-webhook + type: string + required: + - fields + - id + - name + - type + title: Create or upate case request properties for Cases Webhook connector + Cases_connector_properties_jira: + description: Defines properties for connectors when type is `.jira`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + issueType: + description: The type of issue. + nullable: true type: string - order_date: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: order_date - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - order_id: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: order_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + parent: + description: The key of the parent issue, when the issue type is sub-task. + nullable: true type: string - products._id: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products._id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + priority: + description: The priority of the issue. + nullable: true type: string - products._id.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products._id.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products._id + required: + - issueType + - parent + - priority + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .jira + example: .jira + type: string + required: + - fields + - id + - name + - type + title: Create or update case request properties for a Jira connector + Cases_connector_properties_none: + description: Defines properties for connectors when type is `.none`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case without + a connector, specify null. To update a case to remove the connector, + specify null. + example: null + nullable: true + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. To update a case to remove the connector, + specify `none`. + example: none + type: string + name: + description: >- + The name of the connector. To create a case without a connector, use + `none`. To update a case to remove the connector, specify `none`. + example: none + type: string + type: + description: >- + The type of connector. To create a case without a connector, use + `.none`. To update a case to remove the connector, specify `.none`. + enum: + - .none + example: .none + type: string + required: + - fields + - id + - name + - type + title: Create or update case request properties for no connector + Cases_connector_properties_resilient: + description: Defines properties for connectors when type is `.resilient`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + nullable: true + type: object + properties: + issueTypes: + description: The type of incident. + items: + type: string + type: array + severityCode: + description: The severity code of the incident. type: string - products.base_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.base_unit_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.base_unit_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.category: - aggregatable: false - count: 0 - esTypes: - - text - format: - id: string - isMapped: true - name: products.category - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + required: + - issueTypes + - severityCode + id: + description: The identifier for the connector. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .resilient + example: .resilient + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a IBM Resilient connector + Cases_connector_properties_servicenow: + description: Defines properties for connectors when type is `.servicenow`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true type: string - products.category.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.category.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.category + impact: + description: The effect an incident had on business. + nullable: true type: string - products.created_on: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: products.created_on - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - products.discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.discount_percentage: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.discount_percentage - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.manufacturer: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.manufacturer - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + severity: + description: The severity of the incident. + nullable: true type: string - products.manufacturer.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.manufacturer.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.manufacturer + subcategory: + description: The subcategory of the incident. + nullable: true type: string - products.min_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.min_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.price: - aggregatable: true - count: 1 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_id: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - isMapped: true - name: products.product_id - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.product_name: - aggregatable: false - count: 1 - esTypes: - - text - format: - id: string - isMapped: true - name: products.product_name - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + urgency: + description: The extent to which the incident resolution can be delayed. + nullable: true type: string - products.product_name.keyword: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.product_name.keyword - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - subType: - multi: - parent: products.product_name + required: + - category + - impact + - severity + - subcategory + - urgency + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow + example: .servicenow + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow ITSM connector + Cases_connector_properties_servicenow_sir: + description: Defines properties for connectors when type is `.servicenow-sir`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + category: + description: The category of the incident. + nullable: true + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs. + nullable: true + type: boolean + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs. + nullable: true + type: boolean + priority: + description: The priority of the issue. + nullable: true type: string - products.quantity: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: products.quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: products.sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs. + nullable: true + type: boolean + subcategory: + description: The subcategory of the incident. + nullable: true type: string - products.tax_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.tax_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxful_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxful_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.taxless_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: products.taxless_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - products.unit_discount_amount: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - isMapped: true - name: products.unit_discount_amount - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - sku: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: sku - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - category + - destIp + - malwareHash + - malwareUrl + - priority + - sourceIp + - subcategory + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .servicenow-sir + example: .servicenow-sir + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a ServiceNow SecOps connector + Cases_connector_properties_swimlane: + description: Defines properties for connectors when type is `.swimlane`. + type: object + properties: + fields: + description: >- + An object containing the connector fields. If you want to omit any + individual field, specify null as its value. + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + nullable: true + type: string + required: + - caseId + id: + description: >- + The identifier for the connector. To retrieve connector IDs, use the + find connectors API. + type: string + name: + description: The name of the connector. + type: string + type: + description: The type of connector. + enum: + - .swimlane + example: .swimlane + type: string + required: + - fields + - id + - name + - type + title: Create case request properties for a Swimlane connector + Cases_connector_types: + description: The type of connector. + enum: + - .cases-webhook + - .jira + - .none + - .resilient + - .servicenow + - .servicenow-sir + - .swimlane + example: .none + type: string + Cases_create_case_request: + description: >- + The create case API request body varies depending on the type of + connector. + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields that are + not specified in the request are set to null. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key value must + exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified in the + case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, it + cannot be explicitly set to null. However, for cases that + existed when the required custom field was added, the default + value stored in Elasticsearch is `undefined`. The value + returned in the API and user interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + required: + - connector + - description + - owner + - settings + - tags + - title + title: Create case request + type: object + Cases_external_service: + nullable: true + type: object + properties: + connector_id: + type: string + connector_name: + type: string + external_id: + type: string + external_title: + type: string + external_url: + type: string + pushed_at: + format: date-time + type: string + pushed_by: + nullable: true + type: object + properties: + email: + example: null + nullable: true type: string - taxful_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: taxful_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - taxless_total_price: - aggregatable: true - count: 0 - esTypes: - - half_float - format: - id: number - params: - pattern: $0,0.00 - isMapped: true - name: taxless_total_price - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_quantity: - aggregatable: true - count: 1 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_quantity - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - total_unique_products: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: total_unique_products - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - type: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: type - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - user: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: user - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - runtimeFieldMap: {} - sourceFilters: [] - timeFieldName: order_date - title: kibana_sample_data_ecommerce - typeMeta: {} - version: WzUsMV0= - Data_views_get_data_views_response: - summary: The get all data views API returns a list of data views. - value: - data_view: - - id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - name: Kibana Sample Data eCommerce - namespaces: - - default - title: kibana_sample_data_ecommerce - typeMeta: {} - - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - namespaces: - - default - title: kibana_sample_data_flights - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: Kibana Sample Data Logs - namespaces: - - default - title: kibana_sample_data_logs - Data_views_get_default_data_view_response: - summary: The get default data view API returns the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - Data_views_get_runtime_field_response: - summary: >- - The get runtime field API returns a JSON object that contains - information about the runtime field (`hour_of_day`) and the data view - (`d3d7af60-4c81-11e8-b3d7-01146121b73d`). - value: - data_view: - allowNoIndex: false - fieldAttrs: {} - fieldFormats: - AvgTicketPrice: - id: number - params: - pattern: $0,0.[00] - hour_of_day: - id: number - params: - pattern: '00' - fields: - _id: - aggregatable: false - count: 0 - esTypes: - - _id - format: - id: string - isMapped: true - name: _id - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + username: + example: elastic + nullable: true type: string - _index: - aggregatable: true - count: 0 - esTypes: - - _index - format: - id: string - isMapped: true - name: _index - readFromDocValues: false - scripted: false - searchable: true - shortDotsEnable: false + Cases_owners: + description: > + The application that owns the cases: Stack Management, Observability, or + Elastic Security. + enum: + - cases + - observability + - securitySolution + example: cases + type: string + Cases_payload_alert_comment: + type: object + properties: + comment: + type: object + properties: + alertId: + oneOf: + - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d + type: string + - items: + type: string + type: array + index: + oneOf: + - example: .alerts-observability.logs.alerts-default + type: string + - items: + type: string + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + type: + enum: + - alert type: string - _score: - aggregatable: false - count: 0 - format: - id: number - isMapped: true - name: _score - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: number - _source: - aggregatable: false - count: 0 - esTypes: - - _source - format: - id: _source - isMapped: true - name: _source - readFromDocValues: false - scripted: false - searchable: false - shortDotsEnable: false - type: _source - AvgTicketPrice: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - params: - pattern: $0,0.[00] - isMapped: true - name: AvgTicketPrice - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Cancelled: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: Cancelled - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - Carrier: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Carrier - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + Cases_payload_assignees: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + Cases_payload_connector: + type: object + properties: + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none type: string - dayOfWeek: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: dayOfWeek - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - Dest: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Dest - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + Cases_payload_create_case: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + connector: + type: object + properties: + fields: + description: >- + An object containing the connector fields. To create a case + without a connector, specify null. If you want to omit any + individual field, specify null as its value. + example: null + nullable: true + type: object + properties: + caseId: + description: The case identifier for Swimlane connectors. + type: string + category: + description: >- + The category of the incident for ServiceNow ITSM and + ServiceNow SecOps connectors. + type: string + destIp: + description: >- + Indicates whether cases will send a comma-separated list of + destination IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + impact: + description: >- + The effect an incident had on business for ServiceNow ITSM + connectors. + type: string + issueType: + description: The type of issue for Jira connectors. + type: string + issueTypes: + description: The type of incident for IBM Resilient connectors. + items: + type: string + type: array + malwareHash: + description: >- + Indicates whether cases will send a comma-separated list of + malware hashes for ServiceNow SecOps connectors. + nullable: true + type: boolean + malwareUrl: + description: >- + Indicates whether cases will send a comma-separated list of + malware URLs for ServiceNow SecOps connectors. + nullable: true + type: boolean + parent: + description: >- + The key of the parent issue, when the issue type is sub-task + for Jira connectors. + type: string + priority: + description: >- + The priority of the issue for Jira and ServiceNow SecOps + connectors. + type: string + severity: + description: The severity of the incident for ServiceNow ITSM connectors. + type: string + severityCode: + description: >- + The severity code of the incident for IBM Resilient + connectors. + type: string + sourceIp: + description: >- + Indicates whether cases will send a comma-separated list of + source IPs for ServiceNow SecOps connectors. + nullable: true + type: boolean + subcategory: + description: >- + The subcategory of the incident for ServiceNow ITSM + connectors. + type: string + urgency: + description: >- + The extent to which the incident resolution can be delayed + for ServiceNow ITSM connectors. + type: string + id: + description: >- + The identifier for the connector. To create a case without a + connector, use `none`. + example: none type: string - DestAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: >- + The name of the connector. To create a case without a connector, + use `none`. + example: none type: string - DestCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: + $ref: '#/components/schemas/Cases_connector_types' + description: + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + items: + example: + - tag-1 + type: string + type: array + title: + type: string + Cases_payload_delete: + description: >- + If the `action` is `delete` and the `type` is `delete_case`, the payload + is nullable. + nullable: true + type: object + Cases_payload_description: + type: object + properties: + description: + type: string + Cases_payload_pushed: + type: object + properties: + externalService: + $ref: '#/components/schemas/Cases_external_service' + Cases_payload_settings: + type: object + properties: + settings: + $ref: '#/components/schemas/Cases_settings' + Cases_payload_severity: + type: object + properties: + severity: + $ref: '#/components/schemas/Cases_case_severity' + Cases_payload_status: + type: object + properties: + status: + $ref: '#/components/schemas/Cases_case_status' + Cases_payload_tags: + type: object + properties: + tags: + example: + - tag-1 + items: + type: string + type: array + Cases_payload_title: + type: object + properties: + title: + type: string + Cases_payload_user_comment: + type: object + properties: + comment: + type: object + properties: + comment: type: string - DestCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + owner: + $ref: '#/components/schemas/Cases_owners' + type: + enum: + - user type: string - DestLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: DestLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - DestRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + Cases_rule: + description: > + The rule that is associated with the alerts. It is required only when + `type` is `alert`. This functionality is in technical preview and may be + changed or removed in a future release. Elastic will work to fix any + issues, but features in technical preview are not subject to the support + SLA of official GA features. + title: Alerting rule + type: object + properties: + id: + description: The rule identifier. + example: 94d80550-aaf4-11ec-985f-97e55adae8b9 + type: string + name: + description: The rule name. + example: security_rule + type: string + x-technical-preview: true + Cases_searchFieldsType: + description: The fields to perform the `simple_query_string` parsed query against. + enum: + - description + - title + type: string + Cases_set_case_configuration_request: + description: >- + External connection details, such as the closure type and default + connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none type: string - DestWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: DestWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none type: string - DistanceKilometers: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceKilometers - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - DistanceMiles: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: DistanceMiles - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelay: - aggregatable: true - count: 0 - esTypes: - - boolean - format: - id: boolean - isMapped: true - name: FlightDelay - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: boolean - FlightDelayMin: - aggregatable: true - count: 0 - esTypes: - - integer - format: - id: number - isMapped: true - name: FlightDelayMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - FlightDelayType: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightDelayType - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + maxItems: 10 + minItems: 0 + type: array + owner: + $ref: '#/components/schemas/Cases_owners' + templates: + $ref: '#/components/schemas/Cases_templates' + required: + - closure_type + - connector + - owner + title: Set case configuration request + type: object + Cases_settings: + description: An object that contains the case settings. + type: object + properties: + syncAlerts: + description: Turns alert syncing on or off. + example: true + type: boolean + required: + - syncAlerts + Cases_template_tags: + description: > + The words and phrases that help categorize templates. It can be an empty + array. + items: + maxLength: 256 + type: string + maxItems: 200 + type: array + Cases_templates: + items: + type: object + properties: + caseFields: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not + used and are not propagated to individual cases, therefore + it is recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a + default connector, use `none`. To retrieve connector IDs, + use the find connectors API. + example: none + type: string + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use + the find connectors API. + example: none + type: string + type: + $ref: '#/components/schemas/Cases_connector_types' + customFields: + description: Custom field values in the template. + items: + type: object + properties: + key: + description: The unique key for the custom field. + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + value: + description: > + The default value for the custom field when a case uses + the template. If the `type` is `text`, the default value + must be a string. If the `type` is `toggle`, the default + value must be boolean. + oneOf: + - type: string + - type: boolean + type: array + x-technical-preview: true + description: + $ref: '#/components/schemas/Cases_case_description' + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + description: + description: A description for the template. + type: string + key: + description: > + A unique key for the template. Must be lower case and composed + only of a-z, 0-9, '_', and '-' characters. It is used in API calls + to refer to a specific template. + type: string + name: + description: The name of the template. + type: string + tags: + $ref: '#/components/schemas/Cases_template_tags' + type: array + x-technical-preview: true + Cases_update_alert_comment_request_properties: + description: Defines properties for case comment requests when type is alert. + type: object + properties: + alertId: + $ref: '#/components/schemas/Cases_alert_identifiers' + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string + index: + $ref: '#/components/schemas/Cases_alert_indices' + owner: + $ref: '#/components/schemas/Cases_owners' + rule: + $ref: '#/components/schemas/Cases_rule' + type: + description: The type of comment. + enum: + - alert + example: alert + type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd + type: string + required: + - alertId + - id + - index + - owner + - rule + - type + - version + title: Update case comment request properties for alerts + Cases_update_case_comment_request: + description: >- + The update case comment API request body varies depending on whether you + are updating an alert or a comment. + discriminator: + mapping: + alert: '#/components/schemas/Cases_update_alert_comment_request_properties' + user: '#/components/schemas/Cases_update_user_comment_request_properties' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' + - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' + title: Update case comment request + Cases_update_case_configuration_request: + description: > + You can update settings such as the closure type, custom fields, + templates, and the default connector for cases. + properties: + closure_type: + $ref: '#/components/schemas/Cases_closure_types' + connector: + description: An object that contains the connector configuration. + type: object + properties: + fields: + description: >- + The fields specified in the case configuration are not used and + are not propagated to individual cases, therefore it is + recommended to set it to `null`. + nullable: true + type: object + id: + description: >- + The identifier for the connector. If you do not want a default + connector, use `none`. To retrieve connector IDs, use the find + connectors API. + example: none type: string - FlightNum: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightNum - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + name: + description: >- + The name of the connector. If you do not want a default + connector, use `none`. To retrieve connector names, use the find + connectors API. + example: none type: string - FlightTimeHour: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: FlightTimeHour - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + type: + $ref: '#/components/schemas/Cases_connector_types' + required: + - fields + - id + - name + - type + customFields: + description: Custom fields case configuration. + items: + type: object + properties: + defaultValue: + description: > + A default value for the custom field. If the `type` is `text`, + the default value must be a string. If the `type` is `toggle`, + the default value must be boolean. + oneOf: + - type: string + - type: boolean + key: + description: > + A unique key for the custom field. Must be lower case and + composed only of a-z, 0-9, '_', and '-' characters. It is used + in API calls to refer to a specific custom field. + maxLength: 36 + minLength: 1 + type: string + label: + description: The custom field label that is displayed in the case. + maxLength: 50 + minLength: 1 + type: string + type: + description: The type of the custom field. + enum: + - text + - toggle + type: string + required: + description: > + Indicates whether the field is required. If `false`, the + custom field can be set to null or omitted when a case is + created or updated. + type: boolean + required: + - key + - label + - required + - type + type: array + templates: + $ref: '#/components/schemas/Cases_templates' + version: + description: > + The version of the connector. To retrieve the version value, use the + get configuration API. + example: WzIwMiwxXQ== + type: string + required: + - version + title: Update case configuration request + type: object + Cases_update_case_request: + description: >- + The update case API request body varies depending on the type of + connector. + properties: + cases: + description: An array containing one or more case objects. + items: + type: object + properties: + assignees: + $ref: '#/components/schemas/Cases_assignees' + category: + $ref: '#/components/schemas/Cases_case_category' + connector: + oneOf: + - $ref: '#/components/schemas/Cases_connector_properties_none' + - $ref: >- + #/components/schemas/Cases_connector_properties_cases_webhook + - $ref: '#/components/schemas/Cases_connector_properties_jira' + - $ref: '#/components/schemas/Cases_connector_properties_resilient' + - $ref: '#/components/schemas/Cases_connector_properties_servicenow' + - $ref: >- + #/components/schemas/Cases_connector_properties_servicenow_sir + - $ref: '#/components/schemas/Cases_connector_properties_swimlane' + customFields: + description: > + Custom field values for a case. Any optional custom fields + that are not specified in the request are set to null. + items: + type: object + properties: + key: + description: > + The unique identifier for the custom field. The key + value must exist in the case configuration settings. + type: string + type: + description: > + The custom field type. It must match the type specified + in the case configuration settings. + enum: + - text + - toggle + type: string + value: + description: > + The custom field value. If the custom field is required, + it cannot be explicitly set to null. However, for cases + that existed when the required custom field was added, + the default value stored in Elasticsearch is + `undefined`. The value returned in the API and user + interface in this case is `null`. + oneOf: + - maxLength: 160 + minLength: 1 + nullable: true + type: string + - type: boolean + required: + - key + - type + - value + maxItems: 10 + minItems: 0 + type: array + description: + $ref: '#/components/schemas/Cases_case_description' + id: + description: The identifier for the case. + maxLength: 30000 + type: string + settings: + $ref: '#/components/schemas/Cases_settings' + severity: + $ref: '#/components/schemas/Cases_case_severity' + status: + $ref: '#/components/schemas/Cases_case_status' + tags: + $ref: '#/components/schemas/Cases_case_tags' + title: + $ref: '#/components/schemas/Cases_case_title' + version: + description: >- + The current version of the case. To determine this value, use + the get case or find cases APIs. + type: string + required: + - id + - version + maxItems: 100 + minItems: 1 + type: array + required: + - cases + title: Update case request + type: object + Cases_update_user_comment_request_properties: + description: Defines properties for case comment requests when type is user. + properties: + comment: + description: The new comment. It is required only when `type` is `user`. + example: A new comment. + maxLength: 30000 + type: string + id: + description: > + The identifier for the comment. To retrieve comment IDs, use the get + comments API. + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + type: + description: The type of comment. + enum: + - user + example: user + type: string + version: + description: > + The current comment version. To retrieve version values, use the get + comments API. + example: Wzk1LDFd + type: string + required: + - comment + - id + - owner + - type + - version + title: Update case comment request properties for user comments + type: object + Cases_user_actions_find_response_properties: + type: object + properties: + action: + $ref: '#/components/schemas/Cases_actions' + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true type: string - FlightTimeMin: - aggregatable: true - count: 0 - esTypes: - - float - format: - id: number - isMapped: true - name: FlightTimeMin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: number - hour_of_day: - aggregatable: true - count: 0 - esTypes: - - long - format: - id: number - params: - pattern: '00' - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Origin: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: Origin - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - OriginAirportID: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginAirportID - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - OriginCityName: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCityName - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + username: + example: elastic + nullable: true type: string - OriginCountry: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginCountry - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + required: + - email + - full_name + - username + id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + description: The type of action. + enum: + - assignees + - create_case + - comment + - connector + - description + - pushed + - tags + - title + - status + - settings + - severity + example: create_case + type: string + version: + example: WzM1ODg4LDFd + type: string + required: + - action + - comment_id + - created_at + - created_by + - id + - owner + - payload + - type + - version + Cases_user_actions_response_properties: + type: object + properties: + action: + $ref: '#/components/schemas/Cases_actions' + action_id: + example: 22fd3e30-03b1-11ed-920c-974bfa104448 + type: string + case_id: + example: 22df07d0-03b1-11ed-920c-974bfa104448 + type: string + comment_id: + example: 578608d0-03b1-11ed-920c-974bfa104448 + nullable: true + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + type: object + properties: + email: + example: null + nullable: true type: string - OriginLocation: - aggregatable: true - count: 0 - esTypes: - - geo_point - format: - id: geo_point - params: - transform: wkt - isMapped: true - name: OriginLocation - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: geo_point - OriginRegion: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginRegion - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + full_name: + example: null + nullable: true type: string - OriginWeather: - aggregatable: true - count: 0 - esTypes: - - keyword - format: - id: string - isMapped: true - name: OriginWeather - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false + profile_uid: + example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 type: string - timestamp: - aggregatable: true - count: 0 - esTypes: - - date - format: - id: date - isMapped: true - name: timestamp - readFromDocValues: true - scripted: false - searchable: true - shortDotsEnable: false - type: date - id: d3d7af60-4c81-11e8-b3d7-01146121b73d - name: Kibana Sample Data Flights - runtimeFieldMap: - hour_of_day: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - sourceFilters: [] - timeFieldName: timestamp - title: kibana_sample_data_flights - version: WzM2LDJd - fields: - - aggregatable: true - count: 0 - esTypes: - - long - name: hour_of_day - readFromDocValues: false - runtimeField: - script: - source: emit(doc['timestamp'].value.getHour()); - type: long - scripted: false - searchable: true - shortDotsEnable: false - type: number - Data_views_preview_swap_data_view_request: - summary: Preview swapping references from data view ID "abcd-efg" to "xyz-123". - value: - fromId: abcd-efg - toId: xyz-123 - Data_views_set_default_data_view_request: - summary: Set the default data view identifier. - value: - data_view_id: ff959d40-b880-11e8-a6d9-e546fe2bba5f - force: true - Data_views_swap_data_view_request: - summary: >- - Swap references from data view ID "abcd-efg" to "xyz-123" and remove the - data view that is no longer referenced. - value: - delete: true - fromId: abcd-efg - toId: xyz-123 - Data_views_update_data_view_request: - summary: Update some properties for a data view. - value: - data_view: - allowNoIndex: false - name: Kibana Sample Data eCommerce - timeFieldName: order_date - title: kibana_sample_data_ecommerce - refresh_fields: true - Data_views_update_field_metadata_request: - summary: Update metadata for multiple fields. - value: - fields: - field1: - count: 123 - customLabel: Field 1 label - field2: - customDescription: Field 2 description - customLabel: Field 2 label - Data_views_update_runtime_field_request: - summary: Update an existing runtime field on a data view. - value: - runtimeField: - script: - source: emit(doc["bar"].value) - Machine_learning_APIs_mlSyncExample: - summary: Two anomaly detection jobs required synchronization in this example. - value: - datafeedsAdded: {} - datafeedsRemoved: {} - savedObjectsCreated: - anomaly-detector: - myjob1: - success: true - myjob2: - success: true - savedObjectsDeleted: {} - Saved_objects_export_objects_request: - summary: Export a specific saved object. - value: - excludeExportDetails: true - includeReferencesDeep: false - objects: - - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - type: map - Saved_objects_export_objects_response: - summary: >- - The export objects API response contains a JSON record for each exported - object. - value: - attributes: - description: '' - layerListJSON: >- - [{"id":"0hmz5","alpha":1,"sourceDescriptor":{"type":"EMS_TMS","isAutoSelect":true,"lightModeDefault":"road_map_desaturated"},"visible":true,"style":{},"type":"EMS_VECTOR_TILE","minZoom":0,"maxZoom":24},{"id":"edh66","label":"Total - Requests by - Destination","minZoom":0,"maxZoom":24,"alpha":0.5,"sourceDescriptor":{"type":"EMS_FILE","id":"world_countries","tooltipProperties":["name","iso2"]},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"__kbnjoin__count__673ff994-fc75-4c67-909b-69fcb0e1060e","origin":"join"},"color":"Greys","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"STATIC","options":{"size":10}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR","joins":[{"leftField":"iso2","right":{"type":"ES_TERM_SOURCE","id":"673ff994-fc75-4c67-909b-69fcb0e1060e","indexPatternTitle":"kibana_sample_data_logs","term":"geo.dest","indexPatternRefName":"layer_1_join_0_index_pattern","metrics":[{"type":"count","label":"web - logs - count"}],"applyGlobalQuery":true}}]},{"id":"gaxya","label":"Actual - Requests","minZoom":9,"maxZoom":24,"alpha":1,"sourceDescriptor":{"id":"b7486535-171b-4d3b-bb2e-33c1a0a2854c","type":"ES_SEARCH","geoField":"geo.coordinates","limit":2048,"filterByMapBounds":true,"tooltipProperties":["clientip","timestamp","host","request","response","machine.os","agent","bytes"],"indexPatternRefName":"layer_2_source_index_pattern","applyGlobalQuery":true,"scalingType":"LIMIT"},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"STATIC","options":{"color":"#2200ff"}},"lineColor":{"type":"STATIC","options":{"color":"#FFFFFF"}},"lineWidth":{"type":"STATIC","options":{"size":2}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"bytes","origin":"source"},"minSize":1,"maxSize":23,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"},{"id":"tfi3f","label":"Total - Requests and - Bytes","minZoom":0,"maxZoom":9,"alpha":1,"sourceDescriptor":{"type":"ES_GEO_GRID","resolution":"COARSE","id":"8aaa65b5-a4e9-448b-9560-c98cb1c5ac5b","geoField":"geo.coordinates","requestType":"point","metrics":[{"type":"count","label":"web - logs - count"},{"type":"sum","field":"bytes"}],"indexPatternRefName":"layer_3_source_index_pattern","applyGlobalQuery":true},"visible":true,"style":{"type":"VECTOR","properties":{"fillColor":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"color":"Blues","fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"lineColor":{"type":"STATIC","options":{"color":"#cccccc"}},"lineWidth":{"type":"STATIC","options":{"size":1}},"iconSize":{"type":"DYNAMIC","options":{"field":{"name":"sum_of_bytes","origin":"source"},"minSize":7,"maxSize":25,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelText":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"labelSize":{"type":"DYNAMIC","options":{"field":{"name":"doc_count","origin":"source"},"minSize":12,"maxSize":24,"fieldMetaOptions":{"isEnabled":false,"sigma":3}}},"symbolizeAs":{"options":{"value":"circle"}},"icon":{"type":"STATIC","options":{"value":"marker"}}}},"type":"GEOJSON_VECTOR"}] - mapStateJSON: >- - {"zoom":3.64,"center":{"lon":-88.92107,"lat":42.16337},"timeFilters":{"from":"now-7d","to":"now"},"refreshConfig":{"isPaused":true,"interval":0},"query":{"language":"kuery","query":""},"settings":{"autoFitToDataBounds":false}} - title: '[Logs] Total Requests and Bytes' - uiStateJSON: '{"isDarkMode":false}' - coreMigrationVersion: 8.8.0 - created_at: '2023-08-23T20:03:32.204Z' - id: de71f4f0-1902-11e9-919b-ffe5949a18d2 - managed: false - references: - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_1_join_0_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_2_source_index_pattern - type: index-pattern - - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - name: layer_3_source_index_pattern - type: index-pattern - type: map - typeMigrationVersion: 8.4.0 - updated_at: '2023-08-23T20:03:32.204Z' - version: WzEzLDFd - Saved_objects_import_objects_request: - value: - file: file.ndjson - Saved_objects_import_objects_response: - summary: >- - The import objects API response indicates a successful import and the - objects are created. Since these objects are created as new copies, each - entry in the successResults array includes a destinationId attribute. - value: - success: true - successCount: 1 - successResults: - - destinationId: 82d2760c-468f-49cf-83aa-b9a35b6a8943 - id: 90943e30-9a47-11e8-b64d-95841ca0b247 - managed: false - meta: - icon: indexPatternApp - title: Kibana Sample Data Logs - type: index-pattern - Saved_objects_key_rotation_response: - summary: Encryption key rotation using default parameters. - value: - failed: 0 - successful: 300 - total: 1000 - Saved_objects_resolve_missing_reference_request: - value: - file: file.ndjson - retries: - - id: my-pattern - overwrite: true - type: index-pattern - - destinationId: another-vis - id: my-vis - overwrite: true - type: visualization - - destinationId: yet-another-canvas - id: my-canvas - overwrite: true - type: canvas - - id: my-dashboard - type: dashboard - Saved_objects_resolve_missing_reference_response: - summary: Resolve missing reference errors. - value: - success: true - successCount: 3 - successResults: - - id: my-vis - meta: - icon: visualizeApp - title: Look at my visualization - type: visualization - - id: my-search - meta: - icon: searchApp - title: Look at my search - type: search - - id: my-dashboard - meta: - icon: dashboardApp - title: Look at my dashboard - type: dashboard - parameters: - Alerting_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_alert_id: - description: An identifier for the alert. - in: path - name: alertId - required: true - schema: - example: 09f0c261e39e36351d75995b78bb83673774d1bc2cca9df2d15f0e5c0a99a540 + username: + example: elastic + nullable: true + type: string + required: + - email + - full_name + - username + owner: + $ref: '#/components/schemas/Cases_owners' + payload: + oneOf: + - $ref: '#/components/schemas/Cases_payload_alert_comment' + - $ref: '#/components/schemas/Cases_payload_assignees' + - $ref: '#/components/schemas/Cases_payload_connector' + - $ref: '#/components/schemas/Cases_payload_create_case' + - $ref: '#/components/schemas/Cases_payload_delete' + - $ref: '#/components/schemas/Cases_payload_description' + - $ref: '#/components/schemas/Cases_payload_pushed' + - $ref: '#/components/schemas/Cases_payload_settings' + - $ref: '#/components/schemas/Cases_payload_severity' + - $ref: '#/components/schemas/Cases_payload_status' + - $ref: '#/components/schemas/Cases_payload_tags' + - $ref: '#/components/schemas/Cases_payload_title' + - $ref: '#/components/schemas/Cases_payload_user_comment' + type: + $ref: '#/components/schemas/Cases_action_types' + required: + - action + - action_id + - case_id + - comment_id + - created_at + - created_by + - owner + - payload + - type + Cases_user_comment_response_properties: + title: Case response properties for user comments + type: object + properties: + comment: + example: A new comment. + type: string + created_at: + example: '2022-05-13T09:16:17.416Z' + format: date-time + type: string + created_by: + $ref: '#/components/schemas/Cases_case_response_created_by_properties' + id: + example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + type: string + owner: + $ref: '#/components/schemas/Cases_owners' + pushed_at: + example: null + format: date-time + nullable: true + type: string + pushed_by: + $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' + type: + enum: + - user + example: user + type: string + updated_at: + example: null + format: date-time + nullable: true + type: string + updated_by: + $ref: '#/components/schemas/Cases_case_response_updated_by_properties' + version: + example: WzIwNDMxLDFd + type: string + required: + - type + Data_views_400_response: + title: Bad request + type: object + properties: + error: + example: Bad Request + type: string + message: + type: string + statusCode: + example: 400 + type: number + required: + - statusCode + - error + - message + Data_views_404_response: + type: object + properties: + error: + enum: + - Not Found + example: Not Found + type: string + message: + example: >- + Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] + not found + type: string + statusCode: + enum: + - 404 + example: 404 + type: integer + Data_views_allownoindex: + description: Allows the data view saved object to exist before the data is available. + type: boolean + Data_views_create_data_view_request_object: + title: Create data view request + type: object + properties: + data_view: + description: The data view object. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + version: + type: string + required: + - title + override: + default: false + description: >- + Override an existing data view if a data view with the provided + title already exists. + type: boolean + required: + - data_view + Data_views_data_view_response_object: + title: Data view response properties + type: object + properties: + data_view: + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldAttrs: + additionalProperties: + $ref: '#/components/schemas/Data_views_fieldattrs' + type: object + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + id: + example: ff959d40-b880-11e8-a6d9-e546fe2bba5f + type: string + name: + description: The data view name. + type: string + namespaces: + $ref: '#/components/schemas/Data_views_namespaces' + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta_response' + version: + example: WzQ2LDJd + type: string + Data_views_fieldattrs: + description: A map of field attributes by field name. + type: object + properties: + count: + description: Popularity count for the field. + type: integer + customDescription: + description: Custom description for the field. + maxLength: 300 + type: string + customLabel: + description: Custom label for the field. + type: string + Data_views_fieldformats: + description: A map of field formats by field name. + type: object + Data_views_namespaces: + description: >- + An array of space identifiers for sharing the data view between multiple + spaces. + items: + default: default type: string - Cases_assignees_filter: - description: > - Filters the returned cases by assignees. Valid values are `none` or - unique identifiers for the user profiles. These identifiers can be found - by using the suggest user profile API. - in: query - name: assignees - schema: - oneOf: - - type: string - - items: + type: array + Data_views_runtimefieldmap: + description: A map of runtime field definitions by field name. + type: object + properties: + script: + type: object + properties: + source: + description: Script for the runtime field. type: string - maxItems: 100 - type: array - Cases_case_id: + type: + description: Mapping type of the runtime field. + type: string + required: + - script + - type + Data_views_sourcefilters: + description: The array of field names you want to filter out in Discover. + items: + type: object + properties: + value: + type: string + required: + - value + type: array + Data_views_swap_data_view_request_object: + title: Data view reference swap request + type: object + properties: + delete: + description: Deletes referenced saved object if all references are removed. + type: boolean + forId: + description: Limit the affected saved objects to one or more by identifier. + oneOf: + - type: string + - items: + type: string + type: array + forType: + description: Limit the affected saved objects by type. + type: string + fromId: + description: The saved object reference to change. + type: string + fromType: + description: > + Specify the type of the saved object reference to alter. The default + value is `index-pattern` for data views. + type: string + toId: + description: New saved object reference value to replace the old value. + type: string + required: + - fromId + - toId + Data_views_timefieldname: + description: The timestamp field name, which you use for time-based data views. + type: string + Data_views_title: description: >- - The identifier for the case. To retrieve case IDs, use the find cases - API. All non-ASCII characters must be URL encoded. - in: path - name: caseId - required: true - schema: - example: 9c235210-6834-11ea-a78c-6ffb38a34414 - type: string - Cases_category: - description: Filters the returned cases by category. - in: query - name: category - schema: - oneOf: - - example: my-category + Comma-separated list of data streams, indices, and aliases that you want + to search. Supports wildcards (`*`). + type: string + Data_views_type: + description: When set to `rollup`, identifies the rollup data views. + type: string + Data_views_typemeta: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + required: + - aggs + - params + Data_views_typemeta_response: + description: >- + When you use rollup indices, contains the field list for the rollup data + view API endpoints. + nullable: true + type: object + properties: + aggs: + description: A map of rollup restrictions by aggregation type and field name. + type: object + params: + description: Properties for retrieving rollup fields. + type: object + Data_views_update_data_view_request_object: + title: Update data view request + type: object + properties: + data_view: + description: > + The data view properties you want to update. Only the specified + properties are updated in the data view. Unspecified fields stay as + they are persisted. + type: object + properties: + allowNoIndex: + $ref: '#/components/schemas/Data_views_allownoindex' + fieldFormats: + $ref: '#/components/schemas/Data_views_fieldformats' + fields: + type: object + name: + type: string + runtimeFieldMap: + additionalProperties: + $ref: '#/components/schemas/Data_views_runtimefieldmap' + type: object + sourceFilters: + $ref: '#/components/schemas/Data_views_sourcefilters' + timeFieldName: + $ref: '#/components/schemas/Data_views_timefieldname' + title: + $ref: '#/components/schemas/Data_views_title' + type: + $ref: '#/components/schemas/Data_views_type' + typeMeta: + $ref: '#/components/schemas/Data_views_typemeta' + refresh_fields: + default: false + description: Reloads the data view fields after the data view is updated. + type: boolean + required: + - data_view + Fleet_agent: + title: Agent + type: object + properties: + access_api_key: + type: string + access_api_key_id: + type: string + active: + type: boolean + components: + items: + $ref: '#/components/schemas/Fleet_agent_component' + type: array + default_api_key: + type: string + default_api_key_id: + type: string + enrolled_at: + type: string + id: + type: string + last_checkin: + type: string + local_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + metrics: + type: object + properties: + cpu_avg: + description: >- + Average agent CPU usage during the last 5 minutes, number + between 0-1 + type: number + memory_size_byte_avg: + description: Average agent memory consumption during the last 5 minutes + type: number + policy_id: + type: string + policy_revision: + type: number + status: + $ref: '#/components/schemas/Fleet_agent_status' + type: + $ref: '#/components/schemas/Fleet_agent_type' + unenrolled_at: + type: string + unenrollment_started_at: + type: string + user_provided_metadata: + $ref: '#/components/schemas/Fleet_agent_metadata' + required: + - type + - active + - enrolled_at + - id + - status + Fleet_agent_action: + oneOf: + - properties: + ack_data: + type: string + data: + type: string + type: + enum: + - UNENROLL + - UPGRADE + - POLICY_REASSIGN + type: string + - properties: + data: + type: object + properties: + log_level: + enum: + - debug + - info + - warning + - error + nullable: true + type: string + type: + type: string + title: Agent action + Fleet_agent_component: + title: Agent component + type: object + properties: + id: + type: string + message: + type: string + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + type: string + units: + items: + $ref: '#/components/schemas/Fleet_agent_component_unit' + type: array + Fleet_agent_component_status: + enum: + - starting + - configuring + - healthy + - degraded + - failed + - stopping + - stopped + title: Agent component status + type: string + Fleet_agent_component_unit: + title: Agent component unit + type: object + properties: + id: + type: string + message: + type: string + payload: + type: object + status: + $ref: '#/components/schemas/Fleet_agent_component_status' + type: + $ref: '#/components/schemas/Fleet_agent_component_unit_type' + Fleet_agent_component_unit_type: + enum: + - input + - output + title: Agent component unit type + type: string + Fleet_agent_diagnostics: + title: Agent diagnostics + type: object + properties: + actionId: + type: string + createTime: + type: string + filePath: + type: string + id: + type: string + name: + type: string + status: + enum: + - READY + - AWAITING_UPLOAD + - DELETED + - IN_PROGRESS + required: + - id + - name + - createTime + - filePath + - actionId + - status + Fleet_agent_get_by_actions: + items: + items: + type: string + type: array + title: Agents get by action ids + type: array + Fleet_agent_metadata: + title: Agent metadata + type: object + Fleet_agent_policy: + title: Agent Policy + type: object + properties: + advanced_settings: + description: >- + Advanced settings stored in the agent policy, e.g. + agent_limits_go_max_procs + nullable: true + type: object + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + agents: + type: number + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + description: >- + Indicates whether the agent policy has tamper protection enabled. + Default false. + type: boolean + keep_monitoring_alive: + description: >- + When set to true, monitoring will be enabled but logs/metrics + collection will be disabled + nullable: true + type: boolean + monitoring_diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + monitoring_enabled: + items: + enum: + - metrics + - logs type: string - - items: + type: array + monitoring_http: + type: object + properties: + enabled: + type: boolean + host: type: string - maxItems: 100 - type: array - Cases_comment_id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - case or find cases APIs. - in: path - name: commentId - required: true - schema: - example: 71ec1870-725b-11ea-a0b2-c51ea50a58e2 - type: string - Cases_configuration_id: - description: An identifier for the configuration. - in: path - name: configurationId - required: true - schema: - example: 3297a0f0-b5ec-11ec-b141-0fdb20a7f9a9 - type: string - Cases_connector_id: - description: >- - An identifier for the connector. To retrieve connector IDs, use the find - connectors API. - in: path - name: connectorId - required: true - schema: - example: abed3a70-71bd-11ea-a0b2-c51ea50a58e2 - type: string - Cases_defaultSearchOperator: - description: he default operator to use for the simple_query_string. - example: OR - in: query - name: defaultSearchOperator - schema: - default: OR - type: string - Cases_from: - description: > - Returns only cases that were created after a specific date. The date - must be specified as a KQL data range or date match expression. - in: query - name: from - schema: - example: now-1d - type: string - Cases_ids: - description: > - The cases that you want to removed. All non-ASCII characters must be URL - encoded. - example: d4e7abb0-b462-11ec-9a8d-698504725a43 - in: query - name: ids - required: true - schema: - items: - maxItems: 100 - minItems: 1 + port: + type: number + required: + - enabled + monitoring_output_id: + nullable: true + type: string + monitoring_pprof_enabled: + type: boolean + name: + type: string + namespace: + type: string + overrides: + description: >- + Override settings that are defined in the agent policy. Input + settings cannot be overridden. The override option should be used + only in unusual circumstances and not as a routine procedure. + nullable: true + type: object + package_policies: + description: >- + This field is present only when retrieving a single agent policy, or + when retrieving a list of agent policies with the ?full=true + parameter + items: + $ref: '#/components/schemas/Fleet_package_policy' + type: array + revision: + type: number + supports_agentless: + description: >- + Indicates whether the agent policy supports agentless integrations. + Only allowed in a serverless environment. + type: boolean + unenroll_timeout: + type: integer + unprivileged_agents: + type: number + updated_by: + type: string + updated_on: + format: date-time + type: string + required: + - id + - status + - name + - namespace + Fleet_agent_policy_create_request: + title: Create agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true type: string - type: array - Cases_includeComments: - deprecated: true - description: >- - Deprecated in 8.1.0. This parameter is deprecated and will be removed in - a future release. It determines whether case comments are returned. - in: query - name: includeComments - schema: - default: true - type: boolean - Cases_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Cases_owner: - description: > - A filter to limit the response to a specific set of applications. If - this parameter is omitted, the response contains information about all - the cases that the user has access to read. - example: cases - in: query - name: owner - schema: - oneOf: - - $ref: '#/components/schemas/Cases_owners' - - items: - $ref: '#/components/schemas/Cases_owners' - type: array - Cases_page_index: - description: The page number to return. - in: query - name: page - required: false - schema: - default: 1 - type: integer - Cases_page_size: - description: The number of items to return. Limited to 100 items. - in: query - name: perPage - required: false - schema: - default: 20 - maximum: 100 - type: integer - Cases_reporters: - description: Filters the returned cases by the user name of the reporter. - example: elastic - in: query - name: reporters - schema: - oneOf: - - type: string - - items: - type: string - maxItems: 100 - type: array - Cases_search: - description: >- - An Elasticsearch simple_query_string query that filters the objects in - the response. - in: query - name: search - schema: - type: string - Cases_searchFields: - description: The fields to perform the simple_query_string parsed query against. - in: query - name: searchFields - schema: - oneOf: - - $ref: '#/components/schemas/Cases_searchFieldsType' - - items: - $ref: '#/components/schemas/Cases_searchFieldsType' - type: array - Cases_severity: - description: The severity of the case. - in: query - name: severity - schema: - enum: - - critical - - high - - low - - medium - type: string - Cases_sort_order: - description: Determines the sort order. - in: query - name: sortOrder - required: false - schema: - default: desc - enum: - - asc - - desc - type: string - Cases_sortField: - description: Determines which field is used to sort the results. - example: updatedAt - in: query - name: sortField - schema: - default: createdAt - enum: - - createdAt - - updatedAt - - closedAt - - title - - category - - status - - severity - type: string - Cases_status: - description: Filters the returned cases by state. - example: open - in: query - name: status - schema: - enum: - - closed - - in-progress - - open - type: string - Cases_tags: - description: Filters the returned cases by tags. - example: tag-1 - in: query - name: tags - schema: - oneOf: - - type: string - - items: + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + id: + type: string + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_policy_full: + oneOf: + - type: object + properties: + item: type: string - maxItems: 100 - type: array - Cases_to: - description: > - Returns only cases that were created before a specific date. The date - must be specified as a KQL data range or date match expression. - example: now+1d - in: query - name: to - schema: - type: string - Cases_user_action_types: - description: Determines the types of user actions to return. - example: create_case - in: query - name: types - schema: + - type: object + properties: + item: + $ref: '#/components/schemas/Fleet_full_agent_policy' + title: Agent policy full response + type: object + Fleet_agent_policy_update_request: + title: Update agent policy request + type: object + properties: + agent_features: + items: + type: object + properties: + enabled: + type: boolean + name: + type: string + required: + - name + - enabled + type: array + data_output_id: + nullable: true + type: string + description: + type: string + download_source_id: + nullable: true + type: string + fleet_server_host_id: + nullable: true + type: string + force: + description: Force agent policy creation even if packages are not verified. + type: boolean + global_data_tags: + items: + additionalProperties: + oneOf: + - type: string + - type: number + description: >- + User defined data tags that are added to all of the inputs. The + values can be strings or numbers. + type: object + type: array + inactivity_timeout: + type: integer + is_protected: + type: boolean + monitoring_enabled: + items: + enum: + - metrics + - logs + type: string + type: array + monitoring_output_id: + nullable: true + type: string + name: + type: string + namespace: + type: string + unenroll_timeout: + type: integer + required: + - name + - namespace + Fleet_agent_status: + enum: + - offline + - error + - online + - inactive + - warning + title: Elastic Agent status + type: string + Fleet_agent_type: + enum: + - PERMANENT + - EPHEMERAL + - TEMPORARY + title: Agent type + type: string + Fleet_bulk_install_packages_response: + title: Bulk install packages response + type: object + properties: items: - enum: - - action - - alert - - assignees - - attachment - - comment - - connector - - create_case - - description - - pushed - - settings - - severity - - status - - tags - - title - - user + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + response: + deprecated: true + items: + type: object + properties: + name: + type: string + version: + type: string + type: array + required: + - items + Fleet_bulk_upgrade_agents: + title: Bulk upgrade agents + type: object + properties: + agents: + oneOf: + - description: KQL query string, leave empty to action all agents + type: string + - description: list of agent IDs + items: + type: string + type: array + force: + description: Force upgrade, skipping validation (should be used with caution) + type: boolean + rollout_duration_seconds: + description: rolling upgrade window duration in seconds + type: number + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + description: alternative upgrade binary download url + type: string + start_time: + description: start time of upgrade in ISO 8601 format + type: string + version: + description: version to upgrade to + type: string + required: + - agents + - version + Fleet_data_stream: + title: Data stream + type: object + properties: + dashboard: + items: + type: object + properties: + id: + type: string + title: + type: string + type: array + dataset: + type: string + index: + type: string + last_activity_ms: + type: number + namespace: + type: string + package: + type: string + package_version: + type: string + size_in_bytes: + type: number + size_in_bytes_formatted: + type: string + type: + type: string + Fleet_download_sources: + title: Download Source + type: object + properties: + host: + type: string + id: + type: string + is_default: + type: boolean + name: + type: string + proxy_id: + description: >- + The ID of the proxy to use for this download source. See the proxies + API for more information. + nullable: true + type: string + required: + - is_default + - name + - host + Fleet_elasticsearch_asset_type: + enum: + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + title: Elasticsearch asset type + type: string + Fleet_enrollment_api_key: + title: Enrollment API key + type: object + properties: + active: + description: >- + When false, the enrollment API key is revoked and cannot be used for + enrolling Elastic Agents. + type: boolean + api_key: + description: The enrollment API key (token) used for enrolling Elastic Agents. + type: string + api_key_id: + description: The ID of the API key in the Security API. + type: string + created_at: + type: string + id: + type: string + name: + description: The name of the enrollment API key. + type: string + policy_id: + description: The ID of the agent policy the Elastic Agent will be enrolled in. + type: string + required: + - id + - api_key_id + - api_key + - active + - created_at + Fleet_fleet_server_host: + title: Fleet Server Host + type: object + properties: + host_urls: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_internal: + type: boolean + is_preconfigured: + type: boolean + name: + type: string + proxy_id: + type: string + required: + - fleet_server_hosts + - id + - is_default + - is_preconfigured + - host_urls + Fleet_fleet_settings_response: + title: Fleet settings response + type: object + properties: + item: + $ref: '#/components/schemas/Fleet_settings' + required: + - item + Fleet_fleet_setup_response: + title: Fleet Setup response + type: object + properties: + isInitialized: + type: boolean + nonFatalErrors: + items: + type: object + properties: + message: + type: string + name: + type: string + required: + - name + - message + type: array + required: + - isInitialized + - nonFatalErrors + Fleet_fleet_status_response: + title: Fleet status response + type: object + properties: + isReady: + type: boolean + missing_optional_features: + items: + enum: + - encrypted_saved_object_encryption_key_required + type: string + type: array + missing_requirements: + items: + enum: + - tls_required + - api_keys + - fleet_admin_user + - fleet_server + type: string + type: array + package_verification_key_id: type: string - type: array - Data_views_field_name: - description: The name of the runtime field. - in: path - name: fieldName - required: true - schema: - example: hour_of_day - type: string - Data_views_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Data_views_view_id: - description: An identifier for the data view. - in: path - name: viewId - required: true - schema: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - Fleet_format: - description: Simplified or legacy format for package inputs - in: query - name: format - required: false - schema: - enum: - - simplified - - legacy - type: string - Fleet_kbn_xsrf: - description: Kibana's anti Cross-Site Request Forgery token. Can be any string value. - in: header - name: kbn-xsrf - required: true - schema: - type: string - Fleet_kuery: - in: query - name: kuery - required: false - schema: - type: string - Fleet_page_index: - in: query - name: page - required: false - schema: - default: 1 - type: integer - Fleet_page_size: - description: The number of items to return - in: query - name: perPage - required: false - schema: - default: 20 - type: integer - Fleet_show_inactive: - in: query - name: showInactive - required: false - schema: - type: boolean - Fleet_show_upgradeable: - in: query - name: showUpgradeable - required: false - schema: - type: boolean - Fleet_sort_field: - in: query - name: sortField - required: false - schema: - deprecated: true - type: string - Fleet_sort_order: - in: query - name: sortOrder - required: false - schema: - enum: - - asc - - desc - type: string - Fleet_with_metrics: - description: Return agent metrics, false by default - in: query - name: withMetrics - required: false - schema: - type: boolean - Machine_learning_APIs_simulateParam: - description: >- - When true, simulates the synchronization by returning only the list of - actions that would be performed. - example: 'true' - in: query - name: simulate - required: false - schema: - type: boolean - Saved_objects_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - Saved_objects_saved_object_id: - description: An identifier for the saved object. - in: path - name: id - required: true - schema: - type: string - Saved_objects_saved_object_type: - description: >- - Valid options include `visualization`, `dashboard`, `search`, - `index-pattern`, `config`. - in: path - name: type - required: true - schema: - type: string - SLOs_kbn_xsrf: - description: Cross-site request forgery protection - in: header - name: kbn-xsrf - required: true - schema: - type: string - SLOs_slo_id: - description: An identifier for the slo. - in: path - name: sloId - required: true - schema: - example: 9c235211-6834-11ea-a78c-6feb38a34414 - type: string - SLOs_space_id: - description: >- - An identifier for the space. If `/s/` and the identifier are omitted - from the path, the default space is used. - in: path - name: spaceId - required: true - schema: - example: default - type: string - responses: - Fleet_error: - content: - application/json; Elastic-Api-Version=2023-10-31: - schema: + required: + - isReady + - missing_requirements + - missing_optional_features + Fleet_full_agent_policy: + title: Full agent policy + type: object + properties: + agent: + nullable: true + type: string + fleet: + oneOf: + - type: object + properties: + hosts: + items: + type: string + type: array + proxy_headers: {} + proxy_url: + type: string + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + renegotiation: + type: string + verification_mode: + type: string + - type: object + properties: + kibana: + type: object + properties: + hosts: + items: + type: string + type: array + path: + type: string + protocol: + type: string + id: + type: string + inputs: + type: string + monitoring: + type: object + properties: + diagnostics: + type: object + properties: + limit: + type: object + properties: + burst: + type: number + interval: + type: string + uploader: + type: object + properties: + init_dur: + type: string + max_dur: + type: string + max_retries: + type: number + enabled: + type: boolean + http: + type: object + properties: + enabled: + type: boolean + host: + type: string + port: + type: number + required: + - enabled + logs: + type: boolean + metrics: + type: boolean + namespace: + type: string + pprof: + type: object + properties: + enabled: + type: boolean + required: + - enabled + traces: + type: boolean + use_output: + type: string + required: + - enabled + - metrics + - logs + - traces + output_permissions: + additionalProperties: type: object properties: - error: - type: string - message: - type: string - statusCode: - type: number - description: Generic Error - schemas: - Alerting_401_response: - properties: - error: - enum: - - Unauthorized - example: Unauthorized - type: string - message: - type: string - statusCode: - enum: - - 401 - example: 401 - type: integer - title: Unsuccessful rule API response - type: object - Alerting_alert_response_properties: - title: Legacy alert response properties - type: object - properties: - actions: + data: + $ref: >- + #/components/schemas/Fleet_full_agent_policy_output_permissions + output: + type: integer + type: object + outputs: + additionalProperties: + $ref: '#/components/schemas/Fleet_full_agent_policy_output' + type: object + revision: + type: number + secret_references: items: type: object + properties: + id: + type: string type: array - alertTypeId: - example: .index-threshold - type: string - apiKeyOwner: - example: elastic - nullable: true - type: string - createdAt: - description: The date and time that the alert was created. - example: '2022-12-05T23:36:58.284Z' - format: date-time - type: string - createdBy: - description: The identifier for the user that created the alert. - example: elastic - type: string - enabled: - description: Indicates whether the alert is currently enabled. - example: true - type: boolean - executionStatus: + required: + - id + - outputs + - inputs + Fleet_full_agent_policy_input: + allOf: + - additionalProperties: true type: object properties: - lastExecutionDate: - example: '2022-12-06T00:13:43.890Z' - format: date-time + data_stream: + type: object + properties: + namespace: + type: string + required: + - namespace + id: type: string - status: - example: ok + meta: + additionalProperties: true + type: object + properties: + package: + type: object + properties: + name: + type: string + version: + type: string + required: + - name + - version + name: type: string - id: - description: The identifier for the alert. - example: b530fed0-74f5-11ed-9801-35303b735aef + revision: + type: number + streams: + $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' + type: + type: string + use_output: + type: string + required: + - id + - name + - revision + - type + - data_stream + - use_output + title: Full agent policy input + Fleet_full_agent_policy_input_stream: + allOf: + - additionalProperties: true + type: object + properties: + data_stream: + type: object + properties: + dataset: + type: string + type: + type: string + required: + - dataset + - type + id: + type: string + required: + - id + - data_stream + title: Full agent policy input stream + Fleet_full_agent_policy_output: + title: Full agent policy + type: object + properties: + additionalProperties: + type: object + properties: + text: {} + ca_sha256: + nullable: true type: string - muteAll: - example: false - type: boolean - mutedInstanceIds: + hosts: items: type: string - nullable: true type: array - name: - description: The name of the alert. - example: my alert - type: string - notifyWhen: - example: onActionGroupChange - type: string - params: - additionalProperties: true - type: object - schedule: - type: object - properties: - interval: - type: string - scheduledTaskId: - example: b530fed0-74f5-11ed-9801-35303b735aef + proxy_headers: {} + proxy_url: type: string - tags: + type: {} + required: + - type + - hosts + - ca_sha256 + Fleet_full_agent_policy_output_permissions: + additionalProperties: + type: object + properties: + data: + type: object + properties: + cluster: + items: + type: string + type: array + indices: + items: + type: object + properties: + names: + items: + type: string + type: array + privileges: + items: + type: string + type: array + type: array + packagePolicyName: + type: string + title: Full agent policy output permissions + Fleet_get_agent_tags_response: + title: Get Agent Tags response + type: object + properties: + items: + items: + type: string + type: array + Fleet_get_agents_response: + title: Get Agent response + type: object + properties: + items: items: - type: string + $ref: '#/components/schemas/Fleet_agent' type: array - throttle: - nullable: true - type: string - updatedAt: - example: '2022-12-05T23:36:58.284Z' - type: string - updatedBy: - description: The identifier for the user that updated this alert most recently. - example: elastic - nullable: true - type: string - Alerting_fieldmap_properties: - title: Field map objects in the get rule types response - type: object + list: + deprecated: true + items: + $ref: '#/components/schemas/Fleet_agent' + type: array + page: + type: number + perPage: + type: number + statusSummary: + type: object + properties: + degraded': + type: number + enrolling: + type: number + error: + type: number + inactive: + type: number + offline: + type: number + online: + type: number + unenrolled: + type: number + unenrolling: + type: number + updating: + type: number + total: + type: number + required: + - items + - total + - page + - perPage + Fleet_get_bulk_assets_response: + deprecated: true properties: - array: - description: Indicates whether the field is an array. - type: boolean - dynamic: - description: Indicates whether it is a dynamic field mapping. - type: boolean - format: - description: > - Indicates the format of the field. For example, if the `type` is - `date_range`, the `format` can be - `epoch_millis||strict_date_optional_time`. - type: string - ignore_above: - description: >- - Specifies the maximum length of a string field. Longer strings are - not indexed or stored. - type: integer - index: - description: Indicates whether field values are indexed. - type: boolean - path: - description: TBD - type: string - properties: - additionalProperties: + items: + items: type: object properties: + appLink: + type: string + attributes: + type: object + properties: + description: + type: string + title: + type: string + id: + type: string type: - description: The data type for each object property. + $ref: '#/components/schemas/Fleet_saved_object_type' + updatedAt: type: string - description: > - Details about the object properties. This property is applicable - when `type` is `object`. - type: object - required: - description: Indicates whether the field is required. - type: boolean - scaling_factor: - description: > - The scaling factor to use when encoding values. This property is - applicable when `type` is `scaled_float`. Values will be multiplied - by this factor at index time and rounded to the closest long value. - type: integer - type: - description: Specifies the data type for the field. - example: scaled_float - type: string - Cases_4xx_response: - properties: - error: - example: Unauthorized - type: string - message: - type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful cases API response + type: array + required: + - items + title: Bulk get assets response type: object - Cases_action_types: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - delete_case - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case - type: string - Cases_actions: - enum: - - add - - create - - delete - - push_to_service - - update - example: create - type: string - Cases_add_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. + Fleet_get_categories_response: + title: Get categories response type: object properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. - enum: - - alert - example: alert - type: string - required: - - alertId - - index - - owner - - rule - - type - title: Add case comment request properties for alerts - Cases_add_case_comment_request: - description: >- - The add comment to case API request body varies depending on whether you - are adding an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_add_alert_comment_request_properties' - user: '#/components/schemas/Cases_add_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_add_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_add_user_comment_request_properties' - title: Add case comment request - Cases_add_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. - properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - type: - description: The type of comment. - enum: - - user - example: user - type: string + items: + items: + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array + response: + items: + deprecated: true + type: object + properties: + count: + type: number + id: + type: string + title: + type: string + required: + - id + - title + - count + type: array required: - - comment - - owner - - type - title: Add case comment request properties for user comments - type: object - Cases_alert_comment_response_properties: - title: Add case comment response properties for alerts + - items + Fleet_get_packages_response: + title: Get Packages response type: object properties: - alertId: + items: + items: + $ref: '#/components/schemas/Fleet_search_result' + type: array + response: + deprecated: true items: - example: a6e12ac4-7bce-457b-84f6-d7ce8deb8446 - type: string + $ref: '#/components/schemas/Fleet_search_result' type: array + required: + - items + Fleet_installation_info: + title: Installation info object + type: object + properties: created_at: - example: '2023-11-06T19:29:38.424Z' - format: date-time type: string - created_by: - type: object + experimental_data_stream_features: + type: array properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true + data_stream: type: string - required: - - email - - full_name - - username - id: - example: 73362370-ab1a-11ec-985f-97e55adae8b9 + features: + type: object + properties: + doc_value_only_numeric: + nullable: true + type: boolean + doc_value_only_other: + nullable: true + type: boolean + synthetic_source: + nullable: true + type: boolean + tsdb: + nullable: true + type: boolean + install_format_schema_version: type: string - index: - items: - example: .internal.alerts-security.alerts-default-000001 - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - pushed_at: - example: null - format: date-time - nullable: true + install_kibana_space_id: type: string - pushed_by: - nullable: true + install_source: + enum: + - registry + - upload + - bundled + type: string + install_status: + enum: + - installed + - installing + - install_failed + type: string + installed_es: type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true + deferred: + type: boolean + id: type: string - required: - - email - - full_name - - username - rule: + type: + $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' + installed_kibana: type: object properties: id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule type: string - type: - enum: - - alert - example: alert - type: string - updated_at: - format: date-time - nullable: true - type: string - updated_by: - nullable: true + type: + $ref: '#/components/schemas/Fleet_kibana_saved_object_type' + latest_executed_state: + description: Latest successfully executed state in package install state machine type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true + error: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + name: + enum: + - create_restart_installation + - install_kibana_assets + - install_ilm_policies + - install_ml_model + - install_index_template_pipelines + - remove_legacy_templates + - update_current_write_indices + - install_transforms + - delete_previous_pipelines + - save_archive_entries_from_assets_map + - update_so type: string - username: - example: elastic - nullable: true + started_at: type: string - required: - - email - - full_name - - username - version: - example: WzMwNDgsMV0= - type: string - required: - - type - Cases_alert_identifiers: - description: > - The alert identifiers. It is required only when `type` is `alert`. You - can use an array of strings to add multiple alerts to a case, provided - that they all relate to the same rule; `index` must also be an array - with the same length or number of elements. Adding multiple alerts in - this manner is recommended rather than calling the API multiple times. - This functionality is in technical preview and may be changed or removed - in a future release. Elastic will work to fix any issues, but features - in technical preview are not subject to the support SLA of official GA - features. - example: 6b24c4dc44bc720cfc92797f3d61fff952f2b2627db1fb4f8cc49f4530c4ff42 - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert identifiers - x-technical-preview: true - Cases_alert_indices: - description: > - The alert indices. It is required only when `type` is `alert`. If you - are adding multiple alerts to a case, use an array of strings; the - position of each index name in the array must match the position of the - corresponding alert identifier in the `alertId` array. This - functionality is in technical preview and may be changed or removed in a - future release. Elastic will work to fix any issues, but features in - technical preview are not subject to the support SLA of official GA - features. - oneOf: - - type: string - - items: - type: string - maxItems: 1000 - type: array - title: Alert indices - x-technical-preview: true - Cases_alert_response_properties: - type: object - properties: - attached_at: - format: date-time - type: string - id: - description: The alert identifier. - type: string - index: - description: The alert index. - type: string - Cases_assignees: - description: An array containing users that are assigned to the case. - items: - type: object - properties: - uid: - description: >- - A unique identifier for the user profile. These identifiers can be - found by using the suggest user profile API. - example: u_0wpfV1MqYDaXzLtRVY-gLMrddKDEmfz51Fszhj7hWC8_0 - type: string - required: - - uid - maxItems: 10 - nullable: true - type: array - Cases_case_category: - description: A word or phrase that categorizes the case. - maxLength: 50 - type: string - Cases_case_description: - description: The description for the case. - maxLength: 30000 - type: string - Cases_case_response_closed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true + latest_install_failed_attempts: + description: Latest failed install errors + items: + type: object + properties: + created_at: + type: string + error: + type: object + properties: + message: + type: string + name: + type: string + stack: + type: string + target_version: + type: string + type: array + name: type: string - full_name: - example: null - nullable: true + namespaces: + items: + type: string + type: array + type: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + updated_at: type: string - username: - example: elastic + verification_key_id: nullable: true type: string + verification_status: + enum: + - verified + - unverified + - unknown + type: string + version: + type: string required: - - email - - full_name - - username - title: Case response properties for closed_by - type: object - Cases_case_response_created_by_properties: - title: Case response properties for created_by - type: object + - installed_kibana + - installed_es + - name + - version + - install_status + - install_version + - install_started_at + - install_source + - verification_status + - latest_install_failed_attempts + Fleet_kibana_saved_object_type: + enum: + - dashboard + - visualization + - search + - index-pattern + - map + - lens + - ml-module + - security-rule + - csp_rule_template + title: Kibana saved object asset type + type: string + Fleet_new_package_policy: + description: '' properties: - email: - example: null - nullable: true + description: type: string - full_name: - example: null - nullable: true + enabled: + type: boolean + inputs: + items: + type: object + properties: + config: + type: object + enabled: + type: boolean + processors: + items: + type: string + type: array + streams: + items: {} + type: array + type: + type: string + vars: + type: object + required: + - type + - enabled + type: array + name: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + namespace: type: string - username: - example: elastic + output_id: + type: string + overrides: + type: object + package: + type: object + properties: + name: + type: string + requires_root: + type: boolean + title: + type: string + version: + type: string + required: + - name + - version + policy_id: + deprecated: true nullable: true type: string + policy_ids: + items: + type: string + type: array required: - - email - - full_name - - username - Cases_case_response_properties: - title: Case response properties + - inputs + - name + title: New package policy + type: object + Fleet_output_create_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_create_request_kafka' + logstash: '#/components/schemas/Fleet_output_create_request_logstash' + remote_elasticsearch: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_create_request_kafka' + - $ref: '#/components/schemas/Fleet_output_create_request_logstash' + - $ref: >- + #/components/schemas/Fleet_output_create_request_remote_elasticsearch + title: Output + Fleet_output_create_request_elasticsearch: + title: elasticsearch type: object properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - description: The case category. - nullable: true + ca_sha256: type: string - closed_at: - format: date-time - nullable: true + ca_trusted_fingerprint: type: string - closed_by: - $ref: '#/components/schemas/Cases_case_response_closed_by_properties' - comments: - description: An array of comment objects for the case. + config: + type: object + config_yaml: + type: string + hosts: items: - discriminator: - mapping: - alert: '#/components/schemas/Cases_alert_comment_response_properties' - user: '#/components/schemas/Cases_user_comment_response_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_alert_comment_response_properties' - - $ref: '#/components/schemas/Cases_user_comment_response_properties' - maxItems: 10000 - title: Case response properties for comments + type: string type: array - connector: - discriminator: - mapping: - .cases-webhook: '#/components/schemas/Cases_connector_properties_cases_webhook' - .jira: '#/components/schemas/Cases_connector_properties_jira' - .none: '#/components/schemas/Cases_connector_properties_none' - .resilient: '#/components/schemas/Cases_connector_properties_resilient' - .servicenow: '#/components/schemas/Cases_connector_properties_servicenow' - .servicenow-sir: '#/components/schemas/Cases_connector_properties_servicenow_sir' - .swimlane: '#/components/schemas/Cases_connector_properties_swimlane' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - title: Case response properties for connectors - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - elasticsearch + type: string + required: + - name + Fleet_output_create_request_kafka: + title: kafka + type: object + properties: + auth_type: type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' - customFields: - description: Custom field values for the case. + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: + type: object + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: items: type: object properties: key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle type: string value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean + type: string type: array - description: - example: A case description. - type: string - duration: - description: > - The elapsed time from the creation of the case to its closure (in - seconds). If the case has not been closed, the duration is set to - null. If the case was closed after less than half a second, the - duration is rounded down to zero. - example: 120 - nullable: true - type: integer - external_service: - $ref: '#/components/schemas/Cases_external_service' - id: - example: 66b9aa00-94fa-11ea-9f74-e7e108796192 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - example: - - tag-1 + hosts: items: type: string type: array - title: - example: Case title 1 - type: string - totalAlerts: - example: 0 - type: integer - totalComment: - example: 0 - type: integer - updated_at: - format: date-time - nullable: true - type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzUzMiwxXQ== + id: type: string - required: - - closed_at - - closed_by - - comments - - connector - - created_at - - created_by - - description - - duration - - external_service - - id - - owner - - settings - - severity - - status - - tags - - title - - totalAlerts - - totalComment - - updated_at - - updated_by - - version - Cases_case_response_pushed_by_properties: - nullable: true - properties: - email: - example: null - nullable: true + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: type: string - full_name: - example: null - nullable: true + name: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + partition: type: string - username: - example: elastic - nullable: true + password: type: string - required: - - email - - full_name - - username - title: Case response properties for pushed_by - type: object - Cases_case_response_updated_by_properties: - nullable: true - properties: - email: - example: null - nullable: true + proxy_id: type: string - full_name: - example: null - nullable: true + random: + type: object + properties: + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: + type: string + secrets: + type: object + properties: + password: + type: string + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: + type: string + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 + topics: + deprecated: true + description: Use topic instead. + items: + type: object + properties: + topic: + type: string + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: + type: string + type: array + type: + enum: + - kafka type: string username: - example: elastic - nullable: true + type: string + version: type: string required: - - email - - full_name - - username - title: Case response properties for updated_by - type: object - Cases_case_severity: - default: low - description: The severity of the case. - enum: - - critical - - high - - low - - medium - type: string - Cases_case_status: - description: The status of the case. - enum: - - closed - - in-progress - - open - type: string - Cases_case_tags: - description: > - The words and phrases that help categorize cases. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_case_title: - description: A title for the case. - maxLength: 160 - type: string - Cases_closure_types: - description: >- - Indicates whether a case is automatically closed when it is pushed to - external systems (`close-by-pushing`) or not automatically closed - (`close-by-user`). - enum: - - close-by-pushing - - close-by-user - example: close-by-user - type: string - Cases_connector_properties_cases_webhook: - description: Defines properties for connectors when type is `.cases-webhook`. + - name + - type + - topics + - auth_type + - hosts + Fleet_output_create_request_logstash: + title: logstash type: object properties: - fields: - example: null - nullable: true + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: type: string + hosts: + items: + type: string + type: array id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: The name of the connector. type: string - type: - description: The type of connector. - enum: - - .cases-webhook - example: .cases-webhook + proxy_id: type: string - required: - - fields - - id - - name - - type - title: Create or upate case request properties for Cases Webhook connector - Cases_connector_properties_jira: - description: Defines properties for connectors when type is `.jira`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + secrets: type: object properties: - issueType: - description: The type of issue. - nullable: true + ssl: + type: object + properties: + key: + type: string + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - parent: - description: The key of the parent issue, when the issue type is sub-task. - nullable: true + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: type: string - priority: - description: The priority of the issue. - nullable: true + certificate_authorities: + items: + type: string + type: array + key: type: string - required: - - issueType - - parent - - priority - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string type: - description: The type of connector. enum: - - .jira - example: .jira + - logstash type: string required: - - fields - - id - name + - hosts - type - title: Create or update case request properties for a Jira connector - Cases_connector_properties_none: - description: Defines properties for connectors when type is `.none`. + Fleet_output_create_request_remote_elasticsearch: + title: remote_elasticsearch type: object properties: - fields: - description: >- - An object containing the connector fields. To create a case without - a connector, specify null. To update a case to remove the connector, - specify null. - example: null - nullable: true - type: string + hosts: + items: + type: string + type: array id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. To update a case to remove the connector, - specify `none`. - example: none type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean name: - description: >- - The name of the connector. To create a case without a connector, use - `none`. To update a case to remove the connector, specify `none`. - example: none + type: string + secrets: + type: object + properties: + service_token: + type: string + service_token: type: string type: - description: >- - The type of connector. To create a case without a connector, use - `.none`. To update a case to remove the connector, specify `.none`. enum: - - .none - example: .none + - remote_elasticsearch type: string required: - - fields - - id - name - - type - title: Create or update case request properties for no connector - Cases_connector_properties_resilient: - description: Defines properties for connectors when type is `.resilient`. + Fleet_output_update_request: + discriminator: + mapping: + elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' + kafka: '#/components/schemas/Fleet_output_update_request_kafka' + logstash: '#/components/schemas/Fleet_output_update_request_logstash' + propertyName: type + oneOf: + - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' + - $ref: '#/components/schemas/Fleet_output_update_request_kafka' + - $ref: '#/components/schemas/Fleet_output_update_request_logstash' + title: Output + Fleet_output_update_request_elasticsearch: + title: elasticsearch type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. - nullable: true + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + config: + type: object + config_yaml: + type: string + hosts: + items: + type: string + type: array + id: + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: + type: string + preset: + enum: + - balanced + - custom + - throughput + - scale + - latency + type: string + proxy_id: + type: string + shipper: type: object properties: - issueTypes: - description: The type of incident. + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: + type: string + loadbalance: + type: boolean + ssl: + type: object + properties: + certificate: + type: string + certificate_authorities: items: type: string type: array - severityCode: - description: The severity code of the incident. + key: type: string - required: - - issueTypes - - severityCode - id: - description: The identifier for the connector. - type: string - name: - description: The name of the connector. - type: string type: - description: The type of connector. enum: - - .resilient - example: .resilient + - elasticsearch type: string required: - - fields - - id - name + - hosts - type - title: Create case request properties for a IBM Resilient connector - Cases_connector_properties_servicenow: - description: Defines properties for connectors when type is `.servicenow`. + Fleet_output_update_request_kafka: + title: kafka type: object properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + auth_type: + type: string + broker_timeout: + type: number + ca_sha256: + type: string + ca_trusted_fingerprint: + type: string + client_id: + type: string + compression: + type: string + compression_level: + type: number + config: type: object - properties: - category: - description: The category of the incident. - nullable: true - type: string - impact: - description: The effect an incident had on business. - nullable: true - type: string - severity: - description: The severity of the incident. - nullable: true - type: string - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - urgency: - description: The extent to which the incident resolution can be delayed. - nullable: true - type: string - required: - - category - - impact - - severity - - subcategory - - urgency + config_yaml: + type: string + connection_type: + enum: + - plaintext + - encryption + type: string + headers: + items: + type: object + properties: + key: + type: string + value: + type: string + type: array + hosts: + items: + type: string + type: array id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. + type: string + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + key: type: string name: - description: The name of the connector. type: string - type: - description: The type of connector. - enum: - - .servicenow - example: .servicenow + partition: type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow ITSM connector - Cases_connector_properties_servicenow_sir: - description: Defines properties for connectors when type is `.servicenow-sir`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + password: + type: string + proxy_id: + type: string + random: type: object properties: - category: - description: The category of the incident. - nullable: true + group_events: + type: number + required_acks: + type: number + round_robin: + type: object + properties: + group_events: + type: number + sasl: + type: object + properties: + mechanism: type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs. - nullable: true + shipper: + type: object + properties: + compression_level: + type: number + disk_queue_compression_enabled: type: boolean - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes. - nullable: true + disk_queue_enabled: type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs. - nullable: true + disk_queue_encryption_enabled: type: boolean - priority: - description: The priority of the issue. - nullable: true + disk_queue_max_size: + type: number + disk_queue_path: type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs. - nullable: true + loadbalance: type: boolean - subcategory: - description: The subcategory of the incident. - nullable: true - type: string - required: - - category - - destIp - - malwareHash - - malwareUrl - - priority - - sourceIp - - subcategory - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .servicenow-sir - example: .servicenow-sir - type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a ServiceNow SecOps connector - Cases_connector_properties_swimlane: - description: Defines properties for connectors when type is `.swimlane`. - type: object - properties: - fields: - description: >- - An object containing the connector fields. If you want to omit any - individual field, specify null as its value. + ssl: type: object properties: - caseId: - description: The case identifier for Swimlane connectors. - nullable: true + certificate: + type: string + certificate_authorities: + items: + type: string + type: array + key: type: string - required: - - caseId - id: - description: >- - The identifier for the connector. To retrieve connector IDs, use the - find connectors API. - type: string - name: - description: The name of the connector. - type: string - type: - description: The type of connector. - enum: - - .swimlane - example: .swimlane + verification_mode: + enum: + - none + - full + - certificate + - strict + type: string + timeout: + type: number + topic: type: string - required: - - fields - - id - - name - - type - title: Create case request properties for a Swimlane connector - Cases_connector_types: - description: The type of connector. - enum: - - .cases-webhook - - .jira - - .none - - .resilient - - .servicenow - - .servicenow-sir - - .swimlane - example: .none - type: string - Cases_create_case_request: - description: >- - The create case API request body varies depending on the type of - connector. - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: '#/components/schemas/Cases_connector_properties_cases_webhook' - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow_sir' - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields that are - not specified in the request are set to null. + topics: + deprecated: true + description: Use topic instead. items: type: object properties: - key: - description: > - The unique identifier for the custom field. The key value must - exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified in the - case configuration settings. - enum: - - text - - toggle + topic: type: string - value: - description: > - The custom field value. If the custom field is required, it - cannot be explicitly set to null. However, for cases that - existed when the required custom field was added, the default - value stored in Elasticsearch is `undefined`. The value - returned in the API and user interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true + when: + deprecated: true + description: >- + Deprecated, kafka output do not support conditionnal topics + anymore. + type: object + properties: + condition: + type: string + type: type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 type: array - description: - $ref: '#/components/schemas/Cases_case_description' - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' + type: + enum: + - kafka + type: string + username: + type: string + version: + type: string required: - - connector - - description - - owner - - settings - - tags - - title - title: Create case request - type: object - Cases_external_service: - nullable: true + - name + Fleet_output_update_request_logstash: + title: logstash type: object properties: - connector_id: + ca_sha256: type: string - connector_name: + ca_trusted_fingerprint: type: string - external_id: + config: + type: object + config_yaml: type: string - external_title: + hosts: + items: + type: string + type: array + id: type: string - external_url: + is_default: + type: boolean + is_default_monitoring: + type: boolean + is_internal: + type: boolean + name: type: string - pushed_at: - format: date-time + proxy_id: type: string - pushed_by: - nullable: true + shipper: type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true + compression_level: + type: number + disk_queue_compression_enabled: + type: boolean + disk_queue_enabled: + type: boolean + disk_queue_encryption_enabled: + type: boolean + disk_queue_max_size: + type: number + disk_queue_path: type: string - Cases_owners: - description: > - The application that owns the cases: Stack Management, Observability, or - Elastic Security. - enum: - - cases - - observability - - securitySolution - example: cases - type: string - Cases_payload_alert_comment: - type: object - properties: - comment: + loadbalance: + type: boolean + ssl: type: object properties: - alertId: - oneOf: - - example: 1c0b056b-cc9f-4b61-b5c9-cb801abd5e1d - type: string - - items: - type: string - type: array - index: - oneOf: - - example: .alerts-observability.logs.alerts-default - type: string - - items: - type: string - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - type: - enum: - - alert + certificate: type: string - Cases_payload_assignees: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - Cases_payload_connector: + certificate_authorities: + items: + type: string + type: array + key: + type: string + type: + enum: + - logstash + type: string + required: + - name + Fleet_package_info: + title: Package information type: object properties: - connector: + assets: + items: + type: string + type: array + categories: + items: + type: string + type: array + conditions: type: object properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true + elasticsearch: type: object properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. + subscription: + enum: + - basic + - gold + - platinum + - enterprise type: string - issueType: - description: The type of issue for Jira connectors. + kibana: + type: object + properties: + versions: type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. + data_streams: + items: + type: object + properties: + ingeset_pipeline: + type: string + name: + type: string + package: + type: string + release: + type: string + title: + type: string + type: + type: string + vars: + items: + type: object + properties: + default: + type: string + name: + type: string + required: + - name + - default + type: array + required: + - title + - name + - release + - ingeset_pipeline + - type + - package + type: array + description: + type: string + download: + type: string + elasticsearch: + type: object + properties: + privileges: + type: object + properties: + cluster: items: type: string type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none + format_version: + type: string + icons: + items: + type: string + type: array + internal: + type: boolean + name: + type: string + path: + type: string + readme: + type: string + release: + deprecated: true + description: >- + release label is deprecated, derive from the version instead + (packages follow semver) + enum: + - experimental + - beta + - ga + type: string + screenshots: + items: + type: object + properties: + path: + type: string + size: + type: string + src: + type: string + title: + type: string + type: + type: string + required: + - src + - path + type: array + source: + type: object + properties: + license: + enum: + - Apache-2.0 + - Elastic-2.0 type: string - name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none + title: + type: string + type: + type: string + version: + type: string + required: + - name + - title + - version + - description + - type + - categories + - conditions + - assets + - format_version + - download + - path + Fleet_package_policy: + allOf: + - type: object + properties: + id: type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - Cases_payload_create_case: + inputs: + oneOf: + - items: {} + type: array + - type: object + revision: + type: number + required: + - id + - revision + - $ref: '#/components/schemas/Fleet_new_package_policy' + title: Package policy + Fleet_package_policy_request: + title: Package Policy Request type: object properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - connector: + description: + description: Package policy description + example: my description + type: string + force: + description: >- + Force package policy creation even if package is not verified, or if + the agent policy is managed. + type: boolean + id: + description: Package policy unique identifier + type: string + inputs: + additionalProperties: + type: object + properties: + enabled: + description: enable or disable that input, (default to true) + type: boolean + streams: + additionalProperties: + type: object + properties: + enabled: + description: enable or disable that stream, (default to true) + type: boolean + vars: + description: >- + Stream level variable (see integration documentation for + more information) + type: object + description: >- + Input streams (see integration documentation to know what + streams are available) + type: object + vars: + description: >- + Input level variable (see integration documentation for more + information) + type: object + description: >- + Package policy inputs (see integration documentation to know what + inputs are available) + example: + nginx-logfile: + enabled: true + streams: + nginx.access: + enabled: true + vars: + ignore_older: 72h + paths: + - /var/log/nginx/access.log* + preserve_original_event: false + tags: + - nginx-access + type: object + name: + description: Package policy name (should be unique) + example: nginx-123 + type: string + namespace: + description: >- + The package policy namespace. Leave blank to inherit the agent + policy's namespace. + example: customnamespace + type: string + output_id: + description: Output ID to send package data to + example: output-id + nullable: true + type: string + overrides: + description: >- + Override settings that are defined in the package policy. The + override option should be used only in unusual circumstances and not + as a routine procedure. + nullable: true type: object properties: - fields: - description: >- - An object containing the connector fields. To create a case - without a connector, specify null. If you want to omit any - individual field, specify null as its value. - example: null - nullable: true + inputs: type: object - properties: - caseId: - description: The case identifier for Swimlane connectors. - type: string - category: - description: >- - The category of the incident for ServiceNow ITSM and - ServiceNow SecOps connectors. - type: string - destIp: - description: >- - Indicates whether cases will send a comma-separated list of - destination IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - impact: - description: >- - The effect an incident had on business for ServiceNow ITSM - connectors. - type: string - issueType: - description: The type of issue for Jira connectors. - type: string - issueTypes: - description: The type of incident for IBM Resilient connectors. - items: - type: string - type: array - malwareHash: - description: >- - Indicates whether cases will send a comma-separated list of - malware hashes for ServiceNow SecOps connectors. - nullable: true - type: boolean - malwareUrl: - description: >- - Indicates whether cases will send a comma-separated list of - malware URLs for ServiceNow SecOps connectors. - nullable: true - type: boolean - parent: - description: >- - The key of the parent issue, when the issue type is sub-task - for Jira connectors. - type: string - priority: - description: >- - The priority of the issue for Jira and ServiceNow SecOps - connectors. - type: string - severity: - description: The severity of the incident for ServiceNow ITSM connectors. - type: string - severityCode: - description: >- - The severity code of the incident for IBM Resilient - connectors. - type: string - sourceIp: - description: >- - Indicates whether cases will send a comma-separated list of - source IPs for ServiceNow SecOps connectors. - nullable: true - type: boolean - subcategory: - description: >- - The subcategory of the incident for ServiceNow ITSM - connectors. - type: string - urgency: - description: >- - The extent to which the incident resolution can be delayed - for ServiceNow ITSM connectors. - type: string - id: - description: >- - The identifier for the connector. To create a case without a - connector, use `none`. - example: none - type: string + package: + type: object + properties: name: - description: >- - The name of the connector. To create a case without a connector, - use `none`. - example: none + description: Package name + example: nginx type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - description: + version: + description: Package version + example: 1.6.0 + type: string + required: + - name + - version + policy_id: + deprecated: true + description: Agent policy ID where that package policy will be added + example: agent-policy-id + nullable: true type: string - owner: - $ref: '#/components/schemas/Cases_owners' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: + policy_ids: + description: Agent policy IDs where that package policy will be added + example: + - agent-policy-id items: - example: - - tag-1 type: string type: array - title: + vars: + description: >- + Package root level variable (see integration documentation for more + information) + type: object + required: + - name + - package + Fleet_package_usage_stats: + title: Package usage stats + type: object + properties: + agent_policy_count: + type: integer + required: + - agent_policy_count + Fleet_proxies: + title: Fleet Proxy + type: object + properties: + certificate: + type: string + certificate_authorities: + type: string + certificate_key: + type: string + id: + type: string + name: + type: string + proxy_headers: + type: object + url: + type: string + required: + - name + - url + Fleet_saved_object_type: + oneOf: + - enum: + - dashboard + - visualization + - search + - index_pattern + - map + - lens + - security_rule + - csp_rule_template + - ml_module + - tag + - osquery_pack_asset + - osquery_saved_query + type: string + - enum: + - index + - component_template + - ingest_pipeline + - index_template + - ilm_policy + - transform + - data_stream_ilm_policy + - ml_model type: string - Cases_payload_delete: - description: >- - If the `action` is `delete` and the `type` is `delete_case`, the payload - is nullable. - nullable: true - type: object - Cases_payload_description: + title: Saved Object type + Fleet_search_result: + title: Search result type: object properties: description: type: string - Cases_payload_pushed: - type: object - properties: - externalService: - $ref: '#/components/schemas/Cases_external_service' - Cases_payload_settings: + download: + type: string + icons: + type: string + installationInfo: + $ref: '#/components/schemas/Fleet_installation_info' + name: + type: string + path: + type: string + savedObject: + deprecated: true + type: object + status: + type: string + title: + type: string + type: + type: string + version: + type: string + required: + - description + - download + - icons + - name + - path + - title + - type + - version + - status + Fleet_settings: + title: Settings type: object properties: - settings: - $ref: '#/components/schemas/Cases_settings' - Cases_payload_severity: + fleet_server_hosts: + deprecated: true + items: + type: string + type: array + has_seen_add_data_notice: + type: boolean + id: + type: string + prerelease_integrations_enabled: + type: boolean + required: + - fleet_server_hosts + - id + Fleet_upgrade_agent: + title: Upgrade agent type: object properties: - severity: - $ref: '#/components/schemas/Cases_case_severity' - Cases_payload_status: + force: + description: Force upgrade, skipping validation (should be used with caution) + type: boolean + skipRateLimitCheck: + description: Skip rate limit check for upgrade + type: boolean + source_uri: + type: string + version: + type: string + required: + - version + Fleet_upgrade_agent_diff: + items: + items: + $ref: '#/components/schemas/Fleet_full_agent_policy_input' + type: array + title: Package policy Upgrade dryrun + type: array + Fleet_upgrade_diff: + items: + allOf: + - $ref: '#/components/schemas/Fleet_package_policy' + - allOf: + - $ref: '#/components/schemas/Fleet_new_package_policy' + - type: object + properties: + errors: + items: + type: object + properties: + key: + type: string + message: + type: string + type: array + missingVars: + items: + type: string + type: array + type: object + title: Package policy Upgrade dryrun + type: array + Kibana_HTTP_APIs_core_status_redactedResponse: + additionalProperties: false + description: A minimal representation of Kibana's operational status. type: object properties: status: - $ref: '#/components/schemas/Cases_case_status' - Cases_payload_tags: - type: object - properties: - tags: - example: - - tag-1 - items: - type: string - type: array - Cases_payload_title: + additionalProperties: false + type: object + properties: + overall: + additionalProperties: false + type: object + properties: + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + required: + - level + required: + - overall + required: + - status + Kibana_HTTP_APIs_core_status_response: + additionalProperties: false + description: >- + Kibana's operational status as well as a detailed breakdown of plugin + statuses indication of various loads (like event loop utilization and + network traffic) at time of request. type: object properties: - title: + metrics: + additionalProperties: false + description: Metric groups collected by Kibana. + type: object + properties: + collection_interval_in_millis: + description: The interval at which metrics should be collected. + type: number + elasticsearch_client: + additionalProperties: false + description: Current network metrics of Kibana's Elasticsearch client. + type: object + properties: + totalActiveSockets: + description: Count of network sockets currently in use. + type: number + totalIdleSockets: + description: Count of network sockets currently idle. + type: number + totalQueuedRequests: + description: Count of requests not yet assigned to sockets. + type: number + required: + - totalActiveSockets + - totalIdleSockets + - totalQueuedRequests + last_updated: + description: The time metrics were collected. + type: string + required: + - elasticsearch_client + - last_updated + - collection_interval_in_millis + name: + description: Kibana instance name. + type: string + status: + additionalProperties: false + type: object + properties: + core: + additionalProperties: false + description: Statuses of core Kibana services. + type: object + properties: + elasticsearch: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + savedObjects: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: >- + An unstructured set of extra metadata about this + service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + required: + - elasticsearch + - savedObjects + overall: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: Service status levels as human and machine readable values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + plugins: + additionalProperties: + additionalProperties: false + type: object + properties: + detail: + description: Human readable detail of the service status. + type: string + documentationUrl: + description: A URL to further documentation regarding this service. + type: string + level: + description: >- + Service status levels as human and machine readable + values. + enum: + - available + - degraded + - unavailable + - critical + type: string + meta: + additionalProperties: {} + description: An unstructured set of extra metadata about this service. + type: object + summary: + description: A human readable summary of the service status. + type: string + required: + - level + - summary + - meta + description: A dynamic mapping of plugin ID to plugin status. + type: object + required: + - overall + - core + - plugins + uuid: + description: >- + Unique, generated Kibana instance UUID. This UUID should persist + even if the Kibana process restarts. type: string - Cases_payload_user_comment: - type: object - properties: - comment: + version: + additionalProperties: false type: object properties: - comment: + build_date: + description: The date and time of this build. type: string - owner: - $ref: '#/components/schemas/Cases_owners' - type: + build_flavor: + description: >- + The build flavour determines configuration and behavior of + Kibana. On premise users will almost always run the + "traditional" flavour, while other flavours are reserved for + Elastic-specific use cases. enum: - - user + - serverless + - traditional type: string - Cases_rule: - description: > - The rule that is associated with the alerts. It is required only when - `type` is `alert`. This functionality is in technical preview and may be - changed or removed in a future release. Elastic will work to fix any - issues, but features in technical preview are not subject to the support - SLA of official GA features. - title: Alerting rule - type: object - properties: - id: - description: The rule identifier. - example: 94d80550-aaf4-11ec-985f-97e55adae8b9 - type: string - name: - description: The rule name. - example: security_rule - type: string - x-technical-preview: true - Cases_searchFieldsType: - description: The fields to perform the `simple_query_string` parsed query against. - enum: - - description - - title - type: string - Cases_set_case_configuration_request: - description: >- - External connection details, such as the closure type and default - connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: + build_hash: description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none + A unique hash value representing the git commit of this Kibana + build. type: string - name: + build_number: description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none + A monotonically increasing number, each subsequent build will + have a higher number. + type: number + build_snapshot: + description: Whether this build is a snapshot build. + type: boolean + number: + description: A semantic version number. type: string - type: - $ref: '#/components/schemas/Cases_connector_types' required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - maxItems: 10 - minItems: 0 - type: array - owner: - $ref: '#/components/schemas/Cases_owners' - templates: - $ref: '#/components/schemas/Cases_templates' + - number + - build_hash + - build_number + - build_snapshot + - build_flavor + - build_date required: - - closure_type - - connector - - owner - title: Set case configuration request + - name + - uuid + - version + - status + - metrics + Machine_learning_APIs_mlSync200Response: + properties: + datafeedsAdded: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job is missing a datafeed + identifier, it is added when you run the sync machine learning saved + objects API. + type: object + datafeedsRemoved: + additionalProperties: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' + description: >- + If a saved object for an anomaly detection job references a datafeed + that no longer exists, it is deleted when you run the sync machine + learning saved objects API. + type: object + savedObjectsCreated: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated + savedObjectsDeleted: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted + title: Successful sync API response type: object - Cases_settings: - description: An object that contains the case settings. + Machine_learning_APIs_mlSync4xxResponse: + properties: + error: + example: Unauthorized + type: string + message: + type: string + statusCode: + example: 401 + type: integer + title: Unsuccessful sync API response type: object + Machine_learning_APIs_mlSyncResponseAnomalyDetectors: + description: >- + The sync machine learning saved objects API response contains this + object when there are anomaly detection jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. properties: - syncAlerts: - description: Turns alert syncing on or off. - example: true - type: boolean - required: - - syncAlerts - Cases_template_tags: - description: > - The words and phrases that help categorize templates. It can be an empty - array. - items: - maxLength: 256 - type: string - maxItems: 200 - type: array - Cases_templates: - items: - type: object - properties: - caseFields: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not - used and are not propagated to individual cases, therefore - it is recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a - default connector, use `none`. To retrieve connector IDs, - use the find connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use - the find connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - customFields: - description: Custom field values in the template. - items: - type: object - properties: - key: - description: The unique key for the custom field. - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - value: - description: > - The default value for the custom field when a case uses - the template. If the `type` is `text`, the default value - must be a string. If the `type` is `toggle`, the default - value must be boolean. - oneOf: - - type: string - - type: boolean - type: array - x-technical-preview: true - description: - $ref: '#/components/schemas/Cases_case_description' - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - description: - description: A description for the template. - type: string - key: - description: > - A unique key for the template. Must be lower case and composed - only of a-z, 0-9, '_', and '-' characters. It is used in API calls - to refer to a specific template. - type: string - name: - description: The name of the template. - type: string - tags: - $ref: '#/components/schemas/Cases_template_tags' - type: array - x-technical-preview: true - Cases_update_alert_comment_request_properties: - description: Defines properties for case comment requests when type is alert. + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for anomaly detection jobs type: object + Machine_learning_APIs_mlSyncResponseDatafeeds: + description: >- + The sync machine learning saved objects API response contains this + object when there are datafeeds affected by the synchronization. There + is an object for each relevant datafeed, which contains the + synchronization status. properties: - alertId: - $ref: '#/components/schemas/Cases_alert_identifiers' - id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 - type: string - index: - $ref: '#/components/schemas/Cases_alert_indices' - owner: - $ref: '#/components/schemas/Cases_owners' - rule: - $ref: '#/components/schemas/Cases_rule' - type: - description: The type of comment. + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for datafeeds + type: object + Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: + description: >- + The sync machine learning saved objects API response contains this + object when there are data frame analytics jobs affected by the + synchronization. There is an object for each relevant job, which + contains the synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for data frame analytics jobs + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: + description: >- + If saved objects are missing for machine learning jobs or trained + models, they are created when you run the sync machine learning saved + objects API. + properties: + anomaly-detector: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If saved objects are missing for anomaly detection jobs, they are + created. + type: object + data-frame-analytics: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If saved objects are missing for data frame analytics jobs, they are + created. + type: object + trained-model: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: If saved objects are missing for trained models, they are created. + type: object + title: Sync API response for created saved objects + type: object + Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: + description: >- + If saved objects exist for machine learning jobs or trained models that + no longer exist, they are deleted when you run the sync machine learning + saved objects API. + properties: + anomaly-detector: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors + description: >- + If there are saved objects exist for nonexistent anomaly detection + jobs, they are deleted. + type: object + data-frame-analytics: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics + description: >- + If there are saved objects exist for nonexistent data frame + analytics jobs, they are deleted. + type: object + trained-model: + additionalProperties: + $ref: >- + #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels + description: >- + If there are saved objects exist for nonexistent trained models, + they are deleted. + type: object + title: Sync API response for deleted saved objects + type: object + Machine_learning_APIs_mlSyncResponseSuccess: + description: The success or failure of the synchronization. + type: boolean + Machine_learning_APIs_mlSyncResponseTrainedModels: + description: >- + The sync machine learning saved objects API response contains this + object when there are trained models affected by the synchronization. + There is an object for each relevant trained model, which contains the + synchronization status. + properties: + success: + $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' + title: Sync API response for trained models + type: object + Saved_objects_400_response: + title: Bad request + type: object + properties: + error: enum: - - alert - example: alert + - Bad Request type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd + message: type: string + statusCode: + enum: + - 400 + type: integer required: - - alertId - - id - - index - - owner - - rule - - type - - version - title: Update case comment request properties for alerts - Cases_update_case_comment_request: - description: >- - The update case comment API request body varies depending on whether you - are updating an alert or a comment. - discriminator: - mapping: - alert: '#/components/schemas/Cases_update_alert_comment_request_properties' - user: '#/components/schemas/Cases_update_user_comment_request_properties' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Cases_update_alert_comment_request_properties' - - $ref: '#/components/schemas/Cases_update_user_comment_request_properties' - title: Update case comment request - Cases_update_case_configuration_request: + - error + - message + - statusCode + Saved_objects_attributes: description: > - You can update settings such as the closure type, custom fields, - templates, and the default connector for cases. - properties: - closure_type: - $ref: '#/components/schemas/Cases_closure_types' - connector: - description: An object that contains the connector configuration. - type: object - properties: - fields: - description: >- - The fields specified in the case configuration are not used and - are not propagated to individual cases, therefore it is - recommended to set it to `null`. - nullable: true - type: object - id: - description: >- - The identifier for the connector. If you do not want a default - connector, use `none`. To retrieve connector IDs, use the find - connectors API. - example: none - type: string - name: - description: >- - The name of the connector. If you do not want a default - connector, use `none`. To retrieve connector names, use the find - connectors API. - example: none - type: string - type: - $ref: '#/components/schemas/Cases_connector_types' - required: - - fields - - id - - name - - type - customFields: - description: Custom fields case configuration. - items: - type: object - properties: - defaultValue: - description: > - A default value for the custom field. If the `type` is `text`, - the default value must be a string. If the `type` is `toggle`, - the default value must be boolean. - oneOf: - - type: string - - type: boolean - key: - description: > - A unique key for the custom field. Must be lower case and - composed only of a-z, 0-9, '_', and '-' characters. It is used - in API calls to refer to a specific custom field. - maxLength: 36 - minLength: 1 - type: string - label: - description: The custom field label that is displayed in the case. - maxLength: 50 - minLength: 1 - type: string - type: - description: The type of the custom field. - enum: - - text - - toggle - type: string - required: - description: > - Indicates whether the field is required. If `false`, the - custom field can be set to null or omitted when a case is - created or updated. - type: boolean - required: - - key - - label - - required - - type - type: array - templates: - $ref: '#/components/schemas/Cases_templates' - version: - description: > - The version of the connector. To retrieve the version value, use the - get configuration API. - example: WzIwMiwxXQ== - type: string - required: - - version - title: Update case configuration request + The data that you want to create. WARNING: When you create saved + objects, attributes are not validated, which allows you to pass + arbitrary and ill-formed data into the API that can break Kibana. Make + sure any data that you send to the API is properly formed. type: object - Cases_update_case_request: - description: >- - The update case API request body varies depending on the type of - connector. - properties: - cases: - description: An array containing one or more case objects. - items: - type: object - properties: - assignees: - $ref: '#/components/schemas/Cases_assignees' - category: - $ref: '#/components/schemas/Cases_case_category' - connector: - oneOf: - - $ref: '#/components/schemas/Cases_connector_properties_none' - - $ref: >- - #/components/schemas/Cases_connector_properties_cases_webhook - - $ref: '#/components/schemas/Cases_connector_properties_jira' - - $ref: '#/components/schemas/Cases_connector_properties_resilient' - - $ref: '#/components/schemas/Cases_connector_properties_servicenow' - - $ref: >- - #/components/schemas/Cases_connector_properties_servicenow_sir - - $ref: '#/components/schemas/Cases_connector_properties_swimlane' - customFields: - description: > - Custom field values for a case. Any optional custom fields - that are not specified in the request are set to null. - items: - type: object - properties: - key: - description: > - The unique identifier for the custom field. The key - value must exist in the case configuration settings. - type: string - type: - description: > - The custom field type. It must match the type specified - in the case configuration settings. - enum: - - text - - toggle - type: string - value: - description: > - The custom field value. If the custom field is required, - it cannot be explicitly set to null. However, for cases - that existed when the required custom field was added, - the default value stored in Elasticsearch is - `undefined`. The value returned in the API and user - interface in this case is `null`. - oneOf: - - maxLength: 160 - minLength: 1 - nullable: true - type: string - - type: boolean - required: - - key - - type - - value - maxItems: 10 - minItems: 0 - type: array - description: - $ref: '#/components/schemas/Cases_case_description' - id: - description: The identifier for the case. - maxLength: 30000 - type: string - settings: - $ref: '#/components/schemas/Cases_settings' - severity: - $ref: '#/components/schemas/Cases_case_severity' - status: - $ref: '#/components/schemas/Cases_case_status' - tags: - $ref: '#/components/schemas/Cases_case_tags' - title: - $ref: '#/components/schemas/Cases_case_title' - version: - description: >- - The current version of the case. To determine this value, use - the get case or find cases APIs. - type: string - required: - - id - - version - maxItems: 100 - minItems: 1 - type: array + Saved_objects_initial_namespaces: + description: > + Identifiers for the spaces in which this object is created. If this is + provided, the object is created only in the explicitly defined spaces. + If this is not provided, the object is created in the current space + (default behavior). For shareable object types (registered with + `namespaceType: 'multiple'`), this option can be used to specify one or + more spaces, including the "All spaces" identifier ('*'). For isolated + object types (registered with `namespaceType: 'single'` or + `namespaceType: 'multiple-isolated'`), this option can only be used to + specify a single space, and the "All spaces" identifier ('*') is not + allowed. For global object types (`registered with `namespaceType: + agnostic`), this option cannot be used. + type: array + Saved_objects_references: + description: > + Objects with `name`, `id`, and `type` properties that describe the other + saved objects that this object references. Use `name` in attributes to + refer to the other saved object, but never the `id`, which can update + automatically during migrations or import and export. + type: array + Security_AI_Assistant_API_AnonymizationFieldCreateProps: + type: object + properties: + allowed: + type: boolean + anonymized: + type: boolean + field: + type: string required: - - cases - title: Update case request + - field + Security_AI_Assistant_API_AnonymizationFieldDetailsInError: type: object - Cases_update_user_comment_request_properties: - description: Defines properties for case comment requests when type is user. properties: - comment: - description: The new comment. It is required only when `type` is `user`. - example: A new comment. - maxLength: 30000 + id: + type: string + name: + type: string + required: + - id + Security_AI_Assistant_API_AnonymizationFieldResponse: + type: object + properties: + allowed: + type: boolean + anonymized: + type: boolean + createdAt: + type: string + createdBy: + type: string + field: type: string id: - description: > - The identifier for the comment. To retrieve comment IDs, use the get - comments API. - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + namespace: + description: Kibana space type: string - owner: - $ref: '#/components/schemas/Cases_owners' - type: - description: The type of comment. - enum: - - user - example: user + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + updatedAt: type: string - version: - description: > - The current comment version. To retrieve version values, use the get - comments API. - example: Wzk1LDFd + updatedBy: type: string required: - - comment - id - - owner - - type - - version - title: Update case comment request properties for user comments - type: object - Cases_user_actions_find_response_properties: + - field + Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason: + enum: + - ANONYMIZATION_FIELD_NOT_MODIFIED + type: string + Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult: type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true + id: type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + name: type: string - created_by: + skip_reason: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipReason + required: + - id + - skip_reason + Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResponse: + type: object + properties: + anonymization_fields_count: + type: integer + attributes: type: object properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string + errors: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_NormalizedAnonymizationFieldError + type: array + results: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults + summary: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary required: - - email - - full_name - - username - id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 - type: string - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - description: The type of action. - enum: - - assignees - - create_case - - comment - - connector - - description - - pushed - - tags - - title - - status - - settings - - severity - example: create_case + - results + - summary + message: type: string - version: - example: WzM1ODg4LDFd + status_code: + type: integer + success: + type: boolean + required: + - attributes + Security_AI_Assistant_API_AnonymizationFieldsBulkCrudActionResults: + type: object + properties: + created: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + deleted: + items: + type: string + type: array + skipped: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldsBulkActionSkipResult + type: array + updated: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldResponse + type: array + required: + - updated + - created + - deleted + - skipped + Security_AI_Assistant_API_AnonymizationFieldUpdateProps: + type: object + properties: + allowed: + type: boolean + anonymized: + type: boolean + id: type: string required: - - action - - comment_id - - created_at - - created_by - id - - owner - - payload - - type - - version - Cases_user_actions_response_properties: + Security_AI_Assistant_API_ApiConfig: type: object properties: - action: - $ref: '#/components/schemas/Cases_actions' - action_id: - example: 22fd3e30-03b1-11ed-920c-974bfa104448 + actionTypeId: + description: action type id type: string - case_id: - example: 22df07d0-03b1-11ed-920c-974bfa104448 + connectorId: + description: connector id type: string - comment_id: - example: 578608d0-03b1-11ed-920c-974bfa104448 - nullable: true + defaultSystemPromptId: + description: defaultSystemPromptId type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + model: + description: model type: string - created_by: - type: object - properties: - email: - example: null - nullable: true - type: string - full_name: - example: null - nullable: true - type: string - profile_uid: - example: u_J41Oh6L9ki-Vo2tOogS8WRTENzhHurGtRc87NgEAlkc_0 - type: string - username: - example: elastic - nullable: true - type: string - required: - - email - - full_name - - username - owner: - $ref: '#/components/schemas/Cases_owners' - payload: - oneOf: - - $ref: '#/components/schemas/Cases_payload_alert_comment' - - $ref: '#/components/schemas/Cases_payload_assignees' - - $ref: '#/components/schemas/Cases_payload_connector' - - $ref: '#/components/schemas/Cases_payload_create_case' - - $ref: '#/components/schemas/Cases_payload_delete' - - $ref: '#/components/schemas/Cases_payload_description' - - $ref: '#/components/schemas/Cases_payload_pushed' - - $ref: '#/components/schemas/Cases_payload_settings' - - $ref: '#/components/schemas/Cases_payload_severity' - - $ref: '#/components/schemas/Cases_payload_status' - - $ref: '#/components/schemas/Cases_payload_tags' - - $ref: '#/components/schemas/Cases_payload_title' - - $ref: '#/components/schemas/Cases_payload_user_comment' - type: - $ref: '#/components/schemas/Cases_action_types' + provider: + $ref: '#/components/schemas/Security_AI_Assistant_API_Provider' + description: Provider required: - - action - - action_id - - case_id - - comment_id - - created_at - - created_by - - owner - - payload - - type - Cases_user_comment_response_properties: - title: Case response properties for user comments + - connectorId + - actionTypeId + Security_AI_Assistant_API_BulkCrudActionSummary: + type: object + properties: + failed: + type: integer + skipped: + type: integer + succeeded: + type: integer + total: + type: integer + required: + - failed + - skipped + - succeeded + - total + Security_AI_Assistant_API_ChatCompleteProps: + type: object + properties: + connectorId: + type: string + conversationId: + type: string + isStream: + type: boolean + langSmithApiKey: + type: string + langSmithProject: + type: string + messages: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessage' + type: array + model: + type: string + persist: + type: boolean + promptId: + type: string + responseLanguage: + type: string + required: + - messages + - persist + - connectorId + Security_AI_Assistant_API_ChatMessage: + description: AI assistant message. type: object properties: - comment: - example: A new comment. + content: + description: Message content. type: string - created_at: - example: '2022-05-13T09:16:17.416Z' - format: date-time + data: + $ref: '#/components/schemas/Security_AI_Assistant_API_MessageData' + description: ECS object to attach to the context of the message. + fields_to_anonymize: + items: + type: string + type: array + role: + $ref: '#/components/schemas/Security_AI_Assistant_API_ChatMessageRole' + description: Message role. + required: + - role + Security_AI_Assistant_API_ChatMessageRole: + description: Message role. + enum: + - system + - user + - assistant + type: string + Security_AI_Assistant_API_ConversationCategory: + description: The conversation category. + enum: + - assistant + - insights + type: string + Security_AI_Assistant_API_ConversationConfidence: + description: The conversation confidence. + enum: + - low + - medium + - high + type: string + Security_AI_Assistant_API_ConversationCreateProps: + type: object + properties: + apiConfig: + $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' + description: LLM API configuration. + category: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' + description: The conversation category. + excludeFromLastConversationStorage: + description: excludeFromLastConversationStorage. + type: boolean + id: + description: The conversation id. type: string - created_by: - $ref: '#/components/schemas/Cases_case_response_created_by_properties' + isDefault: + description: Is default conversation. + type: boolean + messages: + description: The conversation messages. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_Message' + type: array + replacements: + $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' + title: + description: The conversation title. + type: string + required: + - title + Security_AI_Assistant_API_ConversationResponse: + type: object + properties: + apiConfig: + $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' + description: LLM API configuration. + category: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' + description: The conversation category. + createdAt: + description: The last time conversation was updated. + type: string + excludeFromLastConversationStorage: + description: excludeFromLastConversationStorage. + type: boolean id: - example: 8af6ac20-74f6-11ea-b83a-553aecdb28b6 + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + isDefault: + description: Is default conversation. + type: boolean + messages: + description: The conversation messages. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_Message' + type: array + namespace: + description: Kibana space type: string - owner: - $ref: '#/components/schemas/Cases_owners' - pushed_at: - example: null - format: date-time - nullable: true + replacements: + $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + title: + description: The conversation title. type: string - pushed_by: - $ref: '#/components/schemas/Cases_case_response_pushed_by_properties' - type: - enum: - - user - example: user + updatedAt: + description: The last time conversation was updated. type: string - updated_at: - example: null - format: date-time - nullable: true + users: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + - title + - createdAt + - users + - namespace + - category + Security_AI_Assistant_API_ConversationSummary: + type: object + properties: + confidence: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_ConversationConfidence + description: >- + How confident you are about this being a correct and useful + learning. + content: + description: Summary text of the conversation over time. type: string - updated_by: - $ref: '#/components/schemas/Cases_case_response_updated_by_properties' - version: - example: WzIwNDMxLDFd + public: + description: Define if summary is marked as publicly available. + type: boolean + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + description: The timestamp summary was updated. + Security_AI_Assistant_API_ConversationUpdateProps: + type: object + properties: + apiConfig: + $ref: '#/components/schemas/Security_AI_Assistant_API_ApiConfig' + description: LLM API configuration. + category: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationCategory' + description: The conversation category. + excludeFromLastConversationStorage: + description: excludeFromLastConversationStorage. + type: boolean + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + messages: + description: The conversation messages. + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_Message' + type: array + replacements: + $ref: '#/components/schemas/Security_AI_Assistant_API_Replacements' + summary: + $ref: '#/components/schemas/Security_AI_Assistant_API_ConversationSummary' + title: + description: The conversation title. type: string required: - - type - Data_views_400_response: - title: Bad request + - id + Security_AI_Assistant_API_FindAnonymizationFieldsSortField: + enum: + - created_at + - anonymized + - allowed + - field + - updated_at + type: string + Security_AI_Assistant_API_FindConversationsSortField: + enum: + - created_at + - is_default + - title + - updated_at + type: string + Security_AI_Assistant_API_FindPromptsSortField: + enum: + - created_at + - is_default + - name + - updated_at + type: string + Security_AI_Assistant_API_Message: + description: AI assistant conversation message. type: object properties: - error: - example: Bad Request + content: + description: Message content. + type: string + isError: + description: Is error message. + type: boolean + reader: + $ref: '#/components/schemas/Security_AI_Assistant_API_Reader' + description: Message content. + role: + $ref: '#/components/schemas/Security_AI_Assistant_API_MessageRole' + description: Message role. + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + description: The timestamp message was sent or received. + traceData: + $ref: '#/components/schemas/Security_AI_Assistant_API_TraceData' + description: trace Data + required: + - timestamp + - content + - role + Security_AI_Assistant_API_MessageData: + additionalProperties: true + type: object + Security_AI_Assistant_API_MessageRole: + description: Message role. + enum: + - system + - user + - assistant + type: string + Security_AI_Assistant_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_AI_Assistant_API_NormalizedAnonymizationFieldError: + type: object + properties: + anonymization_fields: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_AnonymizationFieldDetailsInError + type: array + err_code: type: string message: type: string - statusCode: - example: 400 - type: number + status_code: + type: integer required: - - statusCode - - error - message - Data_views_404_response: + - status_code + - anonymization_fields + Security_AI_Assistant_API_NormalizedPromptError: type: object properties: - error: - enum: - - Not Found - example: Not Found + err_code: type: string message: - example: >- - Saved object [index-pattern/caaad6d0-920c-11ed-b36a-874bd1548a00] - not found type: string - statusCode: - enum: - - 404 - example: 404 + prompts: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptDetailsInError + type: array + status_code: type: integer - Data_views_allownoindex: - description: Allows the data view saved object to exist before the data is available. - type: boolean - Data_views_create_data_view_request_object: - title: Create data view request + required: + - message + - status_code + - prompts + Security_AI_Assistant_API_PromptCreateProps: type: object properties: - data_view: - description: The data view object. - type: object - properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - version: - type: string - required: - - title - override: - default: false - description: >- - Override an existing data view if a data view with the provided - title already exists. + categories: + items: + type: string + type: array + color: + type: string + consumer: + type: string + content: + type: string + isDefault: + type: boolean + isNewConversationDefault: + type: boolean + name: + type: string + promptType: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' + required: + - name + - content + - promptType + Security_AI_Assistant_API_PromptDetailsInError: + type: object + properties: + id: + type: string + name: + type: string + required: + - id + Security_AI_Assistant_API_PromptResponse: + type: object + properties: + categories: + items: + type: string + type: array + color: + type: string + consumer: + type: string + content: + type: string + createdAt: + type: string + createdBy: + type: string + id: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + isDefault: type: boolean + isNewConversationDefault: + type: boolean + name: + type: string + namespace: + description: Kibana space + type: string + promptType: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptType' + timestamp: + $ref: '#/components/schemas/Security_AI_Assistant_API_NonEmptyString' + updatedAt: + type: string + updatedBy: + type: string + users: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_User' + type: array + required: + - id + - name + - promptType + - content + Security_AI_Assistant_API_PromptsBulkActionSkipReason: + enum: + - PROMPT_FIELD_NOT_MODIFIED + type: string + Security_AI_Assistant_API_PromptsBulkActionSkipResult: + type: object + properties: + id: + type: string + name: + type: string + skip_reason: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipReason required: - - data_view - Data_views_data_view_response_object: - title: Data view response properties + - id + - skip_reason + Security_AI_Assistant_API_PromptsBulkCrudActionResponse: type: object properties: - data_view: + attributes: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldAttrs: - additionalProperties: - $ref: '#/components/schemas/Data_views_fieldattrs' - type: object - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - id: - example: ff959d40-b880-11e8-a6d9-e546fe2bba5f - type: string - name: - description: The data view name. - type: string - namespaces: - $ref: '#/components/schemas/Data_views_namespaces' - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta_response' - version: - example: WzQ2LDJd - type: string - Data_views_fieldattrs: - description: A map of field attributes by field name. + errors: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_NormalizedPromptError + type: array + results: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkCrudActionResults + summary: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_BulkCrudActionSummary + required: + - results + - summary + message: + type: string + prompts_count: + type: integer + status_code: + type: integer + success: + type: boolean + required: + - attributes + Security_AI_Assistant_API_PromptsBulkCrudActionResults: type: object properties: - count: - description: Popularity count for the field. - type: integer - customDescription: - description: Custom description for the field. - maxLength: 300 + created: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + type: array + deleted: + items: + type: string + type: array + skipped: + items: + $ref: >- + #/components/schemas/Security_AI_Assistant_API_PromptsBulkActionSkipResult + type: array + updated: + items: + $ref: '#/components/schemas/Security_AI_Assistant_API_PromptResponse' + type: array + required: + - updated + - created + - deleted + - skipped + Security_AI_Assistant_API_PromptType: + description: Prompt type + enum: + - system + - quick + type: string + Security_AI_Assistant_API_PromptUpdateProps: + type: object + properties: + categories: + items: + type: string + type: array + color: type: string - customLabel: - description: Custom label for the field. + consumer: type: string - Data_views_fieldformats: - description: A map of field formats by field name. + content: + type: string + id: + type: string + isDefault: + type: boolean + isNewConversationDefault: + type: boolean + required: + - id + Security_AI_Assistant_API_Provider: + description: Provider + enum: + - OpenAI + - Azure OpenAI + type: string + Security_AI_Assistant_API_Reader: + additionalProperties: true type: object - Data_views_namespaces: - description: >- - An array of space identifiers for sharing the data view between multiple - spaces. - items: - default: default + Security_AI_Assistant_API_Replacements: + additionalProperties: type: string + description: Replacements object used to anonymize/deanomymize messsages + type: object + Security_AI_Assistant_API_SortOrder: + enum: + - asc + - desc + type: string + Security_AI_Assistant_API_TraceData: + description: trace Data + type: object + properties: + traceId: + description: Could be any string, not necessarily a UUID + type: string + transactionId: + description: Could be any string, not necessarily a UUID + type: string + Security_AI_Assistant_API_User: + description: Could be any string, not necessarily a UUID + type: object + properties: + id: + description: User id + type: string + name: + description: User name + type: string + Security_Detections_API_AlertAssignees: + type: object + properties: + add: + description: A list of users ids to assign. + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + type: array + remove: + description: A list of users ids to unassign. + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + type: array + required: + - add + - remove + Security_Detections_API_AlertIds: + description: A list of alerts ids. + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + minItems: 1 type: array - Data_views_runtimefieldmap: - description: A map of runtime field definitions by field name. + Security_Detections_API_AlertsIndex: + deprecated: true + description: (deprecated) Has no effect. + type: string + Security_Detections_API_AlertsIndexMigrationError: type: object properties: - script: + error: type: object properties: - source: - description: Script for the runtime field. + message: type: string - type: - description: Mapping type of the runtime field. + status_code: + type: string + required: + - message + - status_code + index: type: string required: - - script - - type - Data_views_sourcefilters: - description: The array of field names you want to filter out in Discover. - items: - type: object - properties: - value: - type: string - required: - - value - type: array - Data_views_swap_data_view_request_object: - title: Data view reference swap request + - index + - error + Security_Detections_API_AlertsIndexMigrationSuccess: type: object properties: - delete: - description: Deletes referenced saved object if all references are removed. - type: boolean - forId: - description: Limit the affected saved objects to one or more by identifier. - oneOf: - - type: string - - items: - type: string - type: array - forType: - description: Limit the affected saved objects by type. - type: string - fromId: - description: The saved object reference to change. + index: type: string - fromType: - description: > - Specify the type of the saved object reference to alter. The default - value is `index-pattern` for data views. + migration_id: type: string - toId: - description: New saved object reference value to replace the old value. + migration_index: type: string required: - - fromId - - toId - Data_views_timefieldname: - description: The timestamp field name, which you use for time-based data views. + - index + - migration_id + - migration_index + Security_Detections_API_AlertsIndexNamespace: + description: Has no effect. type: string - Data_views_title: - description: >- - Comma-separated list of data streams, indices, and aliases that you want - to search. Supports wildcards (`*`). + Security_Detections_API_AlertsReindexOptions: + type: object + properties: + requests_per_second: + minimum: 1 + type: integer + size: + minimum: 1 + type: integer + slices: + minimum: 1 + type: integer + Security_Detections_API_AlertsSort: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_AlertsSortCombinations' + - items: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsSortCombinations + type: array + Security_Detections_API_AlertsSortCombinations: + anyOf: + - type: string + - additionalProperties: true + type: object + Security_Detections_API_AlertStatus: + enum: + - open + - closed + - acknowledged + - in-progress type: string - Data_views_type: - description: When set to `rollup`, identifies the rollup data views. + Security_Detections_API_AlertSuppression: + type: object + properties: + duration: + $ref: >- + #/components/schemas/Security_Detections_API_AlertSuppressionDuration + group_by: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppressionGroupBy' + missing_fields_strategy: + $ref: >- + #/components/schemas/Security_Detections_API_AlertSuppressionMissingFieldsStrategy + required: + - group_by + Security_Detections_API_AlertSuppressionDuration: + type: object + properties: + unit: + enum: + - s + - m + - h + type: string + value: + minimum: 1 + type: integer + required: + - value + - unit + Security_Detections_API_AlertSuppressionGroupBy: + items: + type: string + maxItems: 3 + minItems: 1 + type: array + Security_Detections_API_AlertSuppressionMissingFieldsStrategy: + description: >- + Describes how alerts will be generated for documents with missing + suppress by fields: + + doNotSuppress - per each document a separate alert will be created + + suppress - only alert will be created per suppress by bucket + enum: + - doNotSuppress + - suppress type: string - Data_views_typemeta: + Security_Detections_API_AlertTag: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_AlertTags: + items: + $ref: '#/components/schemas/Security_Detections_API_AlertTag' + type: array + Security_Detections_API_AlertVersion: + type: object + properties: + count: + type: integer + version: + type: integer + required: + - version + - count + Security_Detections_API_AnomalyThreshold: + description: Anomaly threshold + minimum: 0 + type: integer + Security_Detections_API_BuildingBlockType: description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. + Determines if the rule acts as a building block. By default, + building-block alerts are not displayed in the UI. These rules are used + as a foundation for other rules that do generate alerts. Its value must + be default. + type: string + Security_Detections_API_BulkActionEditPayload: + anyOf: + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTags + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadIndexPatterns + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadInvestigationFields + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadTimeline + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadRuleActions + - $ref: >- + #/components/schemas/Security_Detections_API_BulkActionEditPayloadSchedule + Security_Detections_API_BulkActionEditPayloadIndexPatterns: + type: object + properties: + overwrite_data_views: + type: boolean + type: + enum: + - add_index_patterns + - delete_index_patterns + - set_index_patterns + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadInvestigationFields: + type: object + properties: + type: + enum: + - add_investigation_fields + - delete_investigation_fields + - set_investigation_fields + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadRuleActions: type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. + type: + enum: + - add_rule_actions + - set_rule_actions + type: string + value: type: object + properties: + actions: + items: + $ref: >- + #/components/schemas/Security_Detections_API_NormalizedRuleAction + type: array + throttle: + $ref: >- + #/components/schemas/Security_Detections_API_ThrottleForBulkActions + required: + - actions required: - - aggs - - params - Data_views_typemeta_response: - description: >- - When you use rollup indices, contains the field list for the rollup data - view API endpoints. - nullable: true + - type + - value + Security_Detections_API_BulkActionEditPayloadSchedule: type: object properties: - aggs: - description: A map of rollup restrictions by aggregation type and field name. - type: object - params: - description: Properties for retrieving rollup fields. + type: + enum: + - set_schedule + type: string + value: type: object - Data_views_update_data_view_request_object: - title: Update data view request + properties: + interval: + description: >- + Interval in which the rule runs. For example, `"1h"` means the + rule runs every hour. + example: 1h + pattern: ^[1-9]\d*[smh]$ + type: string + lookback: + description: Lookback time for the rule + example: 1h + pattern: ^[1-9]\d*[smh]$ + type: string + required: + - interval + - lookback + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadTags: type: object properties: - data_view: - description: > - The data view properties you want to update. Only the specified - properties are updated in the data view. Unspecified fields stay as - they are persisted. + type: + enum: + - add_tags + - delete_tags + - set_tags + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + required: + - type + - value + Security_Detections_API_BulkActionEditPayloadTimeline: + type: object + properties: + type: + enum: + - set_timeline + type: string + value: type: object properties: - allowNoIndex: - $ref: '#/components/schemas/Data_views_allownoindex' - fieldFormats: - $ref: '#/components/schemas/Data_views_fieldformats' - fields: - type: object - name: - type: string - runtimeFieldMap: - additionalProperties: - $ref: '#/components/schemas/Data_views_runtimefieldmap' - type: object - sourceFilters: - $ref: '#/components/schemas/Data_views_sourcefilters' - timeFieldName: - $ref: '#/components/schemas/Data_views_timefieldname' - title: - $ref: '#/components/schemas/Data_views_title' - type: - $ref: '#/components/schemas/Data_views_type' - typeMeta: - $ref: '#/components/schemas/Data_views_typemeta' - refresh_fields: - default: false - description: Reloads the data view fields after the data view is updated. - type: boolean + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + required: + - timeline_id + - timeline_title required: - - data_view - Fleet_agent: - title: Agent + - type + - value + Security_Detections_API_BulkActionsDryRunErrCode: + enum: + - IMMUTABLE + - MACHINE_LEARNING_AUTH + - MACHINE_LEARNING_INDEX_PATTERN + - ESQL_INDEX_PATTERN + - MANUAL_RULE_RUN_FEATURE + - MANUAL_RULE_RUN_DISABLED_RULE + type: string + Security_Detections_API_BulkActionSkipResult: type: object properties: - access_api_key: + id: type: string - access_api_key_id: + name: type: string - active: - type: boolean - components: + skip_reason: + $ref: '#/components/schemas/Security_Detections_API_BulkEditSkipReason' + required: + - id + - skip_reason + Security_Detections_API_BulkCrudRulesResponse: + items: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + - $ref: '#/components/schemas/Security_Detections_API_ErrorSchema' + type: array + Security_Detections_API_BulkDeleteRules: + type: object + properties: + action: + enum: + - delete + type: string + ids: + description: Array of rule IDs items: - $ref: '#/components/schemas/Fleet_agent_component' + type: string + minItems: 1 type: array - default_api_key: - type: string - default_api_key_id: + query: + description: Query to filter rules type: string - enrolled_at: + required: + - action + Security_Detections_API_BulkDisableRules: + type: object + properties: + action: + enum: + - disable type: string - id: + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules type: string - last_checkin: + required: + - action + Security_Detections_API_BulkDuplicateRules: + type: object + properties: + action: + enum: + - duplicate type: string - local_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' - metrics: + duplicate: type: object properties: - cpu_avg: - description: >- - Average agent CPU usage during the last 5 minutes, number - between 0-1 - type: number - memory_size_byte_avg: - description: Average agent memory consumption during the last 5 minutes - type: number - policy_id: - type: string - policy_revision: - type: number - status: - $ref: '#/components/schemas/Fleet_agent_status' - type: - $ref: '#/components/schemas/Fleet_agent_type' - unenrolled_at: - type: string - unenrollment_started_at: + include_exceptions: + description: Whether to copy exceptions from the original rule + type: boolean + include_expired_exceptions: + description: Whether to copy expired exceptions from the original rule + type: boolean + required: + - include_exceptions + - include_expired_exceptions + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules type: string - user_provided_metadata: - $ref: '#/components/schemas/Fleet_agent_metadata' required: - - type - - active - - enrolled_at - - id - - status - Fleet_agent_action: - oneOf: - - properties: - ack_data: - type: string - data: - type: string - type: - enum: - - UNENROLL - - UPGRADE - - POLICY_REASSIGN - type: string - - properties: - data: - type: object - properties: - log_level: - enum: - - debug - - info - - warning - - error - nullable: true - type: string - type: - type: string - title: Agent action - Fleet_agent_component: - title: Agent component + - action + Security_Detections_API_BulkEditActionResponse: type: object properties: - id: - type: string + attributes: + type: object + properties: + errors: + items: + $ref: >- + #/components/schemas/Security_Detections_API_NormalizedRuleError + type: array + results: + $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionResults + summary: + $ref: >- + #/components/schemas/Security_Detections_API_BulkEditActionSummary + required: + - results + - summary message: type: string - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - type: string - units: + rules_count: + type: integer + status_code: + type: integer + success: + type: boolean + required: + - attributes + Security_Detections_API_BulkEditActionResults: + type: object + properties: + created: items: - $ref: '#/components/schemas/Fleet_agent_component_unit' + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' type: array - Fleet_agent_component_status: - enum: - - starting - - configuring - - healthy - - degraded - - failed - - stopping - - stopped - title: Agent component status - type: string - Fleet_agent_component_unit: - title: Agent component unit + deleted: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + skipped: + items: + $ref: '#/components/schemas/Security_Detections_API_BulkActionSkipResult' + type: array + updated: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleResponse' + type: array + required: + - updated + - created + - deleted + - skipped + Security_Detections_API_BulkEditActionSummary: + type: object + properties: + failed: + type: integer + skipped: + type: integer + succeeded: + type: integer + total: + type: integer + required: + - failed + - skipped + - succeeded + - total + Security_Detections_API_BulkEditRules: type: object properties: - id: + action: + enum: + - edit type: string - message: + edit: + description: Array of objects containing the edit operations + items: + $ref: '#/components/schemas/Security_Detections_API_BulkActionEditPayload' + minItems: 1 + type: array + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules type: string - payload: - type: object - status: - $ref: '#/components/schemas/Fleet_agent_component_status' - type: - $ref: '#/components/schemas/Fleet_agent_component_unit_type' - Fleet_agent_component_unit_type: + required: + - action + - edit + Security_Detections_API_BulkEditSkipReason: enum: - - input - - output - title: Agent component unit type + - RULE_NOT_MODIFIED type: string - Fleet_agent_diagnostics: - title: Agent diagnostics + Security_Detections_API_BulkEnableRules: type: object properties: - actionId: - type: string - createTime: + action: + enum: + - enable type: string - filePath: + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules type: string - id: + required: + - action + Security_Detections_API_BulkExportActionResponse: + type: string + Security_Detections_API_BulkExportRules: + type: object + properties: + action: + enum: + - export type: string - name: + ids: + description: Array of rule IDs + items: + type: string + minItems: 1 + type: array + query: + description: Query to filter rules type: string - status: - enum: - - READY - - AWAITING_UPLOAD - - DELETED - - IN_PROGRESS required: - - id - - name - - createTime - - filePath - - actionId - - status - Fleet_agent_get_by_actions: - items: - items: - type: string - type: array - title: Agents get by action ids - type: array - Fleet_agent_metadata: - title: Agent metadata - type: object - Fleet_agent_policy: - title: Agent Policy + - action + Security_Detections_API_BulkManualRuleRun: type: object properties: - advanced_settings: - description: >- - Advanced settings stored in the agent policy, e.g. - agent_limits_go_max_procs - nullable: true - type: object - agent_features: + action: + enum: + - run + type: string + ids: + description: Array of rule IDs items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled + type: string + minItems: 1 type: array - agents: - type: number - data_output_id: - nullable: true + query: + description: Query to filter rules type: string - description: + run: + type: object + properties: + end_date: + description: End date of the manual rule run + type: string + start_date: + description: Start date of the manual rule run + type: string + required: + - start_date + required: + - action + - run + Security_Detections_API_ConcurrentSearches: + minimum: 1 + type: integer + Security_Detections_API_DataViewId: + type: string + Security_Detections_API_DefaultParams: + type: object + properties: + command: + enum: + - isolate type: string - download_source_id: - nullable: true + comment: type: string - fleet_server_host_id: - nullable: true + required: + - command + Security_Detections_API_EcsMapping: + additionalProperties: + type: object + properties: + field: + type: string + value: + oneOf: + - type: string + - items: + type: string + type: array + type: object + Security_Detections_API_EndpointResponseAction: + type: object + properties: + action_type_id: + enum: + - .endpoint type: string - global_data_tags: + params: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_DefaultParams' + - $ref: '#/components/schemas/Security_Detections_API_ProcessesParams' + required: + - action_type_id + - params + Security_Detections_API_EqlOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + event_category_override: + $ref: '#/components/schemas/Security_Detections_API_EventCategoryOverride' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + response_actions: items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - id: + tiebreaker_field: + $ref: '#/components/schemas/Security_Detections_API_TiebreakerField' + timestamp_field: + $ref: '#/components/schemas/Security_Detections_API_TimestampField' + Security_Detections_API_EqlQueryLanguage: + enum: + - eql + type: string + Security_Detections_API_EqlRequiredFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' + description: Query language to use + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: EQL query to execute + type: + description: Rule type + enum: + - eql type: string - inactivity_timeout: - type: integer - is_protected: - description: >- - Indicates whether the agent policy has tamper protection enabled. - Default false. - type: boolean - keep_monitoring_alive: - description: >- - When set to true, monitoring will be enabled but logs/metrics - collection will be disabled - nullable: true - type: boolean - monitoring_diagnostics: - type: object + required: + - type + - query + - language + Security_Detections_API_EqlRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleResponseFields' + Security_Detections_API_EqlRuleCreateFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_EqlRulePatchFields: + allOf: + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EqlQueryLanguage' + description: Query language to use + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: EQL query to execute + type: + description: Rule type + enum: + - eql + type: string + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchFields' + Security_Detections_API_EqlRuleResponseFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_EqlOptionalFields' + Security_Detections_API_EqlRuleUpdateProps: + allOf: + - type: object properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - monitoring_enabled: - items: - enum: - - metrics - - logs - type: string - type: array - monitoring_http: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateFields' + Security_Detections_API_ErrorSchema: + additionalProperties: false + type: object + properties: + error: type: object properties: - enabled: - type: boolean - host: + message: type: string - port: - type: number + status_code: + minimum: 400 + type: integer required: - - enabled - monitoring_output_id: - nullable: true - type: string - monitoring_pprof_enabled: - type: boolean - name: - type: string - namespace: + - status_code + - message + id: type: string - overrides: - description: >- - Override settings that are defined in the agent policy. Input - settings cannot be overridden. The override option should be used - only in unusual circumstances and not as a routine procedure. - nullable: true - type: object - package_policies: - description: >- - This field is present only when retrieving a single agent policy, or - when retrieving a list of agent policies with the ?full=true - parameter - items: - $ref: '#/components/schemas/Fleet_package_policy' - type: array - revision: - type: number - supports_agentless: - description: >- - Indicates whether the agent policy supports agentless integrations. - Only allowed in a serverless environment. - type: boolean - unenroll_timeout: - type: integer - unprivileged_agents: - type: number - updated_by: + item_id: + minLength: 1 type: string - updated_on: - format: date-time + list_id: + minLength: 1 type: string + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' required: - - id - - status - - name - - namespace - Fleet_agent_policy_create_request: - title: Create agent policy request + - error + Security_Detections_API_EsqlQueryLanguage: + enum: + - esql + type: string + Security_Detections_API_EsqlRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleResponseFields' + Security_Detections_API_EsqlRuleCreateFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EsqlRuleOptionalFields: type: object properties: - agent_features: - items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled - type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: - items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object - type: array - id: - type: string - inactivity_timeout: - type: integer - is_protected: - type: boolean - monitoring_enabled: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + response_actions: items: - enum: - - metrics - - logs - type: string + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - monitoring_output_id: - nullable: true - type: string - name: + Security_Detections_API_EsqlRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + language: + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: ESQL query to execute + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + type: + description: Rule type + enum: + - esql + type: string + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + Security_Detections_API_EsqlRuleRequiredFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_EsqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + description: ESQL query to execute + type: + description: Rule type + enum: + - esql type: string - namespace: + required: + - type + - language + - query + Security_Detections_API_EsqlRuleResponseFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleOptionalFields' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleRequiredFields' + Security_Detections_API_EsqlRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateFields' + Security_Detections_API_EventCategoryOverride: + type: string + Security_Detections_API_ExceptionListType: + description: The exception type + enum: + - detection + - rule_default + - endpoint + - endpoint_trusted_apps + - endpoint_events + - endpoint_host_isolation_exceptions + - endpoint_blocklists + type: string + Security_Detections_API_ExternalRuleSource: + description: >- + Type of rule source for externally sourced rules, i.e. rules that have + an external source, such as the Elastic Prebuilt rules repo. + type: object + properties: + is_customized: + $ref: >- + #/components/schemas/Security_Detections_API_IsExternalRuleCustomized + type: + enum: + - external type: string - unenroll_timeout: - type: integer required: + - type + - is_customized + Security_Detections_API_FindRulesSortField: + enum: + - created_at + - createdAt + - enabled + - execution_summary.last_execution.date + - execution_summary.last_execution.metrics.execution_gap_duration_s + - execution_summary.last_execution.metrics.total_indexing_duration_ms + - execution_summary.last_execution.metrics.total_search_duration_ms + - execution_summary.last_execution.status - name - - namespace - Fleet_agent_policy_full: - oneOf: - - type: object - properties: - item: - type: string - - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_full_agent_policy' - title: Agent policy full response - type: object - Fleet_agent_policy_update_request: - title: Update agent policy request + - risk_score + - riskScore + - severity + - updated_at + - updatedAt + type: string + Security_Detections_API_HistoryWindowStart: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + Security_Detections_API_IndexMigrationStatus: type: object properties: - agent_features: + index: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + is_outdated: + type: boolean + migrations: items: - type: object - properties: - enabled: - type: boolean - name: - type: string - required: - - name - - enabled + $ref: '#/components/schemas/Security_Detections_API_MigrationStatus' type: array - data_output_id: - nullable: true - type: string - description: - type: string - download_source_id: - nullable: true - type: string - fleet_server_host_id: - nullable: true - type: string - force: - description: Force agent policy creation even if packages are not verified. - type: boolean - global_data_tags: + signal_versions: items: - additionalProperties: - oneOf: - - type: string - - type: number - description: >- - User defined data tags that are added to all of the inputs. The - values can be strings or numbers. - type: object + $ref: '#/components/schemas/Security_Detections_API_AlertVersion' type: array - inactivity_timeout: + version: type: integer - is_protected: - type: boolean - monitoring_enabled: + required: + - index + - version + - signal_versions + - migrations + - is_outdated + Security_Detections_API_IndexPatternArray: + items: + type: string + type: array + Security_Detections_API_InternalRuleSource: + description: >- + Type of rule source for internally sourced rules, i.e. created within + the Kibana apps. + type: object + properties: + type: + enum: + - internal + type: string + required: + - type + Security_Detections_API_InvestigationFields: + description: > + Schema for fields relating to investigation fields. These are user + defined fields we use to highlight + + in various features in the UI such as alert details flyout and + exceptions auto-population from alert. + + Added in PR #163235 + + Right now we only have a single field but anticipate adding more related + fields to store various + + configuration states such as `override` - where a user might say if they + want only these fields to + + display, or if they want these fields + the fields we select. When + expanding this field, it may look + + something like: + + ```typescript + + const investigationFields = z.object({ + field_names: NonEmptyArray(NonEmptyString), + override: z.boolean().optional(), + }); + + ``` + type: object + properties: + field_names: items: - enum: - - metrics - - logs - type: string + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + minItems: 1 type: array - monitoring_output_id: - nullable: true - type: string - name: - type: string - namespace: - type: string - unenroll_timeout: - type: integer required: - - name - - namespace - Fleet_agent_status: - enum: - - offline - - error - - online - - inactive - - warning - title: Elastic Agent status + - field_names + Security_Detections_API_InvestigationGuide: + description: Notes to help investigate alerts produced by the rule. type: string - Fleet_agent_type: + Security_Detections_API_IsExternalRuleCustomized: + description: >- + Determines whether an external/prebuilt rule has been customized by the + user (i.e. any of its fields have been modified and diverged from the + base value). + type: boolean + Security_Detections_API_IsRuleEnabled: + description: Determines whether the rule is enabled. + type: boolean + Security_Detections_API_IsRuleImmutable: + deprecated: true + description: >- + This field determines whether the rule is a prebuilt Elastic rule. It + will be replaced with the `rule_source` field. + type: boolean + Security_Detections_API_ItemsPerSearch: + minimum: 1 + type: integer + Security_Detections_API_KqlQueryLanguage: enum: - - PERMANENT - - EPHEMERAL - - TEMPORARY - title: Agent type + - kuery + - lucene type: string - Fleet_bulk_install_packages_response: - title: Bulk install packages response + Security_Detections_API_MachineLearningJobId: + description: Machine learning job ID + oneOf: + - type: string + - items: + type: string + minItems: 1 + type: array + Security_Detections_API_MachineLearningRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleResponseFields + Security_Detections_API_MachineLearningRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MachineLearningRuleOptionalFields: type: object properties: - items: - items: - type: object - properties: - name: - type: string - version: - type: string - type: array - response: - deprecated: true - items: - type: object - properties: - name: - type: string - version: - type: string - type: array + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + Security_Detections_API_MachineLearningRulePatchFields: + allOf: + - type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' + machine_learning_job_id: + $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningJobId + type: + description: Rule type + enum: + - machine_learning + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRulePatchFields + Security_Detections_API_MachineLearningRuleRequiredFields: + type: object + properties: + anomaly_threshold: + $ref: '#/components/schemas/Security_Detections_API_AnomalyThreshold' + machine_learning_job_id: + $ref: '#/components/schemas/Security_Detections_API_MachineLearningJobId' + type: + description: Rule type + enum: + - machine_learning + type: string required: - - items - Fleet_bulk_upgrade_agents: - title: Bulk upgrade agents + - type + - machine_learning_job_id + - anomaly_threshold + Security_Detections_API_MachineLearningRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleOptionalFields + Security_Detections_API_MachineLearningRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateFields + Security_Detections_API_MaxSignals: + minimum: 1 + type: integer + Security_Detections_API_MigrationCleanupResult: type: object properties: - agents: - oneOf: - - description: KQL query string, leave empty to action all agents + destinationIndex: + type: string + error: + type: object + properties: + message: type: string - - description: list of agent IDs - items: - type: string - type: array - force: - description: Force upgrade, skipping validation (should be used with caution) - type: boolean - rollout_duration_seconds: - description: rolling upgrade window duration in seconds - type: number - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: - description: alternative upgrade binary download url + status_code: + type: integer + required: + - message + - status_code + id: type: string - start_time: - description: start time of upgrade in ISO 8601 format + sourceIndex: + type: string + status: + enum: + - success + - failure + - pending + type: string + updated: + format: date-time type: string version: - description: version to upgrade to type: string required: - - agents + - id + - destinationIndex + - status + - sourceIndex - version - Fleet_data_stream: - title: Data stream + - updated + Security_Detections_API_MigrationFinalizationResult: type: object properties: - dashboard: - items: - type: object - properties: - id: - type: string - title: - type: string - type: array - dataset: - type: string - index: + completed: + type: boolean + destinationIndex: type: string - last_activity_ms: - type: number - namespace: + error: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - message + - status_code + id: type: string - package: + sourceIndex: type: string - package_version: + status: + enum: + - success + - failure + - pending type: string - size_in_bytes: - type: number - size_in_bytes_formatted: + updated: + format: date-time type: string - type: + version: type: string - Fleet_download_sources: - title: Download Source + required: + - id + - completed + - destinationIndex + - status + - sourceIndex + - version + - updated + Security_Detections_API_MigrationStatus: type: object properties: - host: - type: string id: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + status: + enum: + - success + - failure + - pending type: string - is_default: - type: boolean - name: + updated: + format: date-time type: string - proxy_id: - description: >- - The ID of the proxy to use for this download source. See the proxies - API for more information. - nullable: true + version: + type: integer + required: + - id + - status + - version + - updated + Security_Detections_API_NewTermsFields: + items: + type: string + maxItems: 3 + minItems: 1 + type: array + Security_Detections_API_NewTermsRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleResponseFields + Security_Detections_API_NewTermsRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NewTermsRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_NewTermsRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' + type: array + Security_Detections_API_NewTermsRulePatchFields: + allOf: + - type: object + properties: + history_window_start: + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' + new_terms_fields: + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - new_terms + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleDefaultableFields + Security_Detections_API_NewTermsRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchFields' + Security_Detections_API_NewTermsRuleRequiredFields: + type: object + properties: + history_window_start: + $ref: '#/components/schemas/Security_Detections_API_HistoryWindowStart' + new_terms_fields: + $ref: '#/components/schemas/Security_Detections_API_NewTermsFields' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + type: + description: Rule type + enum: + - new_terms type: string required: - - is_default - - name - - host - Fleet_elasticsearch_asset_type: - enum: - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - title: Elasticsearch asset type + - type + - query + - new_terms_fields + - history_window_start + Security_Detections_API_NewTermsRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_NewTermsRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_NewTermsRuleCreateFields + Security_Detections_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ type: string - Fleet_enrollment_api_key: - title: Enrollment API key + Security_Detections_API_NormalizedRuleAction: + additionalProperties: false type: object properties: - active: - description: >- - When false, the enrollment API key is revoked and cannot be used for - enrolling Elastic Agents. - type: boolean - api_key: - description: The enrollment API key (token) used for enrolling Elastic Agents. - type: string - api_key_id: - description: The ID of the API key in the Security API. - type: string - created_at: - type: string + alerts_filter: + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' + frequency: + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' + group: + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' id: - type: string - name: - description: The name of the enrollment API key. - type: string - policy_id: - description: The ID of the agent policy the Elastic Agent will be enrolled in. - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' + params: + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' required: - id - - api_key_id - - api_key - - active - - created_at - Fleet_fleet_server_host: - title: Fleet Server Host + - params + Security_Detections_API_NormalizedRuleError: type: object properties: - host_urls: + err_code: + $ref: >- + #/components/schemas/Security_Detections_API_BulkActionsDryRunErrCode + message: + type: string + rules: items: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleDetailsInError' + type: array + status_code: + type: integer + required: + - message + - status_code + - rules + Security_Detections_API_OsqueryParams: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' + pack_id: + type: string + queries: + items: + $ref: '#/components/schemas/Security_Detections_API_OsqueryQuery' type: array + query: + type: string + saved_query_id: + type: string + timeout: + type: number + Security_Detections_API_OsqueryQuery: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Detections_API_EcsMapping' id: + description: Query ID type: string - is_default: - type: boolean - is_internal: + platform: + type: string + query: + description: Query to run + type: string + removed: type: boolean - is_preconfigured: + snapshot: type: boolean - name: - type: string - proxy_id: + version: + description: Query version type: string required: - - fleet_server_hosts - id - - is_default - - is_preconfigured - - host_urls - Fleet_fleet_settings_response: - title: Fleet settings response - type: object - properties: - item: - $ref: '#/components/schemas/Fleet_settings' - required: - - item - Fleet_fleet_setup_response: - title: Fleet Setup response + - query + Security_Detections_API_OsqueryResponseAction: type: object properties: - isInitialized: - type: boolean - nonFatalErrors: - items: - type: object - properties: - message: - type: string - name: - type: string - required: - - name - - message - type: array + action_type_id: + enum: + - .osquery + type: string + params: + $ref: '#/components/schemas/Security_Detections_API_OsqueryParams' required: - - isInitialized - - nonFatalErrors - Fleet_fleet_status_response: - title: Fleet status response + - action_type_id + - params + Security_Detections_API_PlatformErrorResponse: type: object properties: - isReady: - type: boolean - missing_optional_features: - items: - enum: - - encrypted_saved_object_encryption_key_required - type: string - type: array - missing_requirements: - items: - enum: - - tls_required - - api_keys - - fleet_admin_user - - fleet_server - type: string - type: array - package_verification_key_id: + error: + type: string + message: type: string + statusCode: + type: integer required: - - isReady - - missing_requirements - - missing_optional_features - Fleet_full_agent_policy: - title: Full agent policy + - statusCode + - error + - message + Security_Detections_API_ProcessesParams: type: object properties: - agent: - nullable: true - type: string - fleet: - oneOf: - - type: object - properties: - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: - type: string - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - renegotiation: - type: string - verification_mode: - type: string - - type: object - properties: - kibana: - type: object - properties: - hosts: - items: - type: string - type: array - path: - type: string - protocol: - type: string - id: + command: + enum: + - kill-process + - suspend-process type: string - inputs: + comment: type: string - monitoring: + config: type: object properties: - diagnostics: - type: object - properties: - limit: - type: object - properties: - burst: - type: number - interval: - type: string - uploader: - type: object - properties: - init_dur: - type: string - max_dur: - type: string - max_retries: - type: number - enabled: - type: boolean - http: - type: object - properties: - enabled: - type: boolean - host: - type: string - port: - type: number - required: - - enabled - logs: - type: boolean - metrics: - type: boolean - namespace: + field: + description: Field to use instead of process.pid type: string - pprof: - type: object - properties: - enabled: - type: boolean - required: - - enabled - traces: + overwrite: + default: true + description: Whether to overwrite field with process.pid type: boolean - use_output: - type: string required: + - field + required: + - command + - config + Security_Detections_API_QueryRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags - enabled - - metrics - - logs - - traces - output_permissions: - additionalProperties: - type: object - properties: - data: + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleResponseFields' + Security_Detections_API_QueryRuleCreateFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: $ref: >- - #/components/schemas/Fleet_full_agent_policy_output_permissions - output: - type: integer - type: object - outputs: - additionalProperties: - $ref: '#/components/schemas/Fleet_full_agent_policy_output' - type: object - revision: - type: number - secret_references: + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_QueryRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + Security_Detections_API_QueryRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + response_actions: items: - type: object - properties: - id: - type: string + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array - required: - - id - - outputs - - inputs - Fleet_full_agent_policy_input: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_QueryRulePatchFields: allOf: - - additionalProperties: true - type: object + - type: object properties: - data_stream: - type: object - properties: - namespace: - type: string - required: - - namespace - id: + type: + description: Rule type + enum: + - query type: string + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' + - $ref: >- + #/components/schemas/Security_Detections_API_QueryRuleDefaultableFields + Security_Detections_API_QueryRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' meta: - additionalProperties: true - type: object - properties: - package: - type: object - properties: - name: - type: string - version: - type: string - required: - - name - - version + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - type: string - revision: - type: number - streams: - $ref: '#/components/schemas/Fleet_full_agent_policy_input_stream' - type: - type: string - use_output: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchFields' + Security_Detections_API_QueryRuleRequiredFields: + type: object + properties: + type: + description: Rule type + enum: + - query + type: string + required: + - type + Security_Detections_API_QueryRuleResponseFields: + allOf: + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleRequiredFields' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleOptionalFields' + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' required: - - id - - name - - revision - - type - - data_stream - - use_output - title: Full agent policy input - Fleet_full_agent_policy_input_stream: + - query + - language + Security_Detections_API_QueryRuleUpdateProps: allOf: - - additionalProperties: true - type: object + - type: object properties: - data_stream: - type: object - properties: - dataset: - type: string - type: - type: string - required: - - dataset - - type + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - - id - - data_stream - title: Full agent policy input stream - Fleet_full_agent_policy_output: - title: Full agent policy + - name + - description + - risk_score + - severity + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateFields' + Security_Detections_API_RelatedIntegration: + description: > + Related integration is a potential dependency of a rule. It's assumed + that if the user installs + + one of the related integrations of a rule, the rule might start to work + properly because it will + + have source events (generated by this integration) potentially matching + the rule's query. + + + NOTE: Proper work is not guaranteed, because a related integration, if + installed, can be + + configured differently or generate data that is not necessarily relevant + for this rule. + + + Related integration is a combination of a Fleet package and (optionally) + one of the + + package's "integrations" that this package contains. It is represented + by 3 properties: + + + - `package`: name of the package (required, unique id) + + - `version`: version of the package (required, semver-compatible) + + - `integration`: name of the integration of this package (optional, id + within the package) + + + There are Fleet packages like `windows` that contain only one + integration; in this case, + + `integration` should be unspecified. There are also packages like `aws` + and `azure` that contain + + several integrations; in this case, `integration` should be specified. + + + @example + + const x: RelatedIntegration = { + package: 'windows', + version: '1.5.x', + }; + + + @example + + const x: RelatedIntegration = { + package: 'azure', + version: '~1.1.6', + integration: 'activitylogs', + }; type: object properties: - additionalProperties: - type: object - properties: - text: {} - ca_sha256: - nullable: true + integration: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + package: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + version: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - package + - version + Security_Detections_API_RelatedIntegrationArray: + items: + $ref: '#/components/schemas/Security_Detections_API_RelatedIntegration' + type: array + Security_Detections_API_RequiredField: + description: > + Describes an Elasticsearch field that is needed for the rule to + function. + + + Almost all types of Security rules check source event documents for a + match to some kind of + + query or filter. If a document has certain field with certain values, + then it's a match and + + the rule will generate an alert. + + + Required field is an event field that must be present in the source + indices of a given rule. + + + @example + + const standardEcsField: RequiredField = { + name: 'event.action', + type: 'keyword', + ecs: true, + }; + + + @example + + const nonEcsField: RequiredField = { + name: 'winlog.event_data.AttributeLDAPDisplayName', + type: 'keyword', + ecs: false, + }; + type: object + properties: + ecs: + description: Whether the field is an ECS field + type: boolean + name: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Name of an Elasticsearch field + type: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Type of the Elasticsearch field + required: + - name + - type + - ecs + Security_Detections_API_RequiredFieldArray: + items: + $ref: '#/components/schemas/Security_Detections_API_RequiredField' + type: array + Security_Detections_API_RequiredFieldInput: + description: >- + Input parameters to create a RequiredField. Does not include the `ecs` + field, because `ecs` is calculated on the backend based on the field + name and type. + type: object + properties: + name: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Name of an Elasticsearch field + type: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: Type of an Elasticsearch field + required: + - name + - type + Security_Detections_API_ResponseAction: + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_OsqueryResponseAction' + - $ref: '#/components/schemas/Security_Detections_API_EndpointResponseAction' + Security_Detections_API_ResponseFields: + type: object + properties: + created_at: + format: date-time + type: string + created_by: + type: string + execution_summary: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionSummary' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + immutable: + $ref: '#/components/schemas/Security_Detections_API_IsRuleImmutable' + required_fields: + $ref: '#/components/schemas/Security_Detections_API_RequiredFieldArray' + revision: + minimum: 0 + type: integer + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_source: + $ref: '#/components/schemas/Security_Detections_API_RuleSource' + updated_at: + format: date-time type: string - hosts: - items: - type: string - type: array - proxy_headers: {} - proxy_url: + updated_by: type: string - type: {} required: - - type - - hosts - - ca_sha256 - Fleet_full_agent_policy_output_permissions: - additionalProperties: + - id + - rule_id + - immutable + - updated_at + - updated_by + - created_at + - created_by + - revision + - related_integrations + - required_fields + Security_Detections_API_RiskScore: + description: Risk score (0 to 100) + maximum: 100 + minimum: 0 + type: integer + Security_Detections_API_RiskScoreMapping: + description: >- + Overrides generated alerts' risk_score with a value from the source + event + items: type: object properties: - data: - type: object - properties: - cluster: - items: - type: string - type: array - indices: - items: - type: object - properties: - names: - items: - type: string - type: array - privileges: - items: - type: string - type: array - type: array - packagePolicyName: + field: type: string - title: Full agent policy output permissions - Fleet_get_agent_tags_response: - title: Get Agent Tags response + operator: + enum: + - equals + type: string + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + value: + type: string + required: + - field + - operator + - value + type: array + Security_Detections_API_RuleAction: type: object properties: - items: - items: - type: string - type: array - Fleet_get_agents_response: - title: Get Agent response + action_type_id: + description: The action type used for sending notifications. + type: string + alerts_filter: + $ref: '#/components/schemas/Security_Detections_API_RuleActionAlertsFilter' + frequency: + $ref: '#/components/schemas/Security_Detections_API_RuleActionFrequency' + group: + $ref: '#/components/schemas/Security_Detections_API_RuleActionGroup' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleActionId' + params: + $ref: '#/components/schemas/Security_Detections_API_RuleActionParams' + uuid: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - action_type_id + - id + - params + Security_Detections_API_RuleActionAlertsFilter: + additionalProperties: true + type: object + Security_Detections_API_RuleActionFrequency: + description: >- + The action frequency defines when the action runs (for example, only on + rule execution or at specific time intervals). type: object properties: - items: - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - list: - deprecated: true - items: - $ref: '#/components/schemas/Fleet_agent' - type: array - page: - type: number - perPage: - type: number - statusSummary: - type: object - properties: - degraded': - type: number - enrolling: - type: number - error: - type: number - inactive: - type: number - offline: - type: number - online: - type: number - unenrolled: - type: number - unenrolling: - type: number - updating: - type: number - total: - type: number + notifyWhen: + $ref: '#/components/schemas/Security_Detections_API_RuleActionNotifyWhen' + summary: + description: >- + Action summary indicates whether we will send a summary notification + about all the generate alerts or notification per individual alert + type: boolean + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + nullable: true required: - - items - - total - - page - - perPage - Fleet_get_bulk_assets_response: - deprecated: true + - summary + - notifyWhen + - throttle + Security_Detections_API_RuleActionGroup: + description: >- + Optionally groups actions by use cases. Use `default` for alert + notifications. + type: string + Security_Detections_API_RuleActionId: + description: The connector ID. + type: string + Security_Detections_API_RuleActionNotifyWhen: + description: >- + The condition for throttling the notification: `onActionGroupChange`, + `onActiveAlert`, or `onThrottleInterval` + enum: + - onActiveAlert + - onThrottleInterval + - onActionGroupChange + type: string + Security_Detections_API_RuleActionParams: + additionalProperties: true + description: >- + Object containing the allowed connector fields, which varies according + to the connector type. + type: object + Security_Detections_API_RuleActionThrottle: + description: Defines how often rule actions are taken. + oneOf: + - enum: + - no_actions + - rule + type: string + - description: Time interval in seconds, minutes, hours, or days. + example: 1h + pattern: ^[1-9]\d*[smhd]$ + type: string + Security_Detections_API_RuleAuthorArray: + items: + type: string + type: array + Security_Detections_API_RuleCreateProps: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleCreateProps' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateProps + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleCreateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleCreateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleCreateProps' + discriminator: + propertyName: type + Security_Detections_API_RuleDescription: + minLength: 1 + type: string + Security_Detections_API_RuleDetailsInError: + type: object properties: - items: - items: - type: object - properties: - appLink: - type: string - attributes: - type: object - properties: - description: - type: string - title: - type: string - id: - type: string - type: - $ref: '#/components/schemas/Fleet_saved_object_type' - updatedAt: - type: string - type: array + id: + type: string + name: + type: string required: - - items - title: Bulk get assets response + - id + Security_Detections_API_RuleExceptionList: type: object - Fleet_get_categories_response: - title: Get categories response + properties: + id: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: ID of the exception container + list_id: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + description: List ID of the exception container + namespace_type: + description: Determines the exceptions validity in rule's Kibana space + enum: + - agnostic + - single + type: string + type: + $ref: '#/components/schemas/Security_Detections_API_ExceptionListType' + required: + - id + - list_id + - type + - namespace_type + Security_Detections_API_RuleExecutionMetrics: type: object properties: - items: - items: - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array - response: - items: - deprecated: true - type: object - properties: - count: - type: number - id: - type: string - title: - type: string - required: - - id - - title - - count - type: array + execution_gap_duration_s: + description: Duration in seconds of execution gap + minimum: 0 + type: integer + total_enrichment_duration_ms: + description: >- + Total time spent enriching documents during current rule execution + cycle + minimum: 0 + type: integer + total_indexing_duration_ms: + description: >- + Total time spent indexing documents during current rule execution + cycle + minimum: 0 + type: integer + total_search_duration_ms: + description: >- + Total time spent performing ES searches as measured by Kibana; + includes network latency and time spent serializing/deserializing + request/response + minimum: 0 + type: integer + Security_Detections_API_RuleExecutionStatus: + description: >- + Custom execution status of Security rules that is different from the + status used in the Alerting Framework. We merge our custom status with + the Framework's status to determine the resulting status of a rule. + + - going to run - @deprecated Replaced by the 'running' status but left + for backwards compatibility with rule execution events already written + to Event Log in the prior versions of Kibana. Don't use when writing + rule status changes. + + - running - Rule execution started but not reached any intermediate or + final status. + + - partial failure - Rule can partially fail for various reasons either + in the middle of an execution (in this case we update its status right + away) or in the end of it. So currently this status can be both + intermediate and final at the same time. A typical reason for a partial + failure: not all the indices that the rule searches over actually exist. + + - failed - Rule failed to execute due to unhandled exception or a reason + defined in the business logic of its executor function. + + - succeeded - Rule executed successfully without any issues. Note: this + status is just an indication of a rule's "health". The rule might or + might not generate any alerts despite of it. + enum: + - going to run + - running + - partial failure + - failed + - succeeded + type: string + Security_Detections_API_RuleExecutionStatusOrder: + type: integer + Security_Detections_API_RuleExecutionSummary: + type: object + properties: + last_execution: + type: object + properties: + date: + description: Date of the last execution + format: date-time + type: string + message: + type: string + metrics: + $ref: >- + #/components/schemas/Security_Detections_API_RuleExecutionMetrics + status: + $ref: '#/components/schemas/Security_Detections_API_RuleExecutionStatus' + description: Status of the last execution + status_order: + $ref: >- + #/components/schemas/Security_Detections_API_RuleExecutionStatusOrder + required: + - date + - status + - status_order + - message + - metrics + required: + - last_execution + Security_Detections_API_RuleFalsePositiveArray: + items: + type: string + type: array + Security_Detections_API_RuleFilterArray: + items: {} + type: array + Security_Detections_API_RuleInterval: + description: >- + Frequency of rule execution, using a date math range. For example, "1h" + means the rule runs every hour. Defaults to 5m (5 minutes). + type: string + Security_Detections_API_RuleIntervalFrom: + description: >- + Time from which data is analyzed each time the rule runs, using a date + math range. For example, now-4200s means the rule analyzes data from 70 + minutes before its start time. Defaults to now-6m (analyzes data from 6 + minutes before the start time). + format: date-math + type: string + Security_Detections_API_RuleIntervalTo: + type: string + Security_Detections_API_RuleLicense: + description: The rule's license. + type: string + Security_Detections_API_RuleMetadata: + additionalProperties: true + type: object + Security_Detections_API_RuleName: + minLength: 1 + type: string + Security_Detections_API_RuleNameOverride: + description: Sets the source field for the alert's signal.rule.name value + type: string + Security_Detections_API_RuleObjectId: + $ref: '#/components/schemas/Security_Detections_API_UUID' + Security_Detections_API_RulePatchProps: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRulePatchProps' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRulePatchProps' + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchProps + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRulePatchProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRulePatchProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRulePatchProps' + Security_Detections_API_RulePreviewLoggedRequest: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + duration: + type: integer + request: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' required: - - items - Fleet_get_packages_response: - title: Get Packages response + - request + Security_Detections_API_RulePreviewLogs: type: object properties: - items: + duration: + description: Execution duration in milliseconds + type: integer + errors: items: - $ref: '#/components/schemas/Fleet_search_result' + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array - response: - deprecated: true + requests: items: - $ref: '#/components/schemas/Fleet_search_result' + $ref: >- + #/components/schemas/Security_Detections_API_RulePreviewLoggedRequest + type: array + startedAt: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + warnings: + items: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' type: array required: - - items - Fleet_installation_info: - title: Installation info object + - errors + - warnings + - duration + Security_Detections_API_RulePreviewParams: type: object properties: - created_at: + invocationCount: + type: integer + timeframeEnd: + format: date-time type: string - experimental_data_stream_features: + required: + - invocationCount + - timeframeEnd + Security_Detections_API_RuleQuery: + type: string + Security_Detections_API_RuleReferenceArray: + items: + type: string + type: array + Security_Detections_API_RuleResponse: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRule' + - $ref: '#/components/schemas/Security_Detections_API_QueryRule' + - $ref: '#/components/schemas/Security_Detections_API_SavedQueryRule' + - $ref: '#/components/schemas/Security_Detections_API_ThresholdRule' + - $ref: '#/components/schemas/Security_Detections_API_ThreatMatchRule' + - $ref: '#/components/schemas/Security_Detections_API_MachineLearningRule' + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRule' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRule' + discriminator: + propertyName: type + Security_Detections_API_RuleSignatureId: + description: Could be any string, not necessarily a UUID + type: string + Security_Detections_API_RuleSource: + description: >- + Discriminated union that determines whether the rule is internally + sourced (created within the Kibana app) or has an external source, such + as the Elastic Prebuilt rules repo. + discriminator: + propertyName: type + oneOf: + - $ref: '#/components/schemas/Security_Detections_API_ExternalRuleSource' + - $ref: '#/components/schemas/Security_Detections_API_InternalRuleSource' + Security_Detections_API_RuleTagArray: + description: >- + String array containing words and phrases to help categorize, filter, + and search rules. Defaults to an empty array. + items: + type: string + type: array + Security_Detections_API_RuleUpdateProps: + anyOf: + - $ref: '#/components/schemas/Security_Detections_API_EqlRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_QueryRuleUpdateProps' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleUpdateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleUpdateProps + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleUpdateProps + - $ref: >- + #/components/schemas/Security_Detections_API_MachineLearningRuleUpdateProps + - $ref: '#/components/schemas/Security_Detections_API_NewTermsRuleUpdateProps' + - $ref: '#/components/schemas/Security_Detections_API_EsqlRuleUpdateProps' + discriminator: + propertyName: type + Security_Detections_API_RuleVersion: + description: The rule's version number. + minimum: 1 + type: integer + Security_Detections_API_SavedObjectResolveAliasPurpose: + enum: + - savedObjectConversion + - savedObjectImport + type: string + Security_Detections_API_SavedObjectResolveAliasTargetId: + type: string + Security_Detections_API_SavedObjectResolveOutcome: + enum: + - exactMatch + - aliasMatch + - conflict + type: string + Security_Detections_API_SavedQueryId: + type: string + Security_Detections_API_SavedQueryRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleResponseFields + Security_Detections_API_SavedQueryRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SavedQueryRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_SavedQueryRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + response_actions: + items: + $ref: '#/components/schemas/Security_Detections_API_ResponseAction' type: array + Security_Detections_API_SavedQueryRulePatchFields: + allOf: + - type: object properties: - data_stream: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + type: + description: Rule type + enum: + - saved_query type: string - features: - type: object - properties: - doc_value_only_numeric: - nullable: true - type: boolean - doc_value_only_other: - nullable: true - type: boolean - synthetic_source: - nullable: true - type: boolean - tsdb: - nullable: true - type: boolean - install_format_schema_version: - type: string - install_kibana_space_id: - type: string - install_source: - enum: - - registry - - upload - - bundled - type: string - install_status: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleDefaultableFields + Security_Detections_API_SavedQueryRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRulePatchFields + Security_Detections_API_SavedQueryRuleRequiredFields: + type: object + properties: + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + type: + description: Rule type enum: - - installed - - installing - - install_failed + - saved_query type: string - installed_es: - type: object + required: + - type + - saved_id + Security_Detections_API_SavedQueryRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleOptionalFields + - type: object properties: - deferred: - type: boolean - id: - type: string - type: - $ref: '#/components/schemas/Fleet_elasticsearch_asset_type' - installed_kibana: - type: object + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_SavedQueryRuleUpdateProps: + allOf: + - type: object properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' id: - type: string - type: - $ref: '#/components/schemas/Fleet_kibana_saved_object_type' - latest_executed_state: - description: Latest successfully executed state in package install state machine - type: object - properties: - error: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - enum: - - create_restart_installation - - install_kibana_assets - - install_ilm_policies - - install_ml_model - - install_index_template_pipelines - - remove_legacy_templates - - update_current_write_indices - - install_transforms - - delete_previous_pipelines - - save_archive_entries_from_assets_map - - update_so - type: string - started_at: - type: string - latest_install_failed_attempts: - description: Latest failed install errors - items: - type: object - properties: - created_at: - type: string - error: - type: object - properties: - message: - type: string - name: - type: string - stack: - type: string - target_version: - type: string - type: array - name: - type: string - namespaces: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_SavedQueryRuleCreateFields + Security_Detections_API_SetAlertsStatusByIds: + type: object + properties: + signal_ids: items: - type: string + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + minItems: 1 type: array - type: - type: string - updated_at: - type: string - verification_key_id: - nullable: true - type: string - verification_status: + status: + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' + required: + - signal_ids + - status + Security_Detections_API_SetAlertsStatusByQuery: + type: object + properties: + conflicts: + default: abort enum: - - verified - - unverified - - unknown + - abort + - proceed type: string - version: + query: + additionalProperties: true + type: object + status: + $ref: '#/components/schemas/Security_Detections_API_AlertStatus' + required: + - query + - status + Security_Detections_API_SetAlertTags: + type: object + properties: + tags_to_add: + $ref: '#/components/schemas/Security_Detections_API_AlertTags' + tags_to_remove: + $ref: '#/components/schemas/Security_Detections_API_AlertTags' + required: + - tags_to_add + - tags_to_remove + Security_Detections_API_SetupGuide: + type: string + Security_Detections_API_Severity: + description: Severity of the rule + enum: + - low + - medium + - high + - critical + type: string + Security_Detections_API_SeverityMapping: + description: Overrides generated alerts' severity with values from the source event + items: + type: object + properties: + field: + type: string + operator: + enum: + - equals + type: string + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + value: + type: string + required: + - field + - operator + - severity + - value + type: array + Security_Detections_API_SiemErrorResponse: + type: object + properties: + message: type: string + status_code: + type: integer required: - - installed_kibana - - installed_es - - name - - version - - install_status - - install_version - - install_started_at - - install_source - - verification_status - - latest_install_failed_attempts - Fleet_kibana_saved_object_type: + - status_code + - message + Security_Detections_API_SkippedAlertsIndexMigration: + type: object + properties: + index: + type: string + required: + - index + Security_Detections_API_SortOrder: enum: - - dashboard - - visualization - - search - - index-pattern - - map - - lens - - ml-module - - security-rule - - csp_rule_template - title: Kibana saved object asset type + - asc + - desc type: string - Fleet_new_package_policy: - description: '' + Security_Detections_API_Threat: + type: object properties: - description: + framework: + description: Relevant attack framework type: string - enabled: - type: boolean - inputs: + tactic: + $ref: '#/components/schemas/Security_Detections_API_ThreatTactic' + technique: + description: Array containing information on the attack techniques (optional) items: - type: object - properties: - config: - type: object - enabled: - type: boolean - processors: - items: - type: string - type: array - streams: - items: {} - type: array - type: - type: string - vars: - type: object - required: - - type - - enabled + $ref: '#/components/schemas/Security_Detections_API_ThreatTechnique' type: array - name: - type: string - namespace: - type: string - output_id: + required: + - framework + - tactic + Security_Detections_API_ThreatArray: + items: + $ref: '#/components/schemas/Security_Detections_API_Threat' + type: array + Security_Detections_API_ThreatFilters: + items: + description: >- + Query and filter context array used to filter documents from the + Elasticsearch index containing the threat values + type: array + Security_Detections_API_ThreatIndex: + items: + type: string + type: array + Security_Detections_API_ThreatIndicatorPath: + description: >- + Defines the path to the threat indicator in the indicator documents + (optional) + type: string + Security_Detections_API_ThreatMapping: + items: + type: object + properties: + entries: + items: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + type: + enum: + - mapping + type: string + value: + $ref: '#/components/schemas/Security_Detections_API_NonEmptyString' + required: + - field + - type + - value + type: array + required: + - entries + minItems: 1 + type: array + Security_Detections_API_ThreatMatchRule: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleResponseFields + Security_Detections_API_ThreatMatchRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRuleCreateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatMatchRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: '#/components/schemas/Security_Detections_API_AlertSuppression' + concurrent_searches: + $ref: '#/components/schemas/Security_Detections_API_ConcurrentSearches' + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + items_per_search: + $ref: '#/components/schemas/Security_Detections_API_ItemsPerSearch' + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + threat_filters: + $ref: '#/components/schemas/Security_Detections_API_ThreatFilters' + threat_indicator_path: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndicatorPath' + threat_language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThreatMatchRulePatchFields: + allOf: + - type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threat_index: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' + threat_mapping: + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' + threat_query: + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' + type: + description: Rule type + enum: + - threat_match + type: string + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleDefaultableFields + Security_Detections_API_ThreatMatchRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRulePatchFields + Security_Detections_API_ThreatMatchRuleRequiredFields: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threat_index: + $ref: '#/components/schemas/Security_Detections_API_ThreatIndex' + threat_mapping: + $ref: '#/components/schemas/Security_Detections_API_ThreatMapping' + threat_query: + $ref: '#/components/schemas/Security_Detections_API_ThreatQuery' + type: + description: Rule type + enum: + - threat_match type: string - overrides: - type: object - package: - type: object + required: + - type + - query + - threat_query + - threat_mapping + - threat_index + Security_Detections_API_ThreatMatchRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThreatMatchRuleUpdateProps: + allOf: + - type: object properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' name: - type: string - requires_root: - type: boolean - title: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' version: - type: string + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' required: - name - - version - policy_id: - deprecated: true - nullable: true + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThreatMatchRuleCreateFields + Security_Detections_API_ThreatQuery: + description: Query to run + type: string + Security_Detections_API_ThreatSubtechnique: + type: object + properties: + id: + description: Subtechnique ID + type: string + name: + description: Subtechnique name + type: string + reference: + description: Subtechnique reference type: string - policy_ids: - items: - type: string - type: array required: - - inputs + - id - name - title: New package policy - type: object - Fleet_output_create_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_create_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_create_request_kafka' - logstash: '#/components/schemas/Fleet_output_create_request_logstash' - remote_elasticsearch: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - propertyName: type - oneOf: - - $ref: '#/components/schemas/Fleet_output_create_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_create_request_kafka' - - $ref: '#/components/schemas/Fleet_output_create_request_logstash' - - $ref: >- - #/components/schemas/Fleet_output_create_request_remote_elasticsearch - title: Output - Fleet_output_create_request_elasticsearch: - title: elasticsearch + - reference + Security_Detections_API_ThreatTactic: type: object properties: - ca_sha256: + id: + description: Tactic ID type: string - ca_trusted_fingerprint: + name: + description: Tactic name type: string - config: - type: object - config_yaml: + reference: + description: Tactic reference type: string - hosts: - items: - type: string - type: array + required: + - id + - name + - reference + Security_Detections_API_ThreatTechnique: + type: object + properties: id: + description: Technique ID type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean name: + description: Technique name type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: + reference: + description: Technique reference type: string - shipper: - type: object + subtechnique: + description: Array containing more specific information on the attack technique + items: + $ref: '#/components/schemas/Security_Detections_API_ThreatSubtechnique' + type: array + required: + - id + - name + - reference + Security_Detections_API_Threshold: + type: object + properties: + cardinality: + $ref: '#/components/schemas/Security_Detections_API_ThresholdCardinality' + field: + $ref: '#/components/schemas/Security_Detections_API_ThresholdField' + value: + $ref: '#/components/schemas/Security_Detections_API_ThresholdValue' + required: + - field + - value + Security_Detections_API_ThresholdAlertSuppression: + type: object + properties: + duration: + $ref: >- + #/components/schemas/Security_Detections_API_AlertSuppressionDuration + required: + - duration + Security_Detections_API_ThresholdCardinality: + items: + type: object + properties: + field: + type: string + value: + minimum: 0 + type: integer + required: + - field + - value + type: array + Security_Detections_API_ThresholdField: + description: Field to aggregate on + oneOf: + - type: string + - items: + type: string + type: array + Security_Detections_API_ThresholdRule: + allOf: + - type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - version + - tags + - enabled + - risk_score_mapping + - severity_mapping + - interval + - from + - to + - actions + - exceptions_list + - author + - false_positives + - references + - max_signals + - threat + - setup + - related_integrations + - required_fields + - $ref: '#/components/schemas/Security_Detections_API_ResponseFields' + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleResponseFields + Security_Detections_API_ThresholdRuleCreateFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRuleCreateProps: + allOf: + - type: object properties: - certificate: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdRuleDefaultableFields: + type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + Security_Detections_API_ThresholdRuleOptionalFields: + type: object + properties: + alert_suppression: + $ref: >- + #/components/schemas/Security_Detections_API_ThresholdAlertSuppression + data_view_id: + $ref: '#/components/schemas/Security_Detections_API_DataViewId' + filters: + $ref: '#/components/schemas/Security_Detections_API_RuleFilterArray' + index: + $ref: '#/components/schemas/Security_Detections_API_IndexPatternArray' + saved_id: + $ref: '#/components/schemas/Security_Detections_API_SavedQueryId' + Security_Detections_API_ThresholdRulePatchFields: + allOf: + - type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threshold: + $ref: '#/components/schemas/Security_Detections_API_Threshold' + type: + description: Rule type + enum: + - threshold type: string - certificate_authorities: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleDefaultableFields + Security_Detections_API_ThresholdRulePatchProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: + items: + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput + type: array + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRulePatchFields + Security_Detections_API_ThresholdRuleRequiredFields: + type: object + properties: + query: + $ref: '#/components/schemas/Security_Detections_API_RuleQuery' + threshold: + $ref: '#/components/schemas/Security_Detections_API_Threshold' + type: + description: Rule type + enum: + - threshold + type: string + required: + - type + - query + - threshold + Security_Detections_API_ThresholdRuleResponseFields: + allOf: + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleRequiredFields + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleOptionalFields + - type: object + properties: + language: + $ref: '#/components/schemas/Security_Detections_API_KqlQueryLanguage' + required: + - language + Security_Detections_API_ThresholdRuleUpdateProps: + allOf: + - type: object + properties: + actions: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleAction' + type: array + alias_purpose: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasPurpose + alias_target_id: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveAliasTargetId + author: + $ref: '#/components/schemas/Security_Detections_API_RuleAuthorArray' + building_block_type: + $ref: '#/components/schemas/Security_Detections_API_BuildingBlockType' + description: + $ref: '#/components/schemas/Security_Detections_API_RuleDescription' + enabled: + $ref: '#/components/schemas/Security_Detections_API_IsRuleEnabled' + exceptions_list: + items: + $ref: '#/components/schemas/Security_Detections_API_RuleExceptionList' + type: array + false_positives: + $ref: >- + #/components/schemas/Security_Detections_API_RuleFalsePositiveArray + from: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalFrom' + id: + $ref: '#/components/schemas/Security_Detections_API_RuleObjectId' + interval: + $ref: '#/components/schemas/Security_Detections_API_RuleInterval' + investigation_fields: + $ref: '#/components/schemas/Security_Detections_API_InvestigationFields' + license: + $ref: '#/components/schemas/Security_Detections_API_RuleLicense' + max_signals: + $ref: '#/components/schemas/Security_Detections_API_MaxSignals' + meta: + $ref: '#/components/schemas/Security_Detections_API_RuleMetadata' + name: + $ref: '#/components/schemas/Security_Detections_API_RuleName' + namespace: + $ref: >- + #/components/schemas/Security_Detections_API_AlertsIndexNamespace + note: + $ref: '#/components/schemas/Security_Detections_API_InvestigationGuide' + outcome: + $ref: >- + #/components/schemas/Security_Detections_API_SavedObjectResolveOutcome + output_index: + $ref: '#/components/schemas/Security_Detections_API_AlertsIndex' + references: + $ref: '#/components/schemas/Security_Detections_API_RuleReferenceArray' + related_integrations: + $ref: >- + #/components/schemas/Security_Detections_API_RelatedIntegrationArray + required_fields: items: - type: string + $ref: >- + #/components/schemas/Security_Detections_API_RequiredFieldInput type: array - key: - type: string + risk_score: + $ref: '#/components/schemas/Security_Detections_API_RiskScore' + risk_score_mapping: + $ref: '#/components/schemas/Security_Detections_API_RiskScoreMapping' + rule_id: + $ref: '#/components/schemas/Security_Detections_API_RuleSignatureId' + rule_name_override: + $ref: '#/components/schemas/Security_Detections_API_RuleNameOverride' + setup: + $ref: '#/components/schemas/Security_Detections_API_SetupGuide' + severity: + $ref: '#/components/schemas/Security_Detections_API_Severity' + severity_mapping: + $ref: '#/components/schemas/Security_Detections_API_SeverityMapping' + tags: + $ref: '#/components/schemas/Security_Detections_API_RuleTagArray' + threat: + $ref: '#/components/schemas/Security_Detections_API_ThreatArray' + throttle: + $ref: '#/components/schemas/Security_Detections_API_RuleActionThrottle' + timeline_id: + $ref: '#/components/schemas/Security_Detections_API_TimelineTemplateId' + timeline_title: + $ref: >- + #/components/schemas/Security_Detections_API_TimelineTemplateTitle + timestamp_override: + $ref: '#/components/schemas/Security_Detections_API_TimestampOverride' + timestamp_override_fallback_disabled: + $ref: >- + #/components/schemas/Security_Detections_API_TimestampOverrideFallbackDisabled + to: + $ref: '#/components/schemas/Security_Detections_API_RuleIntervalTo' + version: + $ref: '#/components/schemas/Security_Detections_API_RuleVersion' + required: + - name + - description + - risk_score + - severity + - $ref: >- + #/components/schemas/Security_Detections_API_ThresholdRuleCreateFields + Security_Detections_API_ThresholdValue: + description: Threshold value + minimum: 1 + type: integer + Security_Detections_API_ThrottleForBulkActions: + description: >- + The condition for throttling the notification: 'rule', 'no_actions', or + time duration + enum: + - rule + - 1h + - 1d + - 7d + type: string + Security_Detections_API_TiebreakerField: + description: Sets a secondary field for sorting events + type: string + Security_Detections_API_TimelineTemplateId: + description: Timeline template ID + type: string + Security_Detections_API_TimelineTemplateTitle: + description: Timeline template title + type: string + Security_Detections_API_TimestampField: + description: Contains the event timestamp used for sorting a sequence of events + type: string + Security_Detections_API_TimestampOverride: + description: Sets the time field used to query indices + type: string + Security_Detections_API_TimestampOverrideFallbackDisabled: + description: Disables the fallback to the event's @timestamp field + type: boolean + Security_Detections_API_UUID: + description: A universally unique identifier + format: uuid + type: string + Security_Detections_API_WarningSchema: + type: object + properties: + actionPath: + type: string + buttonLabel: + type: string + message: + type: string type: - enum: - - elasticsearch type: string required: - - name - Fleet_output_create_request_kafka: - title: kafka + - type + - message + - actionPath + Security_Endpoint_Exceptions_API_EndpointList: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionList' + - additionalProperties: false + type: object + Security_Endpoint_Exceptions_API_EndpointListItem: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItem' + Security_Endpoint_Exceptions_API_ExceptionList: type: object properties: - auth_type: + _version: type: string - broker_timeout: - type: number - ca_sha256: + created_at: + format: date-time type: string - ca_trusted_fingerprint: + created_by: type: string - client_id: + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListDescription + id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListId + immutable: + type: boolean + list_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListMeta + name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListName + namespace_type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListTags + tie_breaker_id: type: string - compression: + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListType + updated_at: + format: date-time type: string - compression_level: - type: number - config: - type: object - config_yaml: + updated_by: type: string - connection_type: - enum: - - plaintext - - encryption + version: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListVersion + required: + - id + - list_id + - type + - name + - description + - immutable + - namespace_type + - version + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Endpoint_Exceptions_API_ExceptionListDescription: + type: string + Security_Endpoint_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + Security_Endpoint_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItem: + type: object + properties: + _version: type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: - type: string - type: array - id: + comments: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray + created_at: + format: date-time type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: + created_by: + type: string + description: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time type: string + id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemId + item_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListHumanId + meta: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemMeta name: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemName + namespace_type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionNamespaceType + os_types: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray + tags: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemTags + tie_breaker_id: type: string - partition: + type: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemType + updated_at: + format: date-time type: string - password: + updated_by: type: string - proxy_id: + required: + - id + - item_id + - list_id + - type + - name + - description + - entries + - namespace_type + - comments + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Endpoint_Exceptions_API_ExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + created_at: + format: date-time type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object - properties: - group_events: - type: number - sasl: - type: object - properties: - mechanism: - type: string - secrets: - type: object - properties: - password: - type: string - ssl: - type: object - properties: - key: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object - properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - none - - full - - certificate - - strict - type: string - timeout: - type: number - topic: + created_by: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + updated_at: + format: date-time + type: string + updated_by: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + required: + - id + - comment + - created_at + - created_by + Security_Endpoint_Exceptions_API_ExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemComment + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemDescription: + type: string + Security_Endpoint_Exceptions_API_ExceptionListItemEntry: + anyOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryList + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard + discriminator: + propertyName: type + Security_Endpoint_Exceptions_API_ExceptionListItemEntryArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntry + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - exists type: string - topics: - deprecated: true - description: Use topic instead. + required: + - type + - field + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryList: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + list: + type: object + properties: + id: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_ListType' + required: + - id + - type + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - list + type: string + required: + - type + - field + - list + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match + type: string + value: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match_any + type: string + value: items: - type: object - properties: - topic: - type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString + minItems: 1 type: array + required: + - type + - field + - value + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchWildcard: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator type: enum: - - kafka - type: string - username: + - wildcard type: string - version: + value: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNested: + type: object + properties: + entries: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem + minItems: 1 + type: array + field: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + type: + enum: + - nested type: string required: - - name - type - - topics - - auth_type - - hosts - Fleet_output_create_request_logstash: - title: logstash + - field + - entries + Security_Endpoint_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + oneOf: + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListItemEntryExists + Security_Endpoint_Exceptions_API_ExceptionListItemEntryOperator: + enum: + - excluded + - included + type: string + Security_Endpoint_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemMeta: + additionalProperties: true + type: object + Security_Endpoint_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ExceptionListItemOsTypeArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemTags: + items: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + type: array + Security_Endpoint_Exceptions_API_ExceptionListItemType: + enum: + - simple + type: string + Security_Endpoint_Exceptions_API_ExceptionListMeta: + additionalProperties: true + type: object + Security_Endpoint_Exceptions_API_ExceptionListName: + type: string + Security_Endpoint_Exceptions_API_ExceptionListOsType: + enum: + - linux + - macos + - windows + type: string + Security_Endpoint_Exceptions_API_ExceptionListOsTypeArray: + items: + $ref: >- + #/components/schemas/Security_Endpoint_Exceptions_API_ExceptionListOsType + type: array + Security_Endpoint_Exceptions_API_ExceptionListTags: + items: + type: string + type: array + Security_Endpoint_Exceptions_API_ExceptionListType: + enum: + - detection + - rule_default + - endpoint + - endpoint_trusted_apps + - endpoint_events + - endpoint_host_isolation_exceptions + - endpoint_blocklists + type: string + Security_Endpoint_Exceptions_API_ExceptionListVersion: + minimum: 1 + type: integer + Security_Endpoint_Exceptions_API_ExceptionNamespaceType: + description: > + Determines whether the exception container is available in all Kibana + spaces or just the space + + in which it is created, where: + + + - `single`: Only available in the Kibana space in which it is created. + + - `agnostic`: Available in all Kibana spaces. + enum: + - agnostic + - single + type: string + Security_Endpoint_Exceptions_API_FindEndpointListItemsFilter: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Endpoint_Exceptions_API_NonEmptyString' + Security_Endpoint_Exceptions_API_ListType: + enum: + - binary + - boolean + - byte + - date + - date_nanos + - date_range + - double + - double_range + - float + - float_range + - geo_point + - geo_shape + - half_float + - integer + - integer_range + - ip + - ip_range + - keyword + - long + - long_range + - shape + - short + - text + type: string + Security_Endpoint_Exceptions_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Endpoint_Exceptions_API_PlatformErrorResponse: type: object properties: - ca_sha256: + error: type: string - ca_trusted_fingerprint: + message: type: string - config: - type: object - config_yaml: + statusCode: + type: integer + required: + - statusCode + - error + - message + Security_Endpoint_Exceptions_API_SiemErrorResponse: + type: object + properties: + message: type: string - hosts: - items: + status_code: + type: integer + required: + - status_code + - message + Security_Endpoint_Management_API_ActionLogRequestQuery: + type: object + properties: + end_date: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' + page: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + page_size: + $ref: '#/components/schemas/Security_Endpoint_Management_API_PageSize' + start_date: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + Security_Endpoint_Management_API_ActionStateSuccessResponse: + type: object + properties: + body: + type: object + properties: + data: + type: object + properties: + canEncrypt: + type: boolean + required: + - data + required: + - body + Security_Endpoint_Management_API_ActionStatusSuccessResponse: + type: object + properties: + body: + type: object + properties: + data: + type: object + properties: + agent_id: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_AgentId + pending_actions: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionsSchema + required: + - agent_id + - pending_actions + required: + - data + required: + - body + Security_Endpoint_Management_API_AgentId: + description: Agent ID + type: string + Security_Endpoint_Management_API_AgentIds: + minLength: 1 + oneOf: + - items: + minLength: 1 type: string + maxItems: 50 + minItems: 1 type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: + - minLength: 1 type: string - proxy_id: + Security_Endpoint_Management_API_AgentTypes: + enum: + - endpoint + - sentinel_one + - crowdstrike + type: string + Security_Endpoint_Management_API_AlertIds: + description: A list of alerts ids. + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_NonEmptyString' + minItems: 1 + type: array + Security_Endpoint_Management_API_CaseIds: + description: Case IDs to be updated (cannot contain empty strings) + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_Command: + description: The command to be executed (cannot be an empty string) + enum: + - isolate + - unisolate + - kill-process + - suspend-process + - running-processes + - get-file + - execute + - upload + - scan + minLength: 1 + type: string + Security_Endpoint_Management_API_Commands: + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Command' + type: array + Security_Endpoint_Management_API_Comment: + description: Optional comment + type: string + Security_Endpoint_Management_API_EndDate: + description: End date + type: string + Security_Endpoint_Management_API_EndpointIds: + description: List of endpoint IDs (cannot contain empty strings) + items: + minLength: 1 + type: string + minItems: 1 + type: array + Security_Endpoint_Management_API_EntityId: + type: object + properties: + entity_id: + minLength: 1 type: string - secrets: - type: object + Security_Endpoint_Management_API_ExecuteRouteRequestBody: + allOf: + - type: object properties: - ssl: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: type: object properties: - key: + command: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Command + timeout: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_Timeout + required: + - command + required: + - parameters + Security_Endpoint_Management_API_GetEndpointActionListRouteQuery: + type: object + properties: + agentIds: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentIds' + agentTypes: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + commands: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Commands' + endDate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_EndDate' + page: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Page' + pageSize: + default: 10 + description: Number of items per page + maximum: 10000 + minimum: 1 + type: integer + startDate: + $ref: '#/components/schemas/Security_Endpoint_Management_API_StartDate' + types: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Types' + userIds: + $ref: '#/components/schemas/Security_Endpoint_Management_API_UserIds' + withOutputs: + $ref: '#/components/schemas/Security_Endpoint_Management_API_WithOutputs' + Security_Endpoint_Management_API_GetFileRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + type: object + properties: + path: type: string - shipper: - type: object + required: + - path + required: + - parameters + Security_Endpoint_Management_API_GetProcessesRouteRequestBody: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_IsolateRouteRequestBody: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_KillProcessRouteRequestBody: + allOf: + - type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: - type: object + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - type: - enum: - - logstash - type: string - required: - - name - - hosts - - type - Fleet_output_create_request_remote_elasticsearch: - title: remote_elasticsearch + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' + - $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EntityId + - type: object + properties: + process_name: + description: Valid for SentinelOne agent type only + minLength: 1 + type: string + required: + - parameters + Security_Endpoint_Management_API_ListRequestQuery: type: object properties: - hosts: + hostStatuses: items: + enum: + - healthy + - offline + - updating + - inactive + - unenrolled type: string type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: + kuery: + nullable: true type: string - secrets: - type: object - properties: - service_token: - type: string - service_token: + page: + default: 0 + description: Page number + minimum: 0 + type: integer + pageSize: + default: 10 + description: Number of items per page + maximum: 10000 + minimum: 1 + type: integer + sortDirection: + enum: + - asc + - desc + nullable: true type: string - type: + sortField: enum: - - remote_elasticsearch + - enrolled_at + - metadata.host.hostname + - host_status + - metadata.Endpoint.policy.applied.name + - metadata.Endpoint.policy.applied.status + - metadata.host.os.name + - metadata.host.ip + - metadata.agent.version + - last_checkin type: string required: - - name - Fleet_output_update_request: - discriminator: - mapping: - elasticsearch: '#/components/schemas/Fleet_output_update_request_elasticsearch' - kafka: '#/components/schemas/Fleet_output_update_request_kafka' - logstash: '#/components/schemas/Fleet_output_update_request_logstash' - propertyName: type - oneOf: - - $ref: '#/components/schemas/Fleet_output_update_request_elasticsearch' - - $ref: '#/components/schemas/Fleet_output_update_request_kafka' - - $ref: '#/components/schemas/Fleet_output_update_request_logstash' - title: Output - Fleet_output_update_request_elasticsearch: - title: elasticsearch + - hostStatuses + Security_Endpoint_Management_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Endpoint_Management_API_NoParametersRequestSchema: type: object properties: - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - config: - type: object - config_yaml: - type: string - hosts: - items: - type: string - type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - preset: - enum: - - balanced - - custom - - throughput - - scale - - latency - type: string - proxy_id: - type: string - shipper: - type: object - properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: + body: type: object properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - type: - enum: - - elasticsearch - type: string + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids required: - - name - - hosts - - type - Fleet_output_update_request_kafka: - title: kafka + - body + Security_Endpoint_Management_API_Page: + default: 1 + description: Page number + minimum: 1 + type: integer + Security_Endpoint_Management_API_PageSize: + default: 10 + description: Number of items per page + maximum: 100 + minimum: 1 + type: integer + Security_Endpoint_Management_API_Parameters: + description: Optional parameters object type: object - properties: - auth_type: - type: string - broker_timeout: - type: number - ca_sha256: - type: string - ca_trusted_fingerprint: - type: string - client_id: - type: string - compression: - type: string - compression_level: - type: number - config: + Security_Endpoint_Management_API_PendingActionDataType: + type: integer + Security_Endpoint_Management_API_PendingActionsSchema: + oneOf: + - type: object + properties: + execute: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + get-file: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + isolate: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + kill-process: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + running-processes: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + scan: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + suspend-process: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + unisolate: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + upload: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_PendingActionDataType + - additionalProperties: true type: object - config_yaml: - type: string - connection_type: - enum: - - plaintext - - encryption + Security_Endpoint_Management_API_Pid: + type: object + properties: + pid: + minimum: 1 + type: integer + Security_Endpoint_Management_API_ProtectionUpdatesNoteResponse: + type: object + properties: + note: type: string - headers: - items: - type: object - properties: - key: - type: string - value: - type: string - type: array - hosts: - items: + Security_Endpoint_Management_API_ScanRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + type: object + properties: + path: + type: string + required: + - path + required: + - parameters + Security_Endpoint_Management_API_StartDate: + description: Start date + type: string + Security_Endpoint_Management_API_SuccessResponse: + type: object + properties: {} + Security_Endpoint_Management_API_SuspendProcessRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + parameters: + oneOf: + - $ref: '#/components/schemas/Security_Endpoint_Management_API_Pid' + - $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EntityId + required: + - parameters + Security_Endpoint_Management_API_Timeout: + description: The maximum timeout value in milliseconds (optional) + minimum: 1 + type: integer + Security_Endpoint_Management_API_Type: + description: Type of response action + enum: + - automated + - manual + type: string + Security_Endpoint_Management_API_Types: + description: List of types of response actions + items: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Type' + maxLength: 2 + minLength: 1 + type: array + Security_Endpoint_Management_API_UnisolateRouteRequestBody: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_NoParametersRequestSchema + Security_Endpoint_Management_API_UploadRouteRequestBody: + allOf: + - type: object + properties: + agent_type: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AgentTypes' + alert_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_AlertIds' + case_ids: + $ref: '#/components/schemas/Security_Endpoint_Management_API_CaseIds' + comment: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Comment' + endpoint_ids: + $ref: >- + #/components/schemas/Security_Endpoint_Management_API_EndpointIds + parameters: + $ref: '#/components/schemas/Security_Endpoint_Management_API_Parameters' + required: + - endpoint_ids + - type: object + properties: + file: + format: binary + type: string + parameters: + type: object + properties: + overwrite: + default: false + type: boolean + required: + - parameters + - file + Security_Endpoint_Management_API_UserIds: + description: User IDs + oneOf: + - items: + minLength: 1 type: string + minItems: 1 type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - key: - type: string - name: - type: string - partition: - type: string - password: + - minLength: 1 type: string - proxy_id: + Security_Endpoint_Management_API_WithOutputs: + description: Shows detailed outputs for an action response + oneOf: + - items: + minLength: 1 + type: string + minItems: 1 + type: array + - minLength: 1 type: string - random: - type: object - properties: - group_events: - type: number - required_acks: - type: number - round_robin: - type: object + Security_Entity_Analytics_API_AssetCriticalityBulkUploadErrorItem: + type: object + properties: + index: + type: integer + message: + type: string + required: + - message + - index + Security_Entity_Analytics_API_AssetCriticalityBulkUploadStats: + type: object + properties: + failed: + type: integer + successful: + type: integer + total: + type: integer + required: + - successful + - failed + - total + Security_Entity_Analytics_API_AssetCriticalityLevel: + description: The criticality level of the asset. + enum: + - low_impact + - medium_impact + - high_impact + - extreme_impact + type: string + Security_Entity_Analytics_API_AssetCriticalityRecord: + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_CreateAssetCriticalityRecord + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts + - type: object properties: - group_events: - type: number - sasl: + '@timestamp': + description: The time the record was created or updated. + example: '2017-07-21T17:32:28Z' + format: date-time + type: string + required: + - '@timestamp' + Security_Entity_Analytics_API_AssetCriticalityRecordEcsParts: + type: object + properties: + asset: type: object properties: - mechanism: - type: string - shipper: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - asset + host: type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: + asset: + type: object + properties: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + name: type: string - loadbalance: - type: boolean - ssl: + required: + - name + user: type: object properties: - certificate: - type: string - certificate_authorities: - items: - type: string - type: array - key: - type: string - verification_mode: - enum: - - none - - full - - certificate - - strict + asset: + type: object + properties: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + name: type: string - timeout: - type: number - topic: + required: + - name + required: + - asset + Security_Entity_Analytics_API_AssetCriticalityRecordIdParts: + type: object + properties: + id_field: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IdField' + description: The field representing the ID. + example: host.name + id_value: + description: The ID value of the asset. type: string - topics: - deprecated: true - description: Use topic instead. + required: + - id_value + - id_field + Security_Entity_Analytics_API_CleanUpRiskEngineErrorResponse: + type: object + properties: + cleanup_successful: + example: false + type: boolean + errors: items: type: object properties: - topic: + error: type: string - when: - deprecated: true - description: >- - Deprecated, kafka output do not support conditionnal topics - anymore. - type: object - properties: - condition: - type: string - type: - type: string + seq: + type: integer + required: + - seq + - error type: array - type: - enum: - - kafka - type: string - username: - type: string - version: - type: string required: - - name - Fleet_output_update_request_logstash: - title: logstash + - cleanup_successful + - errors + Security_Entity_Analytics_API_CreateAssetCriticalityRecord: + allOf: + - $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityRecordIdParts + - type: object + properties: + criticality_level: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality_level + Security_Entity_Analytics_API_EngineDescriptor: type: object properties: - ca_sha256: + filter: type: string - ca_trusted_fingerprint: + indexPattern: + $ref: '#/components/schemas/Security_Entity_Analytics_API_IndexPattern' + status: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EngineStatus' + type: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityType' + Security_Entity_Analytics_API_EngineStatus: + enum: + - installing + - started + - stopped + type: string + Security_Entity_Analytics_API_Entity: + oneOf: + - $ref: '#/components/schemas/Security_Entity_Analytics_API_UserEntity' + - $ref: '#/components/schemas/Security_Entity_Analytics_API_HostEntity' + Security_Entity_Analytics_API_EntityRiskLevels: + enum: + - Unknown + - Low + - Moderate + - High + - Critical + type: string + Security_Entity_Analytics_API_EntityRiskScoreRecord: + type: object + properties: + '@timestamp': + description: The time at which the risk score was calculated. + example: '2017-07-21T17:32:28Z' + format: date-time type: string - config: - type: object - config_yaml: + calculated_level: + $ref: '#/components/schemas/Security_Entity_Analytics_API_EntityRiskLevels' + description: Lexical description of the entity's risk. + example: Critical + calculated_score: + description: The raw numeric value of the given entity's risk score. + format: double + type: number + calculated_score_norm: + description: >- + The normalized numeric value of the given entity's risk score. + Useful for comparing with other entities. + format: double + maximum: 100 + minimum: 0 + type: number + category_1_count: + description: >- + The number of risk input documents that contributed to the Category + 1 score (`category_1_score`). + format: integer + type: number + category_1_score: + description: >- + The contribution of Category 1 to the overall risk score + (`calculated_score`). Category 1 contains Detection Engine Alerts. + format: double + type: number + category_2_count: + format: integer + type: number + category_2_score: + format: double + type: number + criticality_level: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + criticality_modifier: + format: double + type: number + id_field: + description: >- + The identifier field defining this risk score. Coupled with + `id_value`, uniquely identifies the entity being scored. + example: host.name type: string - hosts: + id_value: + description: >- + The identifier value defining this risk score. Coupled with + `id_field`, uniquely identifies the entity being scored. + example: example.host + type: string + inputs: + description: >- + A list of the highest-risk documents contributing to this risk + score. Useful for investigative purposes. + items: + $ref: '#/components/schemas/Security_Entity_Analytics_API_RiskScoreInput' + type: array + notes: items: type: string type: array - id: - type: string - is_default: - type: boolean - is_default_monitoring: - type: boolean - is_internal: - type: boolean - name: - type: string - proxy_id: - type: string - shipper: + required: + - '@timestamp' + - id_field + - id_value + - calculated_level + - calculated_score + - calculated_score_norm + - category_1_score + - category_1_count + - inputs + - notes + Security_Entity_Analytics_API_EntityType: + enum: + - user + - host + type: string + Security_Entity_Analytics_API_HostEntity: + type: object + properties: + asset: type: object properties: - compression_level: - type: number - disk_queue_compression_enabled: - type: boolean - disk_queue_enabled: - type: boolean - disk_queue_encryption_enabled: - type: boolean - disk_queue_max_size: - type: number - disk_queue_path: - type: string - loadbalance: - type: boolean - ssl: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + entity: type: object properties: - certificate: + definitionId: type: string - certificate_authorities: + definitionVersion: + type: string + displayName: + type: string + firstSeenTimestamp: + format: date-time + type: string + id: + type: string + identityFields: items: type: string type: array - key: + lastSeenTimestamp: + format: date-time type: string - type: - enum: - - logstash - type: string - required: - - name - Fleet_package_info: - title: Package information - type: object - properties: - assets: - items: - type: string - type: array - categories: - items: - type: string - type: array - conditions: + schemaVersion: + type: string + source: + type: string + type: + enum: + - node + type: string + required: + - lastSeenTimestamp + - schemaVersion + - definitionVersion + - displayName + - identityFields + - id + - type + - firstSeenTimestamp + - definitionId + host: type: object properties: - elasticsearch: - type: object - properties: - subscription: - enum: - - basic - - gold - - platinum - - enterprise - type: string - kibana: - type: object - properties: - versions: - type: string - data_streams: - items: - type: object - properties: - ingeset_pipeline: + architecture: + items: type: string - name: + type: array + domain: + items: type: string - package: + type: array + hostname: + items: type: string - release: + type: array + id: + items: type: string - title: + type: array + ip: + items: type: string - type: + type: array + mac: + items: type: string - vars: - items: - type: object - properties: - default: - type: string - name: - type: string - required: - - name - - default - type: array - required: - - title - - name - - release - - ingeset_pipeline - - type - - package - type: array - description: - type: string - download: - type: string - elasticsearch: - type: object - properties: - privileges: - type: object - properties: - cluster: - items: - type: string - type: array - format_version: - type: string - icons: + type: array + name: + type: string + risk: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + type: + items: + type: string + type: array + required: + - name + Security_Entity_Analytics_API_IdField: + enum: + - host.name + - user.name + type: string + Security_Entity_Analytics_API_IndexPattern: + type: string + Security_Entity_Analytics_API_InspectQuery: + type: object + properties: + dsl: items: type: string type: array - internal: - type: boolean - name: - type: string - path: - type: string - readme: - type: string - release: - deprecated: true - description: >- - release label is deprecated, derive from the version instead - (packages follow semver) - enum: - - experimental - - beta - - ga - type: string - screenshots: + response: items: - type: object - properties: - path: - type: string - size: - type: string - src: - type: string - title: - type: string - type: - type: string - required: - - src - - path + type: string type: array - source: - type: object - properties: - license: - enum: - - Apache-2.0 - - Elastic-2.0 - type: string - title: - type: string - type: + required: + - dsl + - response + Security_Entity_Analytics_API_RiskEngineScheduleNowErrorResponse: + type: object + properties: + full_error: type: string - version: + message: type: string required: - - name - - title - - version - - description - - type - - categories - - conditions - - assets - - format_version - - download - - path - Fleet_package_policy: - allOf: - - type: object - properties: - id: - type: string - inputs: - oneOf: - - items: {} - type: array - - type: object - revision: - type: number - required: - - id - - revision - - $ref: '#/components/schemas/Fleet_new_package_policy' - title: Package policy - Fleet_package_policy_request: - title: Package Policy Request + - message + - full_error + Security_Entity_Analytics_API_RiskEngineScheduleNowResponse: type: object properties: + success: + type: boolean + Security_Entity_Analytics_API_RiskScoreInput: + description: A generic representation of a document contributing to a Risk Score. + type: object + properties: + category: + description: The risk category of the risk input document. + example: category_1 + type: string + contribution_score: + format: double + type: number description: - description: Package policy description - example: my description + description: A human-readable description of the risk input document. + example: 'Generated from Detection Engine Rule: Malware Prevention Alert' type: string - force: - description: >- - Force package policy creation even if package is not verified, or if - the agent policy is managed. - type: boolean id: - description: Package policy unique identifier + description: The unique identifier (`_id`) of the original source document + example: 91a93376a507e86cfbf282166275b89f9dbdb1f0be6c8103c6ff2909ca8e1a1c type: string - inputs: - additionalProperties: - type: object - properties: - enabled: - description: enable or disable that input, (default to true) - type: boolean - streams: - additionalProperties: - type: object - properties: - enabled: - description: enable or disable that stream, (default to true) - type: boolean - vars: - description: >- - Stream level variable (see integration documentation for - more information) - type: object - description: >- - Input streams (see integration documentation to know what - streams are available) - type: object - vars: - description: >- - Input level variable (see integration documentation for more - information) - type: object - description: >- - Package policy inputs (see integration documentation to know what - inputs are available) - example: - nginx-logfile: - enabled: true - streams: - nginx.access: - enabled: true - vars: - ignore_older: 72h - paths: - - /var/log/nginx/access.log* - preserve_original_event: false - tags: - - nginx-access - type: object - name: - description: Package policy name (should be unique) - example: nginx-123 + index: + description: The unique index (`_index`) of the original source document + example: .internal.alerts-security.alerts-default-000001 type: string - namespace: - description: >- - The package policy namespace. Leave blank to inherit the agent - policy's namespace. - example: customnamespace + risk_score: + description: The weighted risk score of the risk input document. + format: double + maximum: 100 + minimum: 0 + type: number + timestamp: + description: The @timestamp of the risk input document. + example: '2017-07-21T17:32:28Z' type: string - output_id: - description: Output ID to send package data to - example: output-id - nullable: true + required: + - id + - index + - description + - category + Security_Entity_Analytics_API_TaskManagerUnavailableResponse: + description: Task manager is unavailable + type: object + properties: + message: type: string - overrides: - description: >- - Override settings that are defined in the package policy. The - override option should be used only in unusual circumstances and not - as a routine procedure. - nullable: true + status_code: + minimum: 400 + type: integer + required: + - status_code + - message + Security_Entity_Analytics_API_UserEntity: + type: object + properties: + asset: type: object properties: - inputs: - type: object - package: + criticality: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_AssetCriticalityLevel + required: + - criticality + entity: + type: object + properties: + definitionId: + type: string + definitionVersion: + type: string + displayName: + type: string + firstSeenTimestamp: + format: date-time + type: string + id: + type: string + identityFields: + items: + type: string + type: array + lastSeenTimestamp: + format: date-time + type: string + schemaVersion: + type: string + source: + type: string + type: + enum: + - node + type: string + required: + - lastSeenTimestamp + - schemaVersion + - definitionVersion + - displayName + - identityFields + - id + - type + - firstSeenTimestamp + - definitionId + - source + user: type: object properties: + domain: + items: + type: string + type: array + email: + items: + type: string + type: array + full_name: + items: + type: string + type: array + hash: + items: + type: string + type: array + id: + items: + type: string + type: array name: - description: Package name - example: nginx - type: string - version: - description: Package version - example: 1.6.0 type: string + risk: + $ref: >- + #/components/schemas/Security_Entity_Analytics_API_EntityRiskScoreRecord + roles: + items: + type: string + type: array required: - name - - version - policy_id: - deprecated: true - description: Agent policy ID where that package policy will be added - example: agent-policy-id - nullable: true - type: string - policy_ids: - description: Agent policy IDs where that package policy will be added - example: - - agent-policy-id - items: - type: string - type: array - vars: - description: >- - Package root level variable (see integration documentation for more - information) - type: object + Security_Exceptions_API_CreateExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - - name - - package - Fleet_package_usage_stats: - title: Package usage stats + - comment + Security_Exceptions_API_CreateExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateExceptionListItemComment + type: array + Security_Exceptions_API_CreateRuleExceptionListItemComment: type: object properties: - agent_policy_count: - type: integer + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - - agent_policy_count - Fleet_proxies: - title: Fleet Proxy + - comment + Security_Exceptions_API_CreateRuleExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemComment + type: array + Security_Exceptions_API_CreateRuleExceptionListItemProps: type: object properties: - certificate: - type: string - certificate_authorities: - type: string - certificate_key: - type: string - id: + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_CreateRuleExceptionListItemCommentArray + default: [] + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time type: string + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' name: - type: string - proxy_headers: - type: object - url: - type: string + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + default: single + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + default: [] + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + default: [] + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' required: + - type - name - - url - Fleet_saved_object_type: - oneOf: - - enum: - - dashboard - - visualization - - search - - index_pattern - - map - - lens - - security_rule - - csp_rule_template - - ml_module - - tag - - osquery_pack_asset - - osquery_saved_query - type: string - - enum: - - index - - component_template - - ingest_pipeline - - index_template - - ilm_policy - - transform - - data_stream_ilm_policy - - ml_model - type: string - title: Saved Object type - Fleet_search_result: - title: Search result + - description + - entries + Security_Exceptions_API_ExceptionList: type: object properties: - description: + _version: type: string - download: + created_at: + format: date-time type: string - icons: + created_by: type: string - installationInfo: - $ref: '#/components/schemas/Fleet_installation_info' + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListDescription + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + immutable: + type: boolean + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListMeta' name: - type: string - path: - type: string - savedObject: - deprecated: true - type: object - status: - type: string - title: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListOsTypeArray + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListTags' + tie_breaker_id: type: string type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListType' + updated_at: + format: date-time type: string - version: + updated_by: type: string + version: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListVersion' required: - - description - - download - - icons - - name - - path - - title + - id + - list_id - type + - name + - description + - immutable + - namespace_type - version - - status - Fleet_settings: - title: Settings + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Exceptions_API_ExceptionListDescription: + type: string + Security_Exceptions_API_ExceptionListHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + description: Human readable string identifier, e.g. `trusted-linux-processes` + Security_Exceptions_API_ExceptionListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItem: type: object properties: - fleet_server_hosts: - deprecated: true - items: - type: string - type: array - has_seen_add_data_notice: - type: boolean + _version: + type: string + comments: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemCommentArray + created_at: + format: date-time + type: string + created_by: + type: string + description: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemDescription + entries: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryArray + expire_time: + format: date-time + type: string id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemId' + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + meta: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemMeta' + name: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemName' + namespace_type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionNamespaceType' + os_types: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemOsTypeArray + tags: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemTags' + tie_breaker_id: + type: string + type: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemType' + updated_at: + format: date-time + type: string + updated_by: type: string - prerelease_integrations_enabled: - type: boolean required: - - fleet_server_hosts - id - Fleet_upgrade_agent: - title: Upgrade agent + - item_id + - list_id + - type + - name + - description + - entries + - namespace_type + - comments + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Exceptions_API_ExceptionListItemComment: type: object properties: - force: - description: Force upgrade, skipping validation (should be used with caution) - type: boolean - skipRateLimitCheck: - description: Skip rate limit check for upgrade - type: boolean - source_uri: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + created_at: + format: date-time type: string - version: + created_by: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + id: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + updated_at: + format: date-time type: string + updated_by: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' required: - - version - Fleet_upgrade_agent_diff: + - id + - comment + - created_at + - created_by + Security_Exceptions_API_ExceptionListItemCommentArray: items: - items: - $ref: '#/components/schemas/Fleet_full_agent_policy_input' - type: array - title: Package policy Upgrade dryrun + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemComment' type: array - Fleet_upgrade_diff: + Security_Exceptions_API_ExceptionListItemDescription: + type: string + Security_Exceptions_API_ExceptionListItemEntry: + anyOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryList + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNested + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchWildcard + discriminator: + propertyName: type + Security_Exceptions_API_ExceptionListItemEntryArray: items: - allOf: - - $ref: '#/components/schemas/Fleet_package_policy' - - allOf: - - $ref: '#/components/schemas/Fleet_new_package_policy' - - type: object - properties: - errors: - items: - type: object - properties: - key: - type: string - message: - type: string - type: array - missingVars: - items: - type: string - type: array - type: object - title: Package policy Upgrade dryrun + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListItemEntry' type: array - Kibana_HTTP_APIs_core_status_redactedResponse: - additionalProperties: false - description: A minimal representation of Kibana's operational status. + Security_Exceptions_API_ExceptionListItemEntryExists: type: object properties: - status: - additionalProperties: false - type: object - properties: - overall: - additionalProperties: false - type: object - properties: - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - required: - - level - required: - - overall + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - exists + type: string required: - - status - Kibana_HTTP_APIs_core_status_response: - additionalProperties: false - description: >- - Kibana's operational status as well as a detailed breakdown of plugin - statuses indication of various loads (like event loop utilization and - network traffic) at time of request. + - type + - field + - operator + Security_Exceptions_API_ExceptionListItemEntryList: type: object properties: - metrics: - additionalProperties: false - description: Metric groups collected by Kibana. - type: object - properties: - collection_interval_in_millis: - description: The interval at which metrics should be collected. - type: number - elasticsearch_client: - additionalProperties: false - description: Current network metrics of Kibana's Elasticsearch client. - type: object - properties: - totalActiveSockets: - description: Count of network sockets currently in use. - type: number - totalIdleSockets: - description: Count of network sockets currently idle. - type: number - totalQueuedRequests: - description: Count of requests not yet assigned to sockets. - type: number - required: - - totalActiveSockets - - totalIdleSockets - - totalQueuedRequests - last_updated: - description: The time metrics were collected. - type: string - required: - - elasticsearch_client - - last_updated - - collection_interval_in_millis - name: - description: Kibana instance name. - type: string - status: - additionalProperties: false + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + list: type: object properties: - core: - additionalProperties: false - description: Statuses of core Kibana services. - type: object - properties: - elasticsearch: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - savedObjects: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: >- - An unstructured set of extra metadata about this - service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - required: - - elasticsearch - - savedObjects - overall: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: Service status levels as human and machine readable values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - plugins: - additionalProperties: - additionalProperties: false - type: object - properties: - detail: - description: Human readable detail of the service status. - type: string - documentationUrl: - description: A URL to further documentation regarding this service. - type: string - level: - description: >- - Service status levels as human and machine readable - values. - enum: - - available - - degraded - - unavailable - - critical - type: string - meta: - additionalProperties: {} - description: An unstructured set of extra metadata about this service. - type: object - summary: - description: A human readable summary of the service status. - type: string - required: - - level - - summary - - meta - description: A dynamic mapping of plugin ID to plugin status. - type: object + id: + $ref: '#/components/schemas/Security_Exceptions_API_ListId' + type: + $ref: '#/components/schemas/Security_Exceptions_API_ListType' required: - - overall - - core - - plugins - uuid: - description: >- - Unique, generated Kibana instance UUID. This UUID should persist - even if the Kibana process restarts. + - id + - type + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - list type: string - version: - additionalProperties: false + required: + - type + - field + - list + - operator + Security_Exceptions_API_ExceptionListItemEntryMatch: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match + type: string + value: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Exceptions_API_ExceptionListItemEntryMatchAny: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - match_any + type: string + value: + items: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + minItems: 1 + type: array + required: + - type + - field + - value + - operator + Security_Exceptions_API_ExceptionListItemEntryMatchWildcard: + type: object + properties: + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + operator: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryOperator + type: + enum: + - wildcard + type: string + value: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - type + - field + - value + - operator + Security_Exceptions_API_ExceptionListItemEntryNested: + type: object + properties: + entries: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem + minItems: 1 + type: array + field: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + type: + enum: + - nested + type: string + required: + - type + - field + - entries + Security_Exceptions_API_ExceptionListItemEntryNestedEntryItem: + oneOf: + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatch + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryMatchAny + - $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemEntryExists + Security_Exceptions_API_ExceptionListItemEntryOperator: + enum: + - excluded + - included + type: string + Security_Exceptions_API_ExceptionListItemHumanId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemMeta: + additionalProperties: true + type: object + Security_Exceptions_API_ExceptionListItemName: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ExceptionListItemOsTypeArray: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' + type: array + Security_Exceptions_API_ExceptionListItemTags: + items: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + type: array + Security_Exceptions_API_ExceptionListItemType: + enum: + - simple + type: string + Security_Exceptions_API_ExceptionListMeta: + additionalProperties: true + type: object + Security_Exceptions_API_ExceptionListName: + type: string + Security_Exceptions_API_ExceptionListOsType: + enum: + - linux + - macos + - windows + type: string + Security_Exceptions_API_ExceptionListOsTypeArray: + items: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListOsType' + type: array + Security_Exceptions_API_ExceptionListsImportBulkError: + type: object + properties: + error: type: object properties: - build_date: - description: The date and time of this build. - type: string - build_flavor: - description: >- - The build flavour determines configuration and behavior of - Kibana. On premise users will almost always run the - "traditional" flavour, while other flavours are reserved for - Elastic-specific use cases. - enum: - - serverless - - traditional - type: string - build_hash: - description: >- - A unique hash value representing the git commit of this Kibana - build. - type: string - build_number: - description: >- - A monotonically increasing number, each subsequent build will - have a higher number. - type: number - build_snapshot: - description: Whether this build is a snapshot build. - type: boolean - number: - description: A semantic version number. + message: type: string + status_code: + type: integer required: - - number - - build_hash - - build_number - - build_snapshot - - build_flavor - - build_date + - status_code + - message + id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListId' + item_id: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListItemHumanId + list_id: + $ref: '#/components/schemas/Security_Exceptions_API_ExceptionListHumanId' + required: + - error + Security_Exceptions_API_ExceptionListsImportBulkErrorArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_ExceptionListsImportBulkError + type: array + Security_Exceptions_API_ExceptionListTags: + items: + type: string + type: array + Security_Exceptions_API_ExceptionListType: + enum: + - detection + - rule_default + - endpoint + - endpoint_trusted_apps + - endpoint_events + - endpoint_host_isolation_exceptions + - endpoint_blocklists + type: string + Security_Exceptions_API_ExceptionListVersion: + minimum: 1 + type: integer + Security_Exceptions_API_ExceptionNamespaceType: + description: > + Determines whether the exception container is available in all Kibana + spaces or just the space + + in which it is created, where: + + + - `single`: Only available in the Kibana space in which it is created. + + - `agnostic`: Available in all Kibana spaces. + enum: + - agnostic + - single + type: string + Security_Exceptions_API_FindExceptionListItemsFilter: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_FindExceptionListsFilter: + type: string + Security_Exceptions_API_ListId: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + Security_Exceptions_API_ListType: + enum: + - binary + - boolean + - byte + - date + - date_nanos + - date_range + - double + - double_range + - float + - float_range + - geo_point + - geo_shape + - half_float + - integer + - integer_range + - ip + - ip_range + - keyword + - long + - long_range + - shape + - short + - text + type: string + Security_Exceptions_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Exceptions_API_PlatformErrorResponse: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: integer + required: + - statusCode + - error + - message + Security_Exceptions_API_RuleId: + $ref: '#/components/schemas/Security_Exceptions_API_UUID' + Security_Exceptions_API_SiemErrorResponse: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - status_code + - message + Security_Exceptions_API_UpdateExceptionListItemComment: + type: object + properties: + comment: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + id: + $ref: '#/components/schemas/Security_Exceptions_API_NonEmptyString' + required: + - comment + Security_Exceptions_API_UpdateExceptionListItemCommentArray: + items: + $ref: >- + #/components/schemas/Security_Exceptions_API_UpdateExceptionListItemComment + type: array + Security_Exceptions_API_UUID: + description: A universally unique identifier + format: uuid + type: string + Security_Lists_API_FindListItemsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListItemsFilter: + type: string + Security_Lists_API_FindListsCursor: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_FindListsFilter: + type: string + Security_Lists_API_List: + type: object + properties: + _version: + type: string + '@timestamp': + format: date-time + type: string + created_at: + format: date-time + type: string + created_by: + type: string + description: + $ref: '#/components/schemas/Security_Lists_API_ListDescription' + deserializer: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + immutable: + type: boolean + meta: + $ref: '#/components/schemas/Security_Lists_API_ListMetadata' + name: + $ref: '#/components/schemas/Security_Lists_API_ListName' + serializer: + type: string + tie_breaker_id: + type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + updated_at: + format: date-time + type: string + updated_by: + type: string + version: + minimum: 1 + type: integer required: + - id + - type - name - - uuid + - description + - immutable - version - - status - - metrics - Machine_learning_APIs_mlSync200Response: + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Lists_API_ListDescription: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItem: + type: object properties: - datafeedsAdded: + _version: + type: string + '@timestamp': + format: date-time + type: string + created_at: + format: date-time + type: string + created_by: + type: string + deserializer: + type: string + id: + $ref: '#/components/schemas/Security_Lists_API_ListItemId' + list_id: + $ref: '#/components/schemas/Security_Lists_API_ListId' + meta: + $ref: '#/components/schemas/Security_Lists_API_ListItemMetadata' + serializer: + type: string + tie_breaker_id: + type: string + type: + $ref: '#/components/schemas/Security_Lists_API_ListType' + updated_at: + format: date-time + type: string + updated_by: + type: string + value: + $ref: '#/components/schemas/Security_Lists_API_ListItemValue' + required: + - id + - type + - list_id + - value + - tie_breaker_id + - created_at + - created_by + - updated_at + - updated_by + Security_Lists_API_ListItemId: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListItemMetadata: + additionalProperties: true + type: object + Security_Lists_API_ListItemPrivileges: + type: object + properties: + application: + additionalProperties: + type: boolean + type: object + cluster: + additionalProperties: + type: boolean + type: object + has_all_requested: + type: boolean + index: + additionalProperties: + additionalProperties: + type: boolean + type: object + type: object + username: + type: string + required: + - username + - has_all_requested + - cluster + - index + - application + Security_Lists_API_ListItemValue: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListMetadata: + additionalProperties: true + type: object + Security_Lists_API_ListName: + $ref: '#/components/schemas/Security_Lists_API_NonEmptyString' + Security_Lists_API_ListPrivileges: + type: object + properties: + application: + additionalProperties: + type: boolean + type: object + cluster: additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job is missing a datafeed - identifier, it is added when you run the sync machine learning saved - objects API. + type: boolean type: object - datafeedsRemoved: + has_all_requested: + type: boolean + index: additionalProperties: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseDatafeeds' - description: >- - If a saved object for an anomaly detection job references a datafeed - that no longer exists, it is deleted when you run the sync machine - learning saved objects API. + additionalProperties: + type: boolean + type: object type: object - savedObjectsCreated: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsCreated - savedObjectsDeleted: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted - title: Successful sync API response + username: + type: string + required: + - username + - has_all_requested + - cluster + - index + - application + Security_Lists_API_ListType: + enum: + - binary + - boolean + - byte + - date + - date_nanos + - date_range + - double + - double_range + - float + - float_range + - geo_point + - geo_shape + - half_float + - integer + - integer_range + - ip + - ip_range + - keyword + - long + - long_range + - shape + - short + - text + type: string + Security_Lists_API_NonEmptyString: + description: A string that is not empty and does not contain only whitespace + minLength: 1 + pattern: ^(?! *$).+$ + type: string + Security_Lists_API_PlatformErrorResponse: + type: object + properties: + error: + type: string + message: + type: string + statusCode: + type: integer + required: + - statusCode + - error + - message + Security_Lists_API_SiemErrorResponse: + type: object + properties: + message: + type: string + status_code: + type: integer + required: + - status_code + - message + Security_Osquery_API_ArrayQueries: + items: + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueriesItem' + type: array + Security_Osquery_API_ArrayQueriesItem: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_Id' + platform: + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_Query' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_CreateLiveQueryRequestBody: + type: object + properties: + agent_all: + type: boolean + agent_ids: + items: + type: string + type: array + agent_platforms: + items: + type: string + type: array + agent_policy_ids: + items: + type: string + type: array + alert_ids: + items: + type: string + type: array + case_ids: + items: + type: string + type: array + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + event_ids: + items: + type: string + type: array + metadata: + nullable: true + type: object + pack_id: + $ref: '#/components/schemas/Security_Osquery_API_PackIdOrUndefined' + queries: + $ref: '#/components/schemas/Security_Osquery_API_ArrayQueries' + query: + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' + saved_query_id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' + Security_Osquery_API_CreatePacksRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + enabled: + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' + name: + $ref: '#/components/schemas/Security_Osquery_API_PackName' + policy_ids: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' + queries: + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' + shards: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_CreateSavedQueryRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + interval: + $ref: '#/components/schemas/Security_Osquery_API_Interval' + platform: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_DefaultSuccessResponse: + type: object + properties: {} + Security_Osquery_API_Description: + type: string + Security_Osquery_API_DescriptionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Description' + nullable: true + Security_Osquery_API_ECSMapping: + additionalProperties: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingItem' + type: object + Security_Osquery_API_ECSMappingItem: + type: object + properties: + field: + type: string + value: + oneOf: + - type: string + - items: + type: string + type: array + Security_Osquery_API_ECSMappingOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_ECSMapping' + nullable: true + Security_Osquery_API_Enabled: + type: boolean + Security_Osquery_API_EnabledOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Enabled' + nullable: true + Security_Osquery_API_FindLiveQueryRequestQuery: + type: object + properties: + kuery: + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindPacksRequestQuery: + type: object + properties: + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_FindSavedQueryRequestQuery: + type: object + properties: + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_GetLiveQueryResultsRequestQuery: + type: object + properties: + kuery: + $ref: '#/components/schemas/Security_Osquery_API_KueryOrUndefined' + page: + $ref: '#/components/schemas/Security_Osquery_API_PageOrUndefined' + pageSize: + $ref: '#/components/schemas/Security_Osquery_API_PageSizeOrUndefined' + sort: + $ref: '#/components/schemas/Security_Osquery_API_SortOrUndefined' + sortOrder: + $ref: '#/components/schemas/Security_Osquery_API_SortOrderOrUndefined' + Security_Osquery_API_Id: + type: string + Security_Osquery_API_Interval: + type: string + Security_Osquery_API_IntervalOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Interval' + nullable: true + Security_Osquery_API_KueryOrUndefined: + nullable: true + type: string + Security_Osquery_API_ObjectQueries: + additionalProperties: + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueriesItem' + type: object + Security_Osquery_API_ObjectQueriesItem: + type: object + properties: + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_Id' + platform: + $ref: '#/components/schemas/Security_Osquery_API_PlatformOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_Query' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + saved_query_id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryIdOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_PackId: + type: string + Security_Osquery_API_PackIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + nullable: true + Security_Osquery_API_PackName: + type: string + Security_Osquery_API_PageOrUndefined: + nullable: true + type: integer + Security_Osquery_API_PageSizeOrUndefined: + nullable: true + type: integer + Security_Osquery_API_Platform: + type: string + Security_Osquery_API_PlatformOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Platform' + nullable: true + Security_Osquery_API_PolicyIds: + items: + type: string + type: array + Security_Osquery_API_PolicyIdsOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIds' + nullable: true + Security_Osquery_API_Query: + type: string + Security_Osquery_API_QueryOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Query' + nullable: true + Security_Osquery_API_Removed: + type: boolean + Security_Osquery_API_RemovedOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Removed' + nullable: true + Security_Osquery_API_SavedQueryId: + type: string + Security_Osquery_API_SavedQueryIdOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + nullable: true + Security_Osquery_API_Shards: + additionalProperties: + type: number + type: object + Security_Osquery_API_Snapshot: + type: boolean + Security_Osquery_API_SnapshotOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Snapshot' + nullable: true + Security_Osquery_API_SortOrderOrUndefined: + oneOf: + - nullable: true + type: string + - enum: + - asc + - desc + Security_Osquery_API_SortOrUndefined: + nullable: true + type: string + Security_Osquery_API_UpdatePacksRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + enabled: + $ref: '#/components/schemas/Security_Osquery_API_EnabledOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_PackId' + policy_ids: + $ref: '#/components/schemas/Security_Osquery_API_PolicyIdsOrUndefined' + queries: + $ref: '#/components/schemas/Security_Osquery_API_ObjectQueries' + shards: + $ref: '#/components/schemas/Security_Osquery_API_Shards' + Security_Osquery_API_UpdateSavedQueryRequestBody: + type: object + properties: + description: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + ecs_mapping: + $ref: '#/components/schemas/Security_Osquery_API_ECSMappingOrUndefined' + id: + $ref: '#/components/schemas/Security_Osquery_API_SavedQueryId' + interval: + $ref: '#/components/schemas/Security_Osquery_API_IntervalOrUndefined' + platform: + $ref: '#/components/schemas/Security_Osquery_API_DescriptionOrUndefined' + query: + $ref: '#/components/schemas/Security_Osquery_API_QueryOrUndefined' + removed: + $ref: '#/components/schemas/Security_Osquery_API_RemovedOrUndefined' + snapshot: + $ref: '#/components/schemas/Security_Osquery_API_SnapshotOrUndefined' + version: + $ref: '#/components/schemas/Security_Osquery_API_VersionOrUndefined' + Security_Osquery_API_Version: + type: string + Security_Osquery_API_VersionOrUndefined: + $ref: '#/components/schemas/Security_Osquery_API_Version' + nullable: true + Security_Timeline_API_BareNote: + type: object + properties: + created: + nullable: true + type: number + createdBy: + nullable: true + type: string + eventId: + nullable: true + type: string + note: + nullable: true + type: string + timelineId: + type: string + updated: + nullable: true + type: number + updatedBy: + nullable: true + type: string + required: + - timelineId + Security_Timeline_API_BarePinnedEvent: + type: object + properties: + created: + nullable: true + type: number + createdBy: + nullable: true + type: string + eventId: + type: string + timelineId: + type: string + updated: + nullable: true + type: number + updatedBy: + nullable: true + type: string + required: + - eventId + - timelineId + Security_Timeline_API_ColumnHeaderResult: + type: object + properties: + aggregatable: + nullable: true + type: boolean + category: + nullable: true + type: string + columnHeaderType: + nullable: true + type: string + description: + nullable: true + type: string + example: + nullable: true + type: string + id: + nullable: true + type: string + indexes: + items: + type: string + nullable: true + type: array + name: + nullable: true + type: string + placeholder: + nullable: true + type: string + searchable: + nullable: true + type: boolean + type: + nullable: true + type: string + Security_Timeline_API_DataProviderQueryMatch: + type: object + properties: + enabled: + nullable: true + type: boolean + excluded: + nullable: true + type: boolean + id: + nullable: true + type: string + kqlQuery: + nullable: true + type: string + name: + nullable: true + type: string + queryMatch: + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' + nullable: true + type: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' + nullable: true + Security_Timeline_API_DataProviderResult: type: object - Machine_learning_APIs_mlSync4xxResponse: properties: - error: - example: Unauthorized + and: + items: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderQueryMatch' + nullable: true + type: array + enabled: + nullable: true + type: boolean + excluded: + nullable: true + type: boolean + id: + nullable: true + type: string + kqlQuery: + nullable: true + type: string + name: + nullable: true type: string + queryMatch: + $ref: '#/components/schemas/Security_Timeline_API_QueryMatchResult' + nullable: true + type: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderType' + nullable: true + Security_Timeline_API_DataProviderType: + description: >- + The type of data provider to create. Valid values are `default` and + `template`. + enum: + - default + - template + type: string + Security_Timeline_API_DocumentIds: + oneOf: + - items: + type: string + type: array + - type: string + Security_Timeline_API_FavoriteTimelineResponse: + type: object + properties: + code: + nullable: true + type: number + favorite: + items: + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' + type: array message: + nullable: true type: string - statusCode: - example: 401 - type: integer - title: Unsuccessful sync API response + savedObjectId: + type: string + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + version: + type: string + required: + - savedObjectId + - version + Security_Timeline_API_FavoriteTimelineResult: type: object - Machine_learning_APIs_mlSyncResponseAnomalyDetectors: - description: >- - The sync machine learning saved objects API response contains this - object when there are anomaly detection jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for anomaly detection jobs + favoriteDate: + nullable: true + type: number + fullName: + nullable: true + type: string + userName: + nullable: true + type: string + Security_Timeline_API_FilterTimelineResult: type: object - Machine_learning_APIs_mlSyncResponseDatafeeds: - description: >- - The sync machine learning saved objects API response contains this - object when there are datafeeds affected by the synchronization. There - is an object for each relevant datafeed, which contains the - synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for datafeeds + exists: + nullable: true + type: string + match_all: + nullable: true + type: string + meta: + nullable: true + type: object + properties: + alias: + nullable: true + type: string + controlledBy: + nullable: true + type: string + disabled: + nullable: true + type: boolean + field: + nullable: true + type: string + formattedValue: + nullable: true + type: string + index: + nullable: true + type: string + key: + nullable: true + type: string + negate: + nullable: true + type: boolean + params: + nullable: true + type: string + type: + nullable: true + type: string + value: + nullable: true + type: string + missing: + nullable: true + type: string + query: + nullable: true + type: string + range: + nullable: true + type: string + script: + nullable: true + type: string + Security_Timeline_API_GetNotesResult: type: object - Machine_learning_APIs_mlSyncResponseDataFrameAnalytics: - description: >- - The sync machine learning saved objects API response contains this - object when there are data frame analytics jobs affected by the - synchronization. There is an object for each relevant job, which - contains the synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for data frame analytics jobs + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + type: array + totalCount: + type: number + required: + - totalCount + - notes + Security_Timeline_API_ImportTimelineResult: type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsCreated: - description: >- - If saved objects are missing for machine learning jobs or trained - models, they are created when you run the sync machine learning saved - objects API. properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If saved objects are missing for anomaly detection jobs, they are - created. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If saved objects are missing for data frame analytics jobs, they are - created. - type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: If saved objects are missing for trained models, they are created. + errors: + items: + type: object + properties: + error: + type: object + properties: + message: + type: string + status_code: + type: number + id: + type: string + type: array + success: + type: boolean + success_count: + type: number + timelines_installed: + type: number + timelines_updated: + type: number + Security_Timeline_API_ImportTimelines: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - type: object + properties: + eventNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + globalNotes: + items: + $ref: '#/components/schemas/Security_Timeline_API_BareNote' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + savedObjectId: + nullable: true + type: string + version: + nullable: true + type: string + required: + - savedObjectId + - version + - pinnedEventIds + - eventNotes + - globalNotes + Security_Timeline_API_Note: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_BareNote' + - type: object + properties: + noteId: + type: string + version: + type: string + required: + - noteId + - version + Security_Timeline_API_PersistPinnedEventResponse: + oneOf: + - allOf: + - $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + - $ref: >- + #/components/schemas/Security_Timeline_API_PinnedEventBaseResponseBody + - nullable: true type: object - title: Sync API response for created saved objects + Security_Timeline_API_PersistTimelineResponse: type: object - Machine_learning_APIs_mlSyncResponseSavedObjectsDeleted: - description: >- - If saved objects exist for machine learning jobs or trained models that - no longer exist, they are deleted when you run the sync machine learning - saved objects API. properties: - anomaly-detector: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseAnomalyDetectors - description: >- - If there are saved objects exist for nonexistent anomaly detection - jobs, they are deleted. - type: object - data-frame-analytics: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseDataFrameAnalytics - description: >- - If there are saved objects exist for nonexistent data frame - analytics jobs, they are deleted. + data: type: object - trained-model: - additionalProperties: - $ref: >- - #/components/schemas/Machine_learning_APIs_mlSyncResponseTrainedModels - description: >- - If there are saved objects exist for nonexistent trained models, - they are deleted. - type: object - title: Sync API response for deleted saved objects + properties: + persistTimeline: + type: object + properties: + timeline: + $ref: '#/components/schemas/Security_Timeline_API_TimelineResponse' + required: + - timeline + required: + - persistTimeline + required: + - data + Security_Timeline_API_PinnedEvent: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_BarePinnedEvent' + - type: object + properties: + pinnedEventId: + type: string + version: + type: string + required: + - pinnedEventId + - version + Security_Timeline_API_PinnedEventBaseResponseBody: type: object - Machine_learning_APIs_mlSyncResponseSuccess: - description: The success or failure of the synchronization. - type: boolean - Machine_learning_APIs_mlSyncResponseTrainedModels: - description: >- - The sync machine learning saved objects API response contains this - object when there are trained models affected by the synchronization. - There is an object for each relevant trained model, which contains the - synchronization status. properties: - success: - $ref: '#/components/schemas/Machine_learning_APIs_mlSyncResponseSuccess' - title: Sync API response for trained models + code: + type: number + message: + type: string + required: + - code + Security_Timeline_API_QueryMatchResult: type: object - Saved_objects_400_response: - title: Bad request + properties: + displayField: + nullable: true + type: string + displayValue: + nullable: true + type: string + field: + nullable: true + type: string + operator: + nullable: true + type: string + value: + oneOf: + - nullable: true + type: string + - items: + type: string + nullable: true + type: array + Security_Timeline_API_ResolvedTimeline: type: object properties: - error: - enum: - - Bad Request + alias_purpose: + $ref: >- + #/components/schemas/Security_Timeline_API_SavedObjectResolveAliasPurpose + alias_target_id: type: string + outcome: + $ref: '#/components/schemas/Security_Timeline_API_SavedObjectResolveOutcome' + timeline: + $ref: >- + #/components/schemas/Security_Timeline_API_TimelineSavedToReturnObject + required: + - timeline + - outcome + Security_Timeline_API_ResponseNote: + type: object + properties: + code: + type: number message: type: string - statusCode: - enum: - - 400 - type: integer + note: + $ref: '#/components/schemas/Security_Timeline_API_Note' required: - - error + - code - message - - statusCode - Saved_objects_attributes: - description: > - The data that you want to create. WARNING: When you create saved - objects, attributes are not validated, which allows you to pass - arbitrary and ill-formed data into the API that can break Kibana. Make - sure any data that you send to the API is properly formed. + - note + Security_Timeline_API_RowRendererId: + enum: + - alert + - alerts + - auditd + - auditd_file + - library + - netflow + - plain + - registry + - suricata + - system + - system_dns + - system_endgame_process + - system_file + - system_fim + - system_security_event + - system_socket + - threat_match + - zeek + type: string + Security_Timeline_API_SavedObjectIds: + oneOf: + - items: + type: string + type: array + - type: string + Security_Timeline_API_SavedObjectResolveAliasPurpose: + enum: + - savedObjectConversion + - savedObjectImport + type: string + Security_Timeline_API_SavedObjectResolveOutcome: + enum: + - exactMatch + - aliasMatch + - conflict + type: string + Security_Timeline_API_SavedTimeline: type: object - Saved_objects_initial_namespaces: - description: > - Identifiers for the spaces in which this object is created. If this is - provided, the object is created only in the explicitly defined spaces. - If this is not provided, the object is created in the current space - (default behavior). For shareable object types (registered with - `namespaceType: 'multiple'`), this option can be used to specify one or - more spaces, including the "All spaces" identifier ('*'). For isolated - object types (registered with `namespaceType: 'single'` or - `namespaceType: 'multiple-isolated'`), this option can only be used to - specify a single space, and the "All spaces" identifier ('*') is not - allowed. For global object types (`registered with `namespaceType: - agnostic`), this option cannot be used. - type: array - Saved_objects_references: - description: > - Objects with `name`, `id`, and `type` properties that describe the other - saved objects that this object references. Use `name` in attributes to - refer to the other saved object, but never the `id`, which can update - automatically during migrations or import and export. - type: array + properties: + columns: + items: + $ref: '#/components/schemas/Security_Timeline_API_ColumnHeaderResult' + nullable: true + type: array + created: + nullable: true + type: number + createdBy: + nullable: true + type: string + dataProviders: + items: + $ref: '#/components/schemas/Security_Timeline_API_DataProviderResult' + nullable: true + type: array + dataViewId: + nullable: true + type: string + dateRange: + nullable: true + type: object + properties: + end: + oneOf: + - nullable: true + type: string + - nullable: true + type: number + start: + oneOf: + - nullable: true + type: string + - nullable: true + type: number + description: + nullable: true + type: string + eqlOptions: + nullable: true + type: object + properties: + eventCategoryField: + nullable: true + type: string + query: + nullable: true + type: string + size: + oneOf: + - nullable: true + type: string + - nullable: true + type: number + tiebreakerField: + nullable: true + type: string + timestampField: + nullable: true + type: string + eventType: + nullable: true + type: string + excludedRowRendererIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_RowRendererId' + nullable: true + type: array + favorite: + items: + $ref: '#/components/schemas/Security_Timeline_API_FavoriteTimelineResult' + nullable: true + type: array + filters: + items: + $ref: '#/components/schemas/Security_Timeline_API_FilterTimelineResult' + nullable: true + type: array + indexNames: + items: + type: string + nullable: true + type: array + kqlMode: + nullable: true + type: string + kqlQuery: + $ref: >- + #/components/schemas/Security_Timeline_API_SerializedFilterQueryResult + nullable: true + savedQueryId: + nullable: true + type: string + savedSearchId: + nullable: true + type: string + sort: + $ref: '#/components/schemas/Security_Timeline_API_Sort' + nullable: true + status: + enum: + - active + - draft + - immutable + nullable: true + type: string + templateTimelineId: + nullable: true + type: string + templateTimelineVersion: + nullable: true + type: number + timelineType: + $ref: '#/components/schemas/Security_Timeline_API_TimelineType' + nullable: true + title: + nullable: true + type: string + updated: + nullable: true + type: number + updatedBy: + nullable: true + type: string + Security_Timeline_API_SavedTimelineWithSavedObjectId: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - type: object + properties: + savedObjectId: + type: string + version: + type: string + required: + - savedObjectId + - version + Security_Timeline_API_SerializedFilterQueryResult: + type: object + properties: + filterQuery: + nullable: true + type: object + properties: + kuery: + nullable: true + type: object + properties: + expression: + nullable: true + type: string + kind: + nullable: true + type: string + serializedQuery: + nullable: true + type: string + Security_Timeline_API_Sort: + oneOf: + - $ref: '#/components/schemas/Security_Timeline_API_SortObject' + - items: + $ref: '#/components/schemas/Security_Timeline_API_SortObject' + type: array + Security_Timeline_API_SortFieldTimeline: + description: The field to sort the timelines by. + enum: + - title + - description + - updated + - created + type: string + Security_Timeline_API_SortObject: + type: object + properties: + columnId: + nullable: true + type: string + columnType: + nullable: true + type: string + sortDirection: + nullable: true + type: string + Security_Timeline_API_TimelineResponse: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - $ref: >- + #/components/schemas/Security_Timeline_API_SavedTimelineWithSavedObjectId + - type: object + properties: + eventIdToNoteIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + items: + type: string + nullable: true + type: array + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + Security_Timeline_API_TimelineSavedToReturnObject: + allOf: + - $ref: '#/components/schemas/Security_Timeline_API_SavedTimeline' + - type: object + properties: + eventIdToNoteIds: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + noteIds: + items: + type: string + nullable: true + type: array + notes: + items: + $ref: '#/components/schemas/Security_Timeline_API_Note' + nullable: true + type: array + pinnedEventIds: + items: + type: string + nullable: true + type: array + pinnedEventsSaveObject: + items: + $ref: '#/components/schemas/Security_Timeline_API_PinnedEvent' + nullable: true + type: array + savedObjectId: + type: string + version: + type: string + required: + - savedObjectId + - version + Security_Timeline_API_TimelineStatus: + description: >- + The status of the timeline. Valid values are `active`, `draft`, and + `immutable`. + enum: + - active + - draft + - immutable + type: string + Security_Timeline_API_TimelineType: + description: >- + The type of timeline to create. Valid values are `default` and + `template`. + enum: + - default + - template + type: string SLOs_400_response: title: Bad request type: object @@ -24416,6 +42238,44 @@ tags: permanently breaks future Kibana versions. name: saved objects x-displayName: Saved objects + - description: Manage and interact with Security Assistant resources. + name: Security AI Assistant API + x-displayName: Security AI assistant + - description: >- + You can create rules that automatically turn events and external alerts + sent to Elastic Security into detection alerts. These alerts are displayed + on the Detections page. + name: Security Detections API + x-displayName: Security detections + - description: >- + Endpoint Exceptions API allows you to manage detection rule endpoint + exceptions to prevent a rule from generating an alert from incoming events + even when the rule's other criteria are met. + name: Security Endpoint Exceptions API + x-displayName: Security endpoint exceptions + - description: Interact with and manage endpoints running the Elastic Defend integration. + name: Security Endpoint Management API + x-displayName: Security endpoint management + - description: '' + name: Security Entity Analytics API + x-displayName: Security entity analytics + - description: >- + Exceptions API allows you to manage detection rule exceptions to prevent a + rule from generating an alert from incoming events even when the rule's + other criteria are met. + name: Security Exceptions API + x-displayName: Security exceptions + - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. + name: Security Lists API + x-displayName: Security lists + - description: Run live queries, manage packs and saved queries. + name: Security Osquery API + x-displayName: Security Osquery + - description: >- + You can create Timelines and Timeline templates via the API, as well as + import new Timelines from an ndjson file. + name: Security Timeline API + x-displayName: Security timeline - description: SLO APIs enable you to define, manage and track service-level objectives name: slo - name: spaces diff --git a/oas_docs/overlays/kibana.overlays.serverless.yaml b/oas_docs/overlays/kibana.overlays.serverless.yaml index 5d1064eecb37..b4a37c1aec84 100644 --- a/oas_docs/overlays/kibana.overlays.serverless.yaml +++ b/oas_docs/overlays/kibana.overlays.serverless.yaml @@ -55,8 +55,12 @@ actions: update: x-displayName: "Service level objectives" - target: '$.tags[?(@.name=="system")]' - description: Change displayName + description: Change displayName and description update: x-displayName: "System" description: > - Get information about the system status, resource usage, and installed plugins. \ No newline at end of file + Get information about the system status, resource usage, and installed plugins. + # Remove extra tags from operations + - target: "$.paths[*][*].tags[1:]" + description: Remove all but first tag from operations + remove: true \ No newline at end of file diff --git a/oas_docs/overlays/kibana.overlays.yaml b/oas_docs/overlays/kibana.overlays.yaml index cd3b40eeda81..7464f1899d8f 100644 --- a/oas_docs/overlays/kibana.overlays.yaml +++ b/oas_docs/overlays/kibana.overlays.yaml @@ -70,8 +70,12 @@ actions: update: x-displayName: "Service level objectives" - target: '$.tags[?(@.name=="system")]' - description: Change displayName + description: Change displayName and description update: x-displayName: "System" description: > Get information about the system status, resource usage, and installed plugins. + # Remove extra tags from operations + - target: "$.paths[*][*].tags[1:]" + description: Remove all but first tag from operations + remove: true \ No newline at end of file diff --git a/oas_docs/scripts/merge_ess_oas.js b/oas_docs/scripts/merge_ess_oas.js index 9a0bd9217817..da71cb41595e 100644 --- a/oas_docs/scripts/merge_ess_oas.js +++ b/oas_docs/scripts/merge_ess_oas.js @@ -27,6 +27,12 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, // Security solution + `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/*.schema.yaml`, + `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/ess/*.schema.yaml`, ], outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.yaml`, options: { diff --git a/oas_docs/scripts/merge_serverless_oas.js b/oas_docs/scripts/merge_serverless_oas.js index 3d5384a7af2f..d9d91dfb032b 100644 --- a/oas_docs/scripts/merge_serverless_oas.js +++ b/oas_docs/scripts/merge_serverless_oas.js @@ -25,6 +25,12 @@ const { REPO_ROOT } = require('@kbn/repo-info'); `${REPO_ROOT}/x-pack/plugins/observability_solution/slo/docs/openapi/slo/bundled.yaml`, // Security solution + `${REPO_ROOT}/x-pack/plugins/security_solution/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/packages/kbn-securitysolution-endpoint-exceptions-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/*.schema.yaml`, + `${REPO_ROOT}/x-pack/plugins/osquery/docs/openapi/serverless/*.schema.yaml`, ], outputFilePath: `${REPO_ROOT}/oas_docs/output/kibana.serverless.yaml`, options: { diff --git a/package.json b/package.json index 28b4a344b4cd..41288a5a3e31 100644 --- a/package.json +++ b/package.json @@ -82,6 +82,7 @@ "**/@bazel/typescript/protobufjs": "6.11.4", "**/@hello-pangea/dnd": "16.6.0", "**/@langchain/core": "^0.2.18", + "**/@langchain/google-common": "^0.1.1", "**/@types/node": "20.10.5", "**/@typescript-eslint/utils": "5.62.0", "**/chokidar": "^3.5.3", @@ -116,7 +117,7 @@ "@elastic/ecs": "^8.11.1", "@elastic/elasticsearch": "^8.15.0", "@elastic/ems-client": "8.5.3", - "@elastic/eui": "95.12.0-backport.0", + "@elastic/eui": "96.1.0", "@elastic/filesaver": "1.1.2", "@elastic/node-crypto": "1.2.1", "@elastic/numeral": "^2.5.1", @@ -999,11 +1000,13 @@ "@kbn/zod-helpers": "link:packages/kbn-zod-helpers", "@langchain/community": "0.2.18", "@langchain/core": "^0.2.18", - "@langchain/google-genai": "^0.0.23", + "@langchain/google-common": "^0.1.1", + "@langchain/google-genai": "^0.1.0", + "@langchain/google-vertexai": "^0.1.0", "@langchain/langgraph": "0.0.34", "@langchain/openai": "^0.1.3", "@langtrase/trace-attributes": "^3.0.8", - "@launchdarkly/node-server-sdk": "^9.5.4", + "@launchdarkly/node-server-sdk": "^9.6.0", "@launchdarkly/openfeature-node-server": "^1.0.0", "@loaders.gl/core": "^3.4.7", "@loaders.gl/json": "^3.4.7", @@ -1148,7 +1151,7 @@ "jsts": "^1.6.2", "kea": "^2.6.0", "langchain": "^0.2.11", - "langsmith": "^0.1.39", + "langsmith": "^0.1.55", "launchdarkly-js-client-sdk": "^3.4.0", "load-json-file": "^6.2.0", "lodash": "^4.17.21", @@ -1487,7 +1490,7 @@ "@octokit/rest": "^17.11.2", "@parcel/watcher": "^2.1.0", "@playwright/test": "=1.46.0", - "@redocly/cli": "^1.21.0", + "@redocly/cli": "^1.25.3", "@statoscope/webpack-plugin": "^5.28.2", "@storybook/addon-a11y": "^6.5.16", "@storybook/addon-actions": "^6.5.16", diff --git a/packages/kbn-alerts-ui-shared/src/alert_filter_controls/filter_group.tsx b/packages/kbn-alerts-ui-shared/src/alert_filter_controls/filter_group.tsx index 01a1524c4abc..b97c0940f41d 100644 --- a/packages/kbn-alerts-ui-shared/src/alert_filter_controls/filter_group.tsx +++ b/packages/kbn-alerts-ui-shared/src/alert_filter_controls/filter_group.tsx @@ -44,6 +44,7 @@ import { URL_PARAM_ARRAY_EXCEPTION_MSG } from './translations'; export const FilterGroup = (props: PropsWithChildren) => { const { + featureIds, dataViewId, onFiltersChange, timeRange, @@ -58,7 +59,7 @@ export const FilterGroup = (props: PropsWithChildren) => { maxControls = Infinity, ControlGroupRenderer, Storage, - featureIds, + storageKey, } = props; const filterChangedSubscription = useRef(); @@ -79,8 +80,8 @@ export const FilterGroup = (props: PropsWithChildren) => { const [controlGroup, setControlGroup] = useState(); const localStoragePageFilterKey = useMemo( - () => `${featureIds.join(',')}.${spaceId}.${URL_PARAM_KEY}`, - [featureIds, spaceId] + () => storageKey ?? `${featureIds.join(',')}.${spaceId}.${URL_PARAM_KEY}`, + [featureIds, spaceId, storageKey] ); const currentFiltersRef = useRef(); diff --git a/packages/kbn-alerts-ui-shared/src/alert_filter_controls/types.ts b/packages/kbn-alerts-ui-shared/src/alert_filter_controls/types.ts index 5fb7bdd1a6a0..19a76c76ff6f 100644 --- a/packages/kbn-alerts-ui-shared/src/alert_filter_controls/types.ts +++ b/packages/kbn-alerts-ui-shared/src/alert_filter_controls/types.ts @@ -74,4 +74,5 @@ export interface FilterGroupProps extends Pick; +type EntitySource = z.output; + +export { entitySchema, entityWithSourceSchema }; +export type { EntityWithSource, EntitySource }; diff --git a/packages/kbn-investigation-shared/src/rest_specs/get_entities.ts b/packages/kbn-investigation-shared/src/rest_specs/get_entities.ts new file mode 100644 index 000000000000..383bc21b5808 --- /dev/null +++ b/packages/kbn-investigation-shared/src/rest_specs/get_entities.ts @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { z } from '@kbn/zod'; +import { entityWithSourceSchema } from './entity'; + +const getEntitiesParamsSchema = z + .object({ + query: z + .object({ + 'service.name': z.string(), + 'service.environment': z.string(), + 'host.name': z.string(), + 'container.id': z.string(), + }) + .partial(), + }) + .partial(); + +const getEntitiesResponseSchema = z.object({ + entities: z.array(entityWithSourceSchema), +}); + +type GetEntitiesParams = z.infer; +type GetEntitiesResponse = z.output; + +export { getEntitiesParamsSchema, getEntitiesResponseSchema }; +export type { GetEntitiesParams, GetEntitiesResponse }; diff --git a/packages/kbn-investigation-shared/src/rest_specs/index.ts b/packages/kbn-investigation-shared/src/rest_specs/index.ts index 42bec32041af..d0070c8b8959 100644 --- a/packages/kbn-investigation-shared/src/rest_specs/index.ts +++ b/packages/kbn-investigation-shared/src/rest_specs/index.ts @@ -27,6 +27,8 @@ export type * from './update_item'; export type * from './update_note'; export type * from './event'; export type * from './get_events'; +export type * from './entity'; +export type * from './get_entities'; export * from './create'; export * from './create_item'; @@ -48,3 +50,5 @@ export * from './update_item'; export * from './update_note'; export * from './event'; export * from './get_events'; +export * from './entity'; +export * from './get_entities'; diff --git a/packages/kbn-optimizer/src/worker/webpack.config.ts b/packages/kbn-optimizer/src/worker/webpack.config.ts index fb1ae9886342..539d3098030e 100644 --- a/packages/kbn-optimizer/src/worker/webpack.config.ts +++ b/packages/kbn-optimizer/src/worker/webpack.config.ts @@ -214,18 +214,6 @@ export function getWebpackConfig( includePaths: [Path.resolve(worker.repoRoot, 'node_modules')], sourceMap: true, quietDeps: true, - logger: { - warn: (message: string, warning: any) => { - // Muted - see https://github.com/elastic/kibana/issues/190345 for tracking remediation - if (warning?.deprecationType?.id === 'mixed-decls') return; - - if (warning.deprecation) - return process.stderr.write( - `DEPRECATION WARNING: ${message}\n${warning.stack}` - ); - process.stderr.write('WARNING: ' + message); - }, - }, }, }, }, diff --git a/packages/kbn-search-connectors/components/scheduling/connector_scheduling.tsx b/packages/kbn-search-connectors/components/scheduling/connector_scheduling.tsx index 9f97a8ee6376..3d8ea94b3599 100644 --- a/packages/kbn-search-connectors/components/scheduling/connector_scheduling.tsx +++ b/packages/kbn-search-connectors/components/scheduling/connector_scheduling.tsx @@ -42,8 +42,8 @@ export const SchedulePanel: FC> = ({ <> - -

{title}

+ +

{title}

 @@ -115,7 +115,6 @@ export const ConnectorSchedulingComponent: React.FC - {hasIngestionError ? : <>} {children} diff --git a/packages/kbn-search-connectors/components/scheduling/full_content.tsx b/packages/kbn-search-connectors/components/scheduling/full_content.tsx index ced6c9ef8442..de85f8fb2e4a 100644 --- a/packages/kbn-search-connectors/components/scheduling/full_content.tsx +++ b/packages/kbn-search-connectors/components/scheduling/full_content.tsx @@ -129,10 +129,10 @@ export const ConnectorContentScheduling: React.FC + - -

{getAccordionTitle(type)}

+ +
{getAccordionTitle(type)}
 diff --git a/packages/kbn-search-index-documents/components/documents_overview.test.tsx b/packages/kbn-search-index-documents/components/documents_overview.test.tsx index c11cc5eb2d98..3f452e2e072a 100644 --- a/packages/kbn-search-index-documents/components/documents_overview.test.tsx +++ b/packages/kbn-search-index-documents/components/documents_overview.test.tsx @@ -27,6 +27,6 @@ describe('DocumentList', () => { ); - expect(screen.getByText('Browse documents')).toBeInTheDocument(); + expect(screen.getByPlaceholderText('Search documents in this index')).toBeInTheDocument(); }); }); diff --git a/packages/kbn-search-index-documents/components/documents_overview.tsx b/packages/kbn-search-index-documents/components/documents_overview.tsx index d5f6807e313a..8b5f210e8dd2 100644 --- a/packages/kbn-search-index-documents/components/documents_overview.tsx +++ b/packages/kbn-search-index-documents/components/documents_overview.tsx @@ -7,16 +7,10 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { - EuiFieldSearch, - EuiFlexGroup, - EuiFlexItem, - EuiPanel, - EuiSpacer, - EuiTitle, -} from '@elastic/eui'; +import { EuiFieldSearch, EuiFlexGroup, EuiFlexItem, EuiPanel, useEuiTheme } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import React, { ChangeEvent } from 'react'; +import { css } from '@emotion/react'; interface DocumentsProps { accessControlSwitch?: React.ReactNode; @@ -30,22 +24,22 @@ export const DocumentsOverview: React.FC = ({ documentComponent, searchQueryCallback, }) => { + const { euiTheme } = useEuiTheme(); return ( - - - - -

- {i18n.translate('searchIndexDocuments.documents.title', { - defaultMessage: 'Browse documents', - })} -

- - - {accessControlSwitch && {accessControlSwitch}} + + {accessControlSwitch && ( + + {accessControlSwitch} + + )}

-
- - Linked to 0 rules - -
-
+
+
+ -
+ + +
+
-
- -
+
@@ -269,10 +265,10 @@ exports[`ExceptionListHeader should render the List Header with name, default de class="euiSpacer euiSpacer--s emotion-euiSpacer-s" />

-
- - Linked to 0 rules - -
-
+
+
+ -
+ + +
+
-
- -
+
@@ -493,10 +485,10 @@ exports[`ExceptionListHeader should render the List Header with name, default de class="euiSpacer euiSpacer--s emotion-euiSpacer-s" />

-
- - Linked to 0 rules - -
-
+
+
+ -
+ + +
+
-
- -
+
@@ -690,10 +678,10 @@ exports[`ExceptionListHeader should render the List Header with name, default de class="euiSpacer euiSpacer--s emotion-euiSpacer-s" />

-
- - Linked to 0 rules - -
+ Linked to 0 rules + +
+
-
- -
+
diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 89208f3a9ced..bf290e872f91 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/ess/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1904,3 +1904,4 @@ tags: rule from generating an alert from incoming events even when the rule's other criteria are met. name: Security Exceptions API + x-displayName: Security exceptions diff --git a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml index 190c2bd64aab..115658261c90 100644 --- a/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-exceptions-common/docs/openapi/serverless/security_solution_exceptions_api_2023_10_31.bundled.schema.yaml @@ -1904,3 +1904,4 @@ tags: rule from generating an alert from incoming events even when the rule's other criteria are met. name: Security Exceptions API + x-displayName: Security exceptions diff --git a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js index edbe0f14ed75..83c84d91daaf 100644 --- a/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-exceptions-common/scripts/openapi_bundle.js @@ -31,6 +31,7 @@ const ROOT = resolve(__dirname, '..'); tags: [ { name: 'Security Exceptions API', + 'x-displayName': 'Security exceptions', description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, @@ -56,6 +57,7 @@ const ROOT = resolve(__dirname, '..'); tags: [ { name: 'Security Exceptions API', + 'x-displayName': 'Security exceptions', description: "Exceptions API allows you to manage detection rule exceptions to prevent a rule from generating an alert from incoming events even when the rule's other criteria are met.", }, diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml index e2f6e182e1ed..17eef19505e4 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/ess/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1564,3 +1564,4 @@ security: tags: - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. name: Security Lists API + x-displayName: Security lists diff --git a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml index c11f67f85014..5348d9404a0e 100644 --- a/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml +++ b/packages/kbn-securitysolution-lists-common/docs/openapi/serverless/security_solution_lists_api_2023_10_31.bundled.schema.yaml @@ -1564,3 +1564,4 @@ security: tags: - description: Lists API allows you to manage lists of keywords, IPs or IP ranges items. name: Security Lists API + x-displayName: Security lists diff --git a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js index 2f809aa1f5ee..b8ea2ea2e837 100644 --- a/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js +++ b/packages/kbn-securitysolution-lists-common/scripts/openapi_bundle.js @@ -30,6 +30,7 @@ const ROOT = resolve(__dirname, '..'); tags: [ { name: 'Security Lists API', + 'x-displayName': 'Security lists', description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', }, @@ -54,6 +55,7 @@ const ROOT = resolve(__dirname, '..'); tags: [ { name: 'Security Lists API', + 'x-displayName': 'Security lists', description: 'Lists API allows you to manage lists of keywords, IPs or IP ranges items.', }, diff --git a/packages/kbn-storybook/src/webpack.config.ts b/packages/kbn-storybook/src/webpack.config.ts index 94302fdc19c4..fb901692e7f6 100644 --- a/packages/kbn-storybook/src/webpack.config.ts +++ b/packages/kbn-storybook/src/webpack.config.ts @@ -120,18 +120,6 @@ export default ({ config: storybookConfig }: { config: Configuration }) => { sassOptions: { includePaths: [resolve(REPO_ROOT, 'node_modules')], quietDeps: true, - logger: { - warn: (message: string, warning: any) => { - // Muted - see https://github.com/elastic/kibana/issues/190345 for tracking remediation - if (warning?.deprecationType?.id === 'mixed-decls') return; - - if (warning.deprecation) - return process.stderr.write( - `DEPRECATION WARNING: ${message}\n${warning.stack}` - ); - process.stderr.write('WARNING: ' + message); - }, - }, }, }, }, diff --git a/packages/kbn-test/src/jest/setup/emotion.js b/packages/kbn-test/src/jest/setup/emotion.js index 66c2e838b472..1084d4d695c6 100644 --- a/packages/kbn-test/src/jest/setup/emotion.js +++ b/packages/kbn-test/src/jest/setup/emotion.js @@ -29,5 +29,14 @@ console.error = (message, ...rest) => { ) { return; } + // @see https://github.com/jsdom/jsdom/issues/2177 + // JSDOM doesn't yet know how to parse @container CSS queries - + // all we can do is silence its errors for now + if ( + typeof message === 'object' && + message?.message?.startsWith('Could not parse CSS stylesheet') + ) { + return; + } consoleError(message, ...rest); }; diff --git a/packages/shared-ux/page/kibana_template/impl/src/__snapshots__/page_template.test.tsx.snap b/packages/shared-ux/page/kibana_template/impl/src/__snapshots__/page_template.test.tsx.snap index a185c193981f..f455fbb1d00b 100644 --- a/packages/shared-ux/page/kibana_template/impl/src/__snapshots__/page_template.test.tsx.snap +++ b/packages/shared-ux/page/kibana_template/impl/src/__snapshots__/page_template.test.tsx.snap @@ -18,10 +18,10 @@ exports[`KibanaPageTemplate render basic template 1`] = ` style="max-width:1200px" >
-
- test -
+ test
diff --git a/src/core/public/styles/rendering/_base.scss b/src/core/public/styles/rendering/_base.scss index 1bcfaab71ea1..259115f6a526 100644 --- a/src/core/public/styles/rendering/_base.scss +++ b/src/core/public/styles/rendering/_base.scss @@ -67,7 +67,8 @@ } .kbnBody--chromeHidden { - --euiFixedHeadersOffset: 0; + // stylelint-disable-next-line length-zero-no-unit + --euiFixedHeadersOffset: 0px; &.kbnBody--hasHeaderBanner { --euiFixedHeadersOffset: var(--kbnHeaderBannerHeight); diff --git a/src/dev/license_checker/config.ts b/src/dev/license_checker/config.ts index 15d08e194c4d..c4d5357ceefb 100644 --- a/src/dev/license_checker/config.ts +++ b/src/dev/license_checker/config.ts @@ -87,7 +87,7 @@ export const LICENSE_OVERRIDES = { 'jsts@1.6.2': ['Eclipse Distribution License - v 1.0'], // cf. https://github.com/bjornharrtell/jsts '@mapbox/jsonlint-lines-primitives@2.0.2': ['MIT'], // license in readme https://github.com/tmcw/jsonlint '@elastic/ems-client@8.5.3': ['Elastic License 2.0'], - '@elastic/eui@95.12.0-backport.0': ['Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0'], + '@elastic/eui@96.1.0': ['Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0'], 'language-subtag-registry@0.3.21': ['CC-BY-4.0'], // retired ODC‑By license https://github.com/mattcg/language-subtag-registry 'buffers@0.1.1': ['MIT'], // license in importing module https://www.npmjs.com/package/binary '@bufbuild/protobuf@1.2.1': ['Apache-2.0'], // license (Apache-2.0 AND BSD-3-Clause) diff --git a/src/plugins/console/public/lib/utils/index.ts b/src/plugins/console/public/lib/utils/index.ts index c896d52aa627..86da34c7162b 100644 --- a/src/plugins/console/public/lib/utils/index.ts +++ b/src/plugins/console/public/lib/utils/index.ts @@ -91,8 +91,11 @@ export function extractWarningMessages(warnings: string) { }); } +// To avoid double unescaping, the best approach is to process the backslash escape sequence last. +// This ensures that any escaped characters are correctly handled first, preventing premature +// interpretation of the backslash itself as part of another escape sequence. export function unescape(s: string) { - return s.replace(/\\\\/g, '\\').replace(/\\"/g, '"'); + return s.replace(/\\"/g, '"').replace(/\\\\/g, '\\'); } export function splitOnUnquotedCommaSpace(s: string) { diff --git a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss index 0f463926908f..4b1a1d9b27d5 100644 --- a/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss +++ b/src/plugins/dashboard/public/dashboard_app/top_nav/editor_menu.scss @@ -1,6 +1,6 @@ .dshSolutionToolbar__editorContextMenu { - @include euiScrollBar; - @include euiOverflowShadow; max-height: 60vh; overflow-y: scroll; + @include euiScrollBar; + @include euiOverflowShadow; } diff --git a/src/plugins/expression_error/public/components/debug/debug.scss b/src/plugins/expression_error/public/components/debug/debug.scss index e4d142297567..fcc046cae7e9 100644 --- a/src/plugins/expression_error/public/components/debug/debug.scss +++ b/src/plugins/expression_error/public/components/debug/debug.scss @@ -4,10 +4,10 @@ height: 100%; .canvasDebug__content { - @include euiScrollBar; width: 100%; height: 100%; overflow: auto; padding: $euiSize; + @include euiScrollBar; } } diff --git a/src/plugins/input_control_vis/public/components/vis/input_control_vis.scss b/src/plugins/input_control_vis/public/components/vis/input_control_vis.scss index 322573446f76..42ec14a70b02 100644 --- a/src/plugins/input_control_vis/public/components/vis/input_control_vis.scss +++ b/src/plugins/input_control_vis/public/components/vis/input_control_vis.scss @@ -1,9 +1,9 @@ .icvContainer__wrapper { - @include euiScrollBar; min-height: 0; flex: 1 1 0; display: flex; overflow: auto; + @include euiScrollBar; } .icvContainer { diff --git a/src/plugins/saved_objects_management/public/management_section/object_view/components/__snapshots__/header.test.tsx.snap b/src/plugins/saved_objects_management/public/management_section/object_view/components/__snapshots__/header.test.tsx.snap index eb2e5d733b98..ef2699747a6b 100644 --- a/src/plugins/saved_objects_management/public/management_section/object_view/components/__snapshots__/header.test.tsx.snap +++ b/src/plugins/saved_objects_management/public/management_section/object_view/components/__snapshots__/header.test.tsx.snap @@ -8,10 +8,10 @@ exports[`Intro component renders correctly 1`] = ` class="euiPageHeaderContent emotion-euiPageHeaderContent-border-l" >

-
- -
-
+ Delete + + +
+
+ - - - View saved object - - -
+ color="inherit" + data-euiicon-type="eye" + /> + View saved object + +
diff --git a/src/plugins/unified_search/public/filters_builder/filter_item/filter_item.tsx b/src/plugins/unified_search/public/filters_builder/filter_item/filter_item.tsx index ed6b6c8a8d31..bc1f1f513e15 100644 --- a/src/plugins/unified_search/public/filters_builder/filter_item/filter_item.tsx +++ b/src/plugins/unified_search/public/filters_builder/filter_item/filter_item.tsx @@ -251,6 +251,7 @@ export function FilterItem({ hasInteractiveChildren={true} disableInteractiveElementBlocking className={cx(disabledDraggableCss)} + usePortal > {(provided) => ( {renderComponent()} diff --git a/test/plugin_functional/test_suites/core_plugins/rendering.ts b/test/plugin_functional/test_suites/core_plugins/rendering.ts index 5ca4460e27eb..0054750a55b2 100644 --- a/test/plugin_functional/test_suites/core_plugins/rendering.ts +++ b/test/plugin_functional/test_suites/core_plugins/rendering.ts @@ -315,7 +315,6 @@ export default function ({ getService }: PluginFunctionalProviderContext) { // 'xpack.reporting.poll.jobsRefresh.intervalErrorMultiplier (number)', 'xpack.rollup.ui.enabled (boolean?)', 'xpack.saved_object_tagging.cache_refresh_interval (duration?)', - 'xpack.search.homepage.ui.enabled (boolean?)', 'xpack.searchInferenceEndpoints.ui.enabled (boolean?)', 'xpack.searchPlayground.ui.enabled (boolean?)', 'xpack.security.loginAssistanceMessage (string?)', diff --git a/x-pack/packages/kbn-cloud-security-posture-common/constants.ts b/x-pack/packages/kbn-cloud-security-posture-common/constants.ts index 0e8b1b3e16cf..7ff50efdd948 100644 --- a/x-pack/packages/kbn-cloud-security-posture-common/constants.ts +++ b/x-pack/packages/kbn-cloud-security-posture-common/constants.ts @@ -4,6 +4,8 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ +import { VulnSeverity } from './types/vulnerabilities'; + export const KSPM_POLICY_TEMPLATE = 'kspm'; export const CSPM_POLICY_TEMPLATE = 'cspm'; export const CDR_LATEST_NATIVE_MISCONFIGURATIONS_INDEX_PATTERN = @@ -33,3 +35,11 @@ export const CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN = 'security_solution-*.vulnerability_latest'; export const CDR_VULNERABILITIES_INDEX_PATTERN = `${CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN},${CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN}`; export const LATEST_VULNERABILITIES_RETENTION_POLICY = '3d'; + +export const VULNERABILITIES_SEVERITY: Record = { + LOW: 'LOW', + MEDIUM: 'MEDIUM', + HIGH: 'HIGH', + CRITICAL: 'CRITICAL', + UNKNOWN: 'UNKNOWN', +}; diff --git a/x-pack/packages/kbn-cloud-security-posture-common/index.ts b/x-pack/packages/kbn-cloud-security-posture-common/index.ts index dc4e930f537e..e01401f37ef2 100644 --- a/x-pack/packages/kbn-cloud-security-posture-common/index.ts +++ b/x-pack/packages/kbn-cloud-security-posture-common/index.ts @@ -18,6 +18,7 @@ export type { CspSetupStatus, } from './types/status'; export type { CspFinding, CspFindingResult } from './types/findings'; +export type { CspVulnerabilityFinding } from './schema/vulnerabilities/csp_vulnerability_finding'; export type { BenchmarksCisId } from './types/benchmark'; export type { VulnSeverity } from './types/vulnerabilities'; export * from './constants'; diff --git a/x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts b/x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts index b2255b8fa51f..51feb88d2d64 100644 --- a/x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts +++ b/x-pack/packages/kbn-cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding.ts @@ -6,7 +6,7 @@ */ // TODO: this needs to be defined in a versioned schema -import type { EcsEvent } from '@elastic/ecs'; +import type { EcsDataStream, EcsEvent, EcsObserver } from '@elastic/ecs'; import type { VulnSeverity } from '../../types/vulnerabilities'; export interface CspVulnerabilityFinding { @@ -75,7 +75,8 @@ export interface CspVulnerabilityFinding { name?: string; fixed_version?: string; }; - data_stream: { dataset: string }; + data_stream: EcsDataStream; + observer: EcsObserver; } export interface Vulnerability { diff --git a/x-pack/packages/kbn-cloud-security-posture-common/types/findings.ts b/x-pack/packages/kbn-cloud-security-posture-common/types/findings.ts index 52503b589c44..a5a924461998 100644 --- a/x-pack/packages/kbn-cloud-security-posture-common/types/findings.ts +++ b/x-pack/packages/kbn-cloud-security-posture-common/types/findings.ts @@ -5,7 +5,7 @@ * 2.0. */ -import type { EcsDataStream, EcsEvent } from '@elastic/ecs'; +import type { EcsDataStream, EcsEvent, EcsObserver } from '@elastic/ecs'; import type { CspBenchmarkRuleMetadata } from '../schema/rules/latest'; export interface CspFinding { @@ -19,6 +19,7 @@ export interface CspFinding { host: CspFindingHost; event: EcsEvent; data_stream: EcsDataStream; + observer: EcsObserver; agent: CspFindingAgent; ecs: { version: string; diff --git a/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.test.ts b/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.test.ts index d920a8dc2516..0248cdf9b6e3 100644 --- a/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.test.ts +++ b/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.test.ts @@ -153,7 +153,7 @@ describe('test helper methods', () => { filter: [ { bool: { - should: [{ term: { 'host.name': { value: 'exampleHost' } } }], + should: [{ term: { 'host.name': 'exampleHost' } }], minimum_should_match: 1, }, }, @@ -171,7 +171,7 @@ describe('test helper methods', () => { filter: [ { bool: { - should: [{ term: { 'host.name': { value: '' } } }], + should: [{ term: { 'host.name': '' } }], minimum_should_match: 1, }, }, diff --git a/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.ts b/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.ts index 1c593fcebf54..7039c99af6d5 100644 --- a/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.ts +++ b/x-pack/packages/kbn-cloud-security-posture-common/utils/helpers.ts @@ -48,7 +48,13 @@ export const buildEntityFlyoutPreviewQuery = (field: string, queryValue?: string filter: [ { bool: { - should: [{ term: { [field]: { value: `${queryValue || ''}` } } }], + should: [ + { + term: { + [field]: `${queryValue || ''}`, + }, + }, + ], minimum_should_match: 1, }, }, diff --git a/x-pack/packages/kbn-cloud-security-posture/index.ts b/x-pack/packages/kbn-cloud-security-posture/index.ts index 895624ba805e..73b77376db46 100644 --- a/x-pack/packages/kbn-cloud-security-posture/index.ts +++ b/x-pack/packages/kbn-cloud-security-posture/index.ts @@ -12,3 +12,5 @@ export type { NavFilter } from './src/hooks/use_navigate_findings'; export { showErrorToast } from './src/utils/show_error_toast'; export { encodeQuery, decodeQuery } from './src/utils/query_utils'; export { CspEvaluationBadge } from './src/components/csp_evaluation_badge'; +export { getSeverityStatusColor } from './src/utils/get_vulnerability_colors'; +export { getSeverityText } from './src/utils/get_vulnerability_text'; diff --git a/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_findings.ts b/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_findings.ts index aee35ca602ef..fe25224cf417 100644 --- a/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_findings.ts +++ b/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_findings.ts @@ -14,7 +14,7 @@ import type { CspClientPluginStartDeps, LatestFindingsRequest, LatestFindingsResponse, - UseMisconfigurationOptions, + UseCspOptions, } from '../../type'; import { useGetCspBenchmarkRulesStatesApi } from './use_get_benchmark_rules_state_api'; @@ -23,7 +23,7 @@ import { getMisconfigurationAggregationCount, } from '../utils/hooks_utils'; -export const useMisconfigurationFindings = (options: UseMisconfigurationOptions) => { +export const useMisconfigurationFindings = (options: UseCspOptions) => { const { data, notifications: { toasts }, diff --git a/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_preview.ts b/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_preview.ts index 9828bb32c775..4711cd752ee5 100644 --- a/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_preview.ts +++ b/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_misconfiguration_preview.ts @@ -13,7 +13,7 @@ import type { CspClientPluginStartDeps, LatestFindingsRequest, LatestFindingsResponse, - UseMisconfigurationOptions, + UseCspOptions, } from '../../type'; import { useGetCspBenchmarkRulesStatesApi } from './use_get_benchmark_rules_state_api'; import { @@ -21,7 +21,7 @@ import { getMisconfigurationAggregationCount, } from '../utils/hooks_utils'; -export const useMisconfigurationPreview = (options: UseMisconfigurationOptions) => { +export const useMisconfigurationPreview = (options: UseCspOptions) => { const { data, notifications: { toasts }, diff --git a/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_vulnerabilities_preview.ts b/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_vulnerabilities_preview.ts new file mode 100644 index 000000000000..00ca9691b013 --- /dev/null +++ b/x-pack/packages/kbn-cloud-security-posture/src/hooks/use_vulnerabilities_preview.ts @@ -0,0 +1,90 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { useQuery } from '@tanstack/react-query'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { lastValueFrom } from 'rxjs'; +import type { IKibanaSearchResponse, IKibanaSearchRequest } from '@kbn/search-types'; +import { + SearchRequest, + SearchResponse, + AggregationsMultiBucketAggregateBase, + AggregationsStringRareTermsBucketKeys, +} from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { + CDR_VULNERABILITIES_INDEX_PATTERN, + LATEST_VULNERABILITIES_RETENTION_POLICY, +} from '@kbn/cloud-security-posture-common'; +import type { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; +import type { CoreStart } from '@kbn/core/public'; +import type { CspClientPluginStartDeps, UseCspOptions } from '../../type'; +import { showErrorToast } from '../..'; +import { + getFindingsCountAggQueryVulnerabilities, + getVulnerabilitiesAggregationCount, +} from '../utils/hooks_utils'; + +type LatestFindingsRequest = IKibanaSearchRequest; +type LatestFindingsResponse = IKibanaSearchResponse< + SearchResponse +>; + +interface FindingsAggs { + count: AggregationsMultiBucketAggregateBase; +} + +const getVulnerabilitiesQuery = ({ query }: UseCspOptions, isPreview = false) => ({ + index: CDR_VULNERABILITIES_INDEX_PATTERN, + size: 0, + aggs: getFindingsCountAggQueryVulnerabilities(), + ignore_unavailable: true, + query: { + ...query, + bool: { + ...query?.bool, + filter: [ + ...(query?.bool?.filter ?? []), + { + range: { + '@timestamp': { + gte: `now-${LATEST_VULNERABILITIES_RETENTION_POLICY}`, + lte: 'now', + }, + }, + }, + ], + }, + }, +}); + +export const useVulnerabilitiesPreview = (options: UseCspOptions) => { + const { + data, + notifications: { toasts }, + } = useKibana().services; + + return useQuery( + ['csp_vulnerabilities_preview', { params: options }], + async () => { + const { + rawResponse: { aggregations }, + } = await lastValueFrom( + data.search.search({ + params: getVulnerabilitiesQuery(options), + }) + ); + + return { + count: getVulnerabilitiesAggregationCount(aggregations?.count?.buckets), + }; + }, + { + keepPreviousData: true, + enabled: options.enabled, + onError: (err: Error) => showErrorToast(toasts, err), + } + ); +}; diff --git a/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerabilitiy_colors.test.ts b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerabilitiy_colors.test.ts new file mode 100644 index 000000000000..0516faa7e83f --- /dev/null +++ b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerabilitiy_colors.test.ts @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { euiThemeVars } from '@kbn/ui-theme'; +import { getSeverityStatusColor } from './get_vulnerability_colors'; +describe('getSeverityStatusColor', () => { + it('should return the correct color for LOW severity', () => { + expect(getSeverityStatusColor('LOW')).toBe(euiThemeVars.euiColorVis0); + }); + + it('should return the correct color for MEDIUM severity', () => { + expect(getSeverityStatusColor('MEDIUM')).toBe(euiThemeVars.euiColorVis5_behindText); + }); + + it('should return the correct color for HIGH severity', () => { + expect(getSeverityStatusColor('HIGH')).toBe(euiThemeVars.euiColorVis9_behindText); + }); + + it('should return the correct color for CRITICAL severity', () => { + expect(getSeverityStatusColor('CRITICAL')).toBe(euiThemeVars.euiColorDanger); + }); + + it('should return #aaa for an unknown severity', () => { + expect(getSeverityStatusColor('UNKNOWN')).toBe('#aaa'); + }); +}); diff --git a/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_colors.ts b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_colors.ts new file mode 100644 index 000000000000..7e651f790fd8 --- /dev/null +++ b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_colors.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { euiThemeVars } from '@kbn/ui-theme'; +import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; +import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common'; + +export const getSeverityStatusColor = (severity: VulnSeverity): string => { + switch (severity) { + case VULNERABILITIES_SEVERITY.LOW: + return euiThemeVars.euiColorVis0; + case VULNERABILITIES_SEVERITY.MEDIUM: + return euiThemeVars.euiColorVis5_behindText; + case VULNERABILITIES_SEVERITY.HIGH: + return euiThemeVars.euiColorVis9_behindText; + case VULNERABILITIES_SEVERITY.CRITICAL: + return euiThemeVars.euiColorDanger; + default: + return '#aaa'; + } +}; diff --git a/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.test.ts b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.test.ts new file mode 100644 index 000000000000..68a07d177c66 --- /dev/null +++ b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.test.ts @@ -0,0 +1,29 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getSeverityText } from './get_vulnerability_text'; +describe('getSeverityStatusColor', () => { + it('should return the correct color for LOW severity', () => { + expect(getSeverityText('LOW')).toBe('Low'); + }); + + it('should return the correct color for MEDIUM severity', () => { + expect(getSeverityText('MEDIUM')).toBe('Medium'); + }); + + it('should return the correct color for HIGH severity', () => { + expect(getSeverityText('HIGH')).toBe('High'); + }); + + it('should return the correct color for CRITICAL severity', () => { + expect(getSeverityText('CRITICAL')).toBe('Critical'); + }); + + it('should return #aaa for an unknown severity', () => { + expect(getSeverityText('UNKNOWN')).toBe('None'); + }); +}); diff --git a/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.ts b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.ts new file mode 100644 index 000000000000..c2042f5c6fd7 --- /dev/null +++ b/x-pack/packages/kbn-cloud-security-posture/src/utils/get_vulnerability_text.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; +import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common'; + +export const getSeverityText = (severity: VulnSeverity): string => { + switch (severity) { + case VULNERABILITIES_SEVERITY.LOW: + return 'Low'; + case VULNERABILITIES_SEVERITY.MEDIUM: + return 'Medium'; + case VULNERABILITIES_SEVERITY.HIGH: + return 'High'; + case VULNERABILITIES_SEVERITY.CRITICAL: + return 'Critical'; + default: + return 'None'; + } +}; diff --git a/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.test.ts b/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.test.ts new file mode 100644 index 000000000000..86e8f3c8f668 --- /dev/null +++ b/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.test.ts @@ -0,0 +1,59 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { + AggregationBuckets, + getVulnerabilitiesAggregationCount, + VULNERABILITIES_RESULT_EVALUATION, +} from './hooks_utils'; + +describe('getVulnerabilitiesAggregationCount', () => { + it('should return default counts when nothing is provided', () => { + const result = { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: 0, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 0, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: 0, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 0, + [VULNERABILITIES_RESULT_EVALUATION.NONE]: 0, + }; + expect(getVulnerabilitiesAggregationCount()).toEqual(result); + }); + + it('should return default counts when empty bucket is provided', () => { + const result = { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: 0, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 0, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: 0, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 0, + [VULNERABILITIES_RESULT_EVALUATION.NONE]: 0, + }; + expect(getVulnerabilitiesAggregationCount({})).toEqual(result); + }); + + it('should return counts when provided with non empty buckets', () => { + const buckets: AggregationBuckets = { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: { doc_count: 1 }, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: { doc_count: 2 }, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: { doc_count: 3 }, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: { doc_count: 4 }, + [VULNERABILITIES_RESULT_EVALUATION.NONE]: { doc_count: 5 }, + }; + + const vulnerabilitiesAggregrationCount = getVulnerabilitiesAggregationCount( + buckets as estypes.AggregationsBuckets + ); + const result = { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: 1, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 2, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: 3, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 4, + [VULNERABILITIES_RESULT_EVALUATION.NONE]: 5, + }; + expect(vulnerabilitiesAggregrationCount).toEqual(result); + }); +}); diff --git a/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.ts b/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.ts index a1951f7327b4..d99fac8d6d96 100644 --- a/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.ts +++ b/x-pack/packages/kbn-cloud-security-posture/src/utils/hooks_utils.ts @@ -12,14 +12,14 @@ import { } from '@kbn/cloud-security-posture-common'; import type { CspBenchmarkRulesStates } from '@kbn/cloud-security-posture-common/schema/rules/latest'; import { buildMutedRulesFilter } from '@kbn/cloud-security-posture-common'; -import type { UseMisconfigurationOptions } from '../../type'; +import type { UseCspOptions } from '../../type'; const MISCONFIGURATIONS_SOURCE_FIELDS = ['result.*', 'rule.*', 'resource.*']; interface AggregationBucket { doc_count?: number; } -type AggregationBuckets = Record; +export type AggregationBuckets = Record; const RESULT_EVALUATION = { PASSED: 'passed', @@ -27,6 +27,14 @@ const RESULT_EVALUATION = { UNKNOWN: 'unknown', }; +export const VULNERABILITIES_RESULT_EVALUATION = { + LOW: 'LOW', + MEDIUM: 'MEDIUM', + HIGH: 'HIGH', + CRITICAL: 'CRITICAL', + NONE: 'NONE', +}; + export const getFindingsCountAggQueryMisconfiguration = () => ({ count: { filters: { @@ -64,7 +72,7 @@ export const getMisconfigurationAggregationCount = ( }; export const buildMisconfigurationsFindingsQuery = ( - { query }: UseMisconfigurationOptions, + { query }: UseCspOptions, rulesStates: CspBenchmarkRulesStates, isPreview = false ) => { @@ -81,7 +89,7 @@ export const buildMisconfigurationsFindingsQuery = ( }; const buildMisconfigurationsFindingsQueryWithFilters = ( - query: UseMisconfigurationOptions['query'], + query: UseCspOptions['query'], mutedRulesFilterQuery: estypes.QueryDslQueryContainer[] ) => { return { @@ -103,3 +111,53 @@ const buildMisconfigurationsFindingsQueryWithFilters = ( }, }; }; + +export const getVulnerabilitiesAggregationCount = ( + buckets?: estypes.AggregationsBuckets +) => { + const defaultBuckets: AggregationBuckets = { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: { doc_count: 0 }, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: { doc_count: 0 }, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: { doc_count: 0 }, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: { doc_count: 0 }, + [VULNERABILITIES_RESULT_EVALUATION.NONE]: { doc_count: 0 }, + }; + + // if buckets are undefined we will use default buckets + const usedBuckets = buckets || defaultBuckets; + return Object.entries(usedBuckets).reduce( + (evaluation, [key, value]) => { + evaluation[key] = (evaluation[key] || 0) + (value.doc_count || 0); + return evaluation; + }, + { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: 0, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: 0, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: 0, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: 0, + [VULNERABILITIES_RESULT_EVALUATION.NONE]: 0, + } + ); +}; + +export const getFindingsCountAggQueryVulnerabilities = () => ({ + count: { + filters: { + other_bucket_key: VULNERABILITIES_RESULT_EVALUATION.NONE, + filters: { + [VULNERABILITIES_RESULT_EVALUATION.LOW]: { + match: { 'vulnerability.severity': VULNERABILITIES_RESULT_EVALUATION.LOW }, + }, + [VULNERABILITIES_RESULT_EVALUATION.MEDIUM]: { + match: { 'vulnerability.severity': VULNERABILITIES_RESULT_EVALUATION.MEDIUM }, + }, + [VULNERABILITIES_RESULT_EVALUATION.HIGH]: { + match: { 'vulnerability.severity': VULNERABILITIES_RESULT_EVALUATION.HIGH }, + }, + [VULNERABILITIES_RESULT_EVALUATION.CRITICAL]: { + match: { 'vulnerability.severity': VULNERABILITIES_RESULT_EVALUATION.CRITICAL }, + }, + }, + }, + }, +}); diff --git a/x-pack/packages/kbn-cloud-security-posture/type.ts b/x-pack/packages/kbn-cloud-security-posture/type.ts index 666d432df609..493e58519bd9 100644 --- a/x-pack/packages/kbn-cloud-security-posture/type.ts +++ b/x-pack/packages/kbn-cloud-security-posture/type.ts @@ -55,7 +55,7 @@ export interface CspClientPluginStartDeps { usageCollection?: UsageCollectionStart; } -export interface MisconfigurationBaseEsQuery { +export interface CspBaseEsQuery { query?: { bool: { filter: estypes.QueryDslQueryContainer[]; @@ -63,7 +63,7 @@ export interface MisconfigurationBaseEsQuery { }; } -export interface UseMisconfigurationOptions extends MisconfigurationBaseEsQuery { +export interface UseCspOptions extends CspBaseEsQuery { sort: string[][]; enabled: boolean; pageSize: number; diff --git a/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/elastic_assistant_api_2023_10_31.bundled.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/elastic_assistant_api_2023_10_31.bundled.schema.yaml index dfd9be372b7f..1e070b75322d 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/elastic_assistant_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/ess/elastic_assistant_api_2023_10_31.bundled.schema.yaml @@ -1237,3 +1237,4 @@ security: tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API + x-displayName: Security AI assistant diff --git a/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/elastic_assistant_api_2023_10_31.bundled.schema.yaml b/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/elastic_assistant_api_2023_10_31.bundled.schema.yaml index 9c8cc4a8ca21..e13d7a05af41 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/elastic_assistant_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/packages/kbn-elastic-assistant-common/docs/openapi/serverless/elastic_assistant_api_2023_10_31.bundled.schema.yaml @@ -1237,3 +1237,4 @@ security: tags: - description: Manage and interact with Security Assistant resources. name: Security AI Assistant API + x-displayName: Security AI assistant diff --git a/x-pack/packages/kbn-elastic-assistant-common/scripts/openapi/bundle.js b/x-pack/packages/kbn-elastic-assistant-common/scripts/openapi/bundle.js index 63d21a2d93ae..b06776be03a4 100644 --- a/x-pack/packages/kbn-elastic-assistant-common/scripts/openapi/bundle.js +++ b/x-pack/packages/kbn-elastic-assistant-common/scripts/openapi/bundle.js @@ -29,6 +29,7 @@ const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security AI Assistant API', + 'x-displayName': 'Security AI assistant', description: 'Manage and interact with Security Assistant resources.', }, ], @@ -52,6 +53,7 @@ const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security AI Assistant API', + 'x-displayName': 'Security AI assistant', description: 'Manage and interact with Security Assistant resources.', }, ], diff --git a/x-pack/packages/kbn-langchain/server/index.ts b/x-pack/packages/kbn-langchain/server/index.ts index 7f5691c8f990..4ffe3aec864d 100644 --- a/x-pack/packages/kbn-langchain/server/index.ts +++ b/x-pack/packages/kbn-langchain/server/index.ts @@ -10,6 +10,7 @@ import { ActionsClientChatOpenAI } from './language_models/chat_openai'; import { ActionsClientLlm } from './language_models/llm'; import { ActionsClientSimpleChatModel } from './language_models/simple_chat_model'; import { ActionsClientGeminiChatModel } from './language_models/gemini_chat'; +import { ActionsClientChatVertexAI } from './language_models/chat_vertex'; import { parseBedrockStream } from './utils/bedrock'; import { parseGeminiResponse } from './utils/gemini'; import { getDefaultArguments } from './language_models/constants'; @@ -20,6 +21,7 @@ export { getDefaultArguments, ActionsClientBedrockChatModel, ActionsClientChatOpenAI, + ActionsClientChatVertexAI, ActionsClientGeminiChatModel, ActionsClientLlm, ActionsClientSimpleChatModel, diff --git a/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/chat_vertex.test.ts b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/chat_vertex.test.ts new file mode 100644 index 000000000000..37506922ff69 --- /dev/null +++ b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/chat_vertex.test.ts @@ -0,0 +1,199 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { PassThrough } from 'stream'; +import { loggerMock } from '@kbn/logging-mocks'; +import { actionsClientMock } from '@kbn/actions-plugin/server/actions_client/actions_client.mock'; + +import { BaseMessage, HumanMessage, SystemMessage } from '@langchain/core/messages'; +import { ActionsClientChatVertexAI } from './chat_vertex'; +import { CallbackManagerForLLMRun } from '@langchain/core/callbacks/manager'; + +const connectorId = 'mock-connector-id'; + +const mockExecute = jest.fn(); +const actionsClient = actionsClientMock.create(); + +const mockLogger = loggerMock.create(); + +const mockStreamExecute = jest.fn().mockImplementation(() => { + const passThrough = new PassThrough(); + + // Write the data chunks to the stream + setTimeout(() => { + passThrough.write( + Buffer.from( + `data: {"candidates": [{"content": {"role": "model","parts": [{"text": "token1"}]}}],"modelVersion": "gemini-1.5-pro-001"}` + ) + ); + }); + setTimeout(() => { + passThrough.write( + Buffer.from( + `data: {"candidates": [{"content": {"role": "model","parts": [{"text": "token2"}]}}],"modelVersion": "gemini-1.5-pro-001"}` + ) + ); + }); + setTimeout(() => { + passThrough.write( + Buffer.from( + `data: {"candidates": [{"content": {"role": "model","parts": [{"text": "token3"}]}}],"modelVersion": "gemini-1.5-pro-001"}` + ) + ); + // End the stream + passThrough.end(); + }); + + return { + data: passThrough, // PassThrough stream will act as the async iterator + status: 'ok', + }; +}); + +const callMessages = [ + new SystemMessage('Answer the following questions truthfully and as best you can.'), + new HumanMessage('Question: Do you know my name?\n\n'), +] as unknown as BaseMessage[]; + +const callOptions = { + stop: ['\n'], + recursionLimit: 0, + /** Maximum number of parallel calls to make. */ + maxConcurrency: 0, +}; +const handleLLMNewToken = jest.fn(); +const callRunManager = { + handleLLMNewToken, +} as unknown as CallbackManagerForLLMRun; +const onFailedAttempt = jest.fn(); +const defaultArgs = { + actionsClient, + connectorId, + logger: mockLogger, + streaming: false, + maxRetries: 0, + onFailedAttempt, +}; + +const testMessage = 'Yes, your name is Andrew. How can I assist you further, Andrew?'; + +export const mockActionResponse = { + candidates: [ + { + content: { + role: 'model', + parts: [ + { + text: testMessage, + }, + ], + }, + finishReason: 'STOP', + }, + ], + usageMetadata: { input_tokens: 4, output_tokens: 10, total_tokens: 14 }, +}; + +describe('ActionsClientChatVertexAI', () => { + beforeEach(() => { + jest.clearAllMocks(); + actionsClient.execute.mockImplementation( + jest.fn().mockImplementation(() => ({ + data: mockActionResponse, + status: 'ok', + })) + ); + mockExecute.mockImplementation(() => ({ + data: mockActionResponse, + status: 'ok', + })); + }); + + describe('_generate streaming: false', () => { + it('returns the expected content when _generate is invoked', async () => { + const actionsClientChatVertexAI = new ActionsClientChatVertexAI(defaultArgs); + + const result = await actionsClientChatVertexAI._generate( + callMessages, + callOptions, + callRunManager + ); + const subAction = actionsClient.execute.mock.calls[0][0].params.subAction; + expect(subAction).toEqual('invokeAIRaw'); + + expect(result.generations[0].text).toEqual(testMessage); + }); + + it('rejects with the expected error when the action result status is error', async () => { + const hasErrorStatus = jest.fn().mockImplementation(() => { + throw new Error( + 'ActionsClientChatVertexAI: action result status is error: action-result-message - action-result-service-message' + ); + }); + + actionsClient.execute.mockRejectedValueOnce(hasErrorStatus); + + const actionsClientChatVertexAI = new ActionsClientChatVertexAI({ + ...defaultArgs, + actionsClient, + }); + + await expect( + actionsClientChatVertexAI._generate(callMessages, callOptions, callRunManager) + ).rejects.toThrowError(); + expect(onFailedAttempt).toHaveBeenCalled(); + }); + + it('rejects with the expected error the message has invalid content', async () => { + actionsClient.execute.mockImplementation( + jest.fn().mockResolvedValue({ + data: { + Bad: true, + finishReason: 'badness', + }, + status: 'ok', + }) + ); + + const actionsClientChatVertexAI = new ActionsClientChatVertexAI(defaultArgs); + + await expect( + actionsClientChatVertexAI._generate(callMessages, callOptions, callRunManager) + ).rejects.toThrowError("Cannot read properties of undefined (reading 'text')"); + }); + }); + + describe('*_streamResponseChunks', () => { + it('iterates over gemini chunks', async () => { + actionsClient.execute.mockImplementationOnce(mockStreamExecute); + + const actionsClientChatVertexAI = new ActionsClientChatVertexAI({ + ...defaultArgs, + actionsClient, + streaming: true, + }); + + const gen = actionsClientChatVertexAI._streamResponseChunks( + callMessages, + callOptions, + callRunManager + ); + + const chunks = []; + + for await (const chunk of gen) { + chunks.push(chunk); + } + + expect(chunks.map((c) => c.text)).toEqual(['token1', 'token2', 'token3']); + expect(handleLLMNewToken).toHaveBeenCalledTimes(3); + expect(handleLLMNewToken).toHaveBeenCalledWith('token1'); + expect(handleLLMNewToken).toHaveBeenCalledWith('token2'); + expect(handleLLMNewToken).toHaveBeenCalledWith('token3'); + }); + }); +}); diff --git a/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/chat_vertex.ts b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/chat_vertex.ts new file mode 100644 index 000000000000..5627abe71729 --- /dev/null +++ b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/chat_vertex.ts @@ -0,0 +1,187 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EnhancedGenerateContentResponse } from '@google/generative-ai'; +import { ActionsClient } from '@kbn/actions-plugin/server'; +import { PublicMethodsOf } from '@kbn/utility-types'; +import { BaseMessage, UsageMetadata } from '@langchain/core/messages'; +import { ChatGenerationChunk } from '@langchain/core/outputs'; +import { ChatVertexAI } from '@langchain/google-vertexai'; +import { get } from 'lodash/fp'; +import { Readable } from 'stream'; + +import { Logger } from '@kbn/logging'; +import { BaseChatModelParams } from '@langchain/core/language_models/chat_models'; +import { CallbackManagerForLLMRun } from '@langchain/core/callbacks/manager'; +import { GeminiPartText } from '@langchain/google-common/dist/types'; +import { + convertResponseBadFinishReasonToErrorMsg, + convertResponseContentToChatGenerationChunk, +} from '../../utils/gemini'; +import { ActionsClientChatConnection } from './connection'; + +const DEFAULT_GEMINI_TEMPERATURE = 0; +export interface CustomChatModelInput extends BaseChatModelParams { + actionsClient: PublicMethodsOf; + connectorId: string; + logger: Logger; + streaming: boolean; + temperature?: number; + signal?: AbortSignal; + model?: string; + maxTokens?: number; +} + +export class ActionsClientChatVertexAI extends ChatVertexAI { + #actionsClient: PublicMethodsOf; + #connectorId: string; + #model?: string; + constructor({ actionsClient, connectorId, ...props }: CustomChatModelInput) { + super({ + ...props, + maxOutputTokens: props.maxTokens ?? 2048, + temperature: props.temperature ?? DEFAULT_GEMINI_TEMPERATURE, + }); + // LangChain needs model to be defined for logging purposes + this.model = props.model ?? this.model; + // If model is not specified by consumer, the connector will define it so do not pass + // a LangChain default to the actionsClient + this.#model = props.model; + this.#actionsClient = actionsClient; + this.#connectorId = connectorId; + const client = this.buildClient(props); + this.connection = new ActionsClientChatConnection( + { + ...this, + }, + this.caller, + client, + false, + actionsClient, + connectorId + ); + } + + buildConnection() { + // prevent ChatVertexAI from overwriting our this.connection defined in super + } + + async *_streamResponseChunks( + messages: BaseMessage[], + options: this['ParsedCallOptions'], + runManager?: CallbackManagerForLLMRun + ): AsyncGenerator { + const parameters = this.invocationParams(options); + const data = await this.connection.formatData(messages, parameters); + const stream = await this.caller.callWithOptions({ signal: options?.signal }, async () => { + const systemPart: GeminiPartText | undefined = data?.systemInstruction + ?.parts?.[0] as unknown as GeminiPartText; + const systemInstruction = systemPart?.text.length + ? { systemInstruction: systemPart?.text } + : {}; + const requestBody = { + actionId: this.#connectorId, + params: { + subAction: 'invokeStream', + subActionParams: { + model: this.#model, + messages: data?.contents, + tools: data?.tools, + temperature: this.temperature, + ...systemInstruction, + }, + }, + }; + + const actionResult = await this.#actionsClient.execute(requestBody); + + if (actionResult.status === 'error') { + throw new Error( + `ActionsClientChatVertexAI: action result status is error: ${actionResult?.message} - ${actionResult?.serviceMessage}` + ); + } + + const readable = get('data', actionResult) as Readable; + + if (typeof readable?.read !== 'function') { + throw new Error('Action result status is error: result is not streamable'); + } + return readable; + }); + let usageMetadata: UsageMetadata | undefined; + let index = 0; + let partialStreamChunk = ''; + for await (const rawStreamChunk of stream) { + const streamChunk = rawStreamChunk.toString(); + const nextChunk = `${partialStreamChunk + streamChunk}`; + + let parsedStreamChunk: EnhancedGenerateContentResponse | null = null; + try { + parsedStreamChunk = JSON.parse(nextChunk.replaceAll('data: ', '').replaceAll('\r\n', '')); + partialStreamChunk = ''; + } catch (_) { + partialStreamChunk += nextChunk; + } + + if (parsedStreamChunk !== null && !parsedStreamChunk.candidates?.[0]?.finishReason) { + const response = { + ...parsedStreamChunk, + functionCalls: () => + parsedStreamChunk?.candidates?.[0]?.content.parts[0].functionCall + ? [parsedStreamChunk.candidates?.[0]?.content.parts[0].functionCall] + : [], + }; + + if ( + 'usageMetadata' in response && + this.streamUsage !== false && + options.streamUsage !== false + ) { + const genAIUsageMetadata = response.usageMetadata as { + promptTokenCount: number; + candidatesTokenCount: number; + totalTokenCount: number; + }; + if (!usageMetadata) { + usageMetadata = { + input_tokens: genAIUsageMetadata.promptTokenCount, + output_tokens: genAIUsageMetadata.candidatesTokenCount, + total_tokens: genAIUsageMetadata.totalTokenCount, + }; + } else { + // Under the hood, LangChain combines the prompt tokens. Google returns the updated + // total each time, so we need to find the difference between the tokens. + const outputTokenDiff = + genAIUsageMetadata.candidatesTokenCount - usageMetadata.output_tokens; + usageMetadata = { + input_tokens: 0, + output_tokens: outputTokenDiff, + total_tokens: outputTokenDiff, + }; + } + } + + const chunk = convertResponseContentToChatGenerationChunk(response, { + usageMetadata, + index, + }); + index += 1; + + if (chunk) { + yield chunk; + await runManager?.handleLLMNewToken(chunk.text ?? ''); + } + } else if (parsedStreamChunk) { + // handle bad finish reason + const errorMessage = convertResponseBadFinishReasonToErrorMsg(parsedStreamChunk); + if (errorMessage != null) { + throw new Error(errorMessage); + } + } + } + } +} diff --git a/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/connection.ts b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/connection.ts new file mode 100644 index 000000000000..0340d71b438d --- /dev/null +++ b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/connection.ts @@ -0,0 +1,102 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ChatConnection, + GoogleAbstractedClient, + GoogleAIBaseLLMInput, + GoogleLLMResponse, +} from '@langchain/google-common'; +import { ActionsClient } from '@kbn/actions-plugin/server'; +import { PublicMethodsOf } from '@kbn/utility-types'; +import { EnhancedGenerateContentResponse } from '@google/generative-ai'; +import { AsyncCaller } from '@langchain/core/utils/async_caller'; +import { convertResponseBadFinishReasonToErrorMsg } from '../../utils/gemini'; + +// only implements non-streaming requests +// stream is handled by ActionsClientChatVertexAI.*_streamResponseChunks +export class ActionsClientChatConnection extends ChatConnection { + actionsClient: PublicMethodsOf; + connectorId: string; + #model?: string; + temperature: number; + caller: AsyncCaller; + constructor( + fields: GoogleAIBaseLLMInput, + caller: AsyncCaller, + client: GoogleAbstractedClient, + _streaming: boolean, // defaulting to false in the super + actionsClient: PublicMethodsOf, + connectorId: string + ) { + super(fields, caller, client, false); + this.actionsClient = actionsClient; + this.connectorId = connectorId; + this.caller = caller; + this.#model = fields.model; + this.temperature = fields.temperature ?? 0; + } + + async _request( + // TODO better types here + data: { + contents: unknown; + tools: unknown[]; + systemInstruction?: { parts: [{ text: string }] }; + }, + options: { signal?: AbortSignal } + ) { + const systemInstruction = data?.systemInstruction?.parts?.[0]?.text.length + ? { systemInstruction: data?.systemInstruction?.parts?.[0]?.text } + : {}; + return this.caller.callWithOptions({ signal: options?.signal }, async () => { + try { + const requestBody = { + actionId: this.connectorId, + params: { + subAction: 'invokeAIRaw', + subActionParams: { + model: this.#model, + messages: data?.contents, + tools: data?.tools, + temperature: this.temperature, + ...systemInstruction, + }, + }, + }; + const actionResult = (await this.actionsClient.execute(requestBody)) as { + status: string; + data: EnhancedGenerateContentResponse; + message?: string; + serviceMessage?: string; + }; + + if (actionResult.status === 'error') { + throw new Error( + `ActionsClientChatVertexAI: action result status is error: ${actionResult?.message} - ${actionResult?.serviceMessage}` + ); + } + + if (actionResult.data.candidates && actionResult.data.candidates.length > 0) { + // handle bad finish reason + const errorMessage = convertResponseBadFinishReasonToErrorMsg(actionResult.data); + if (errorMessage != null) { + throw new Error(errorMessage); + } + } + return actionResult as unknown as GoogleLLMResponse; + // eslint-disable-next-line @typescript-eslint/no-explicit-any + } catch (e: any) { + // TODO: Improve error handling + if (e.message?.includes('400 Bad Request')) { + e.status = 400; + } + throw e; + } + }); + } +} diff --git a/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/index.ts b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/index.ts new file mode 100644 index 000000000000..54197f7e2cb0 --- /dev/null +++ b/x-pack/packages/kbn-langchain/server/language_models/chat_vertex/index.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from './chat_vertex'; diff --git a/x-pack/packages/kbn-langchain/server/language_models/gemini_chat.ts b/x-pack/packages/kbn-langchain/server/language_models/gemini_chat.ts index fb9823235934..197360c2f06e 100644 --- a/x-pack/packages/kbn-langchain/server/language_models/gemini_chat.ts +++ b/x-pack/packages/kbn-langchain/server/language_models/gemini_chat.ts @@ -8,34 +8,24 @@ import { Content, EnhancedGenerateContentResponse, - FunctionCallPart, - FunctionResponsePart, GenerateContentRequest, GenerateContentResult, - InlineDataPart, - POSSIBLE_ROLES, - Part, - TextPart, - FinishReason, - SafetyRating, } from '@google/generative-ai'; import { ActionsClient } from '@kbn/actions-plugin/server'; import { PublicMethodsOf } from '@kbn/utility-types'; import { CallbackManagerForLLMRun } from '@langchain/core/callbacks/manager'; -import { ToolCallChunk } from '@langchain/core/dist/messages/tool'; -import { - AIMessageChunk, - BaseMessage, - ChatMessage, - isBaseMessage, - UsageMetadata, -} from '@langchain/core/messages'; +import { BaseMessage, UsageMetadata } from '@langchain/core/messages'; import { ChatGenerationChunk } from '@langchain/core/outputs'; import { ChatGoogleGenerativeAI } from '@langchain/google-genai'; import { Logger } from '@kbn/logging'; import { BaseChatModelParams } from '@langchain/core/language_models/chat_models'; import { get } from 'lodash/fp'; import { Readable } from 'stream'; +import { + convertBaseMessagesToContent, + convertResponseBadFinishReasonToErrorMsg, + convertResponseContentToChatGenerationChunk, +} from '../utils/gemini'; const DEFAULT_GEMINI_TEMPERATURE = 0; export interface CustomChatModelInput extends BaseChatModelParams { @@ -48,12 +38,6 @@ export interface CustomChatModelInput extends BaseChatModelParams { maxTokens?: number; } -// not sure why these properties are not on the type, as they are on the data -interface SafetyReason extends SafetyRating { - blocked: boolean; - severity: string; -} - export class ActionsClientGeminiChatModel extends ChatGoogleGenerativeAI { #actionsClient: PublicMethodsOf; #connectorId: string; @@ -265,257 +249,3 @@ export class ActionsClientGeminiChatModel extends ChatGoogleGenerativeAI { } } } - -export function convertResponseContentToChatGenerationChunk( - response: EnhancedGenerateContentResponse, - extra: { - usageMetadata?: UsageMetadata | undefined; - index: number; - } -): ChatGenerationChunk | null { - if (!response.candidates || response.candidates.length === 0) { - return null; - } - const functionCalls = response.functionCalls(); - const [candidate] = response.candidates; - const { content, ...generationInfo } = candidate; - const text = content?.parts[0]?.text ?? ''; - - const toolCallChunks: ToolCallChunk[] = []; - if (functionCalls) { - toolCallChunks.push( - ...functionCalls.map((fc) => ({ - ...fc, - args: JSON.stringify(fc.args), - index: extra.index, - type: 'tool_call_chunk' as const, - })) - ); - } - return new ChatGenerationChunk({ - text, - message: new AIMessageChunk({ - content: text, - name: !content ? undefined : content.role, - tool_call_chunks: toolCallChunks, - // Each chunk can have unique "generationInfo", and merging strategy is unclear, - // so leave blank for now. - additional_kwargs: {}, - usage_metadata: extra.usageMetadata, - }), - generationInfo, - }); -} - -export function convertAuthorToRole(author: string): (typeof POSSIBLE_ROLES)[number] { - switch (author) { - /** - * Note: Gemini currently is not supporting system messages - * we will convert them to human messages and merge with following - * */ - case 'ai': - case 'model': // getMessageAuthor returns message.name. code ex.: return message.name ?? type; - return 'model'; - case 'system': - case 'human': - return 'user'; - case 'tool': - case 'function': - return 'function'; - default: - throw new Error(`Unknown / unsupported author: ${author}`); - } -} -export function convertBaseMessagesToContent(messages: BaseMessage[], isMultimodalModel: boolean) { - return messages.reduce<{ - content: Content[]; - mergeWithPreviousContent: boolean; - }>( - (acc, message, index) => { - if (!isBaseMessage(message)) { - throw new Error('Unsupported message input'); - } - const author = getMessageAuthor(message); - if (author === 'system' && index !== 0) { - throw new Error('System message should be the first one'); - } - const role = convertAuthorToRole(author); - const parts = convertMessageContentToParts(message, isMultimodalModel); - - if (acc.mergeWithPreviousContent) { - const prevContent = acc.content[acc.content.length - 1]; - if (!prevContent) { - throw new Error( - 'There was a problem parsing your system message. Please try a prompt without one.' - ); - } - prevContent.parts.push(...parts); - - return { - mergeWithPreviousContent: false, - content: acc.content, - }; - } - let actualRole = role; - if (actualRole === 'function') { - // GenerativeAI API will throw an error if the role is not "user" or "model." - actualRole = 'user'; - } - const content: Content = { - role: actualRole, - parts, - }; - return { - mergeWithPreviousContent: author === 'system', - content: [...acc.content, content], - }; - }, - { content: [], mergeWithPreviousContent: false } - ).content; -} - -export function convertMessageContentToParts( - message: BaseMessage, - isMultimodalModel: boolean -): Part[] { - if (typeof message.content === 'string' && message.content !== '') { - return [{ text: message.content }]; - } - - let functionCalls: FunctionCallPart[] = []; - let functionResponses: FunctionResponsePart[] = []; - let messageParts: Part[] = []; - - if ( - 'tool_calls' in message && - Array.isArray(message.tool_calls) && - message.tool_calls.length > 0 - ) { - functionCalls = message.tool_calls.map((tc) => ({ - functionCall: { - name: tc.name, - args: tc.args, - }, - })); - } else if (message._getType() === 'tool' && message.name && message.content) { - functionResponses = [ - { - functionResponse: { - name: message.name, - response: message.content, - }, - }, - ]; - } else if (Array.isArray(message.content)) { - messageParts = message.content.map((c) => { - if (c.type === 'text') { - return { - text: c.text, - } as TextPart; - } - - if (c.type === 'image_url') { - if (!isMultimodalModel) { - throw new Error(`This model does not support images`); - } - let source; - if (typeof c.image_url === 'string') { - source = c.image_url; - } else if (typeof c.image_url === 'object' && 'url' in c.image_url) { - source = c.image_url.url; - } else { - throw new Error('Please provide image as base64 encoded data URL'); - } - const [dm, data] = source.split(','); - if (!dm.startsWith('data:')) { - throw new Error('Please provide image as base64 encoded data URL'); - } - - const [mimeType, encoding] = dm.replace(/^data:/, '').split(';'); - if (encoding !== 'base64') { - throw new Error('Please provide image as base64 encoded data URL'); - } - - return { - inlineData: { - data, - mimeType, - }, - } as InlineDataPart; - } else if (c.type === 'media') { - return messageContentMedia(c); - } else if (c.type === 'tool_use') { - return { - functionCall: { - name: c.name, - args: c.input, - }, - } as FunctionCallPart; - } - throw new Error(`Unknown content type ${(c as { type: string }).type}`); - }); - } - - return [...messageParts, ...functionCalls, ...functionResponses]; -} - -export function getMessageAuthor(message: BaseMessage) { - const type = message._getType(); - if (ChatMessage.isInstance(message)) { - return message.role; - } - if (type === 'tool') { - return type; - } - return message.name ?? type; -} - -// will be removed once FileDataPart is supported in @langchain/google-genai -function messageContentMedia(content: Record): InlineDataPart { - if ('mimeType' in content && 'data' in content) { - return { - inlineData: { - mimeType: content.mimeType, - data: content.data, - }, - } as InlineDataPart; - } - throw new Error('Invalid media content'); -} - -const badFinishReasons = [FinishReason.RECITATION, FinishReason.SAFETY]; -function hadBadFinishReason(candidate: { finishReason?: FinishReason }) { - return !!candidate.finishReason && badFinishReasons.includes(candidate.finishReason); -} - -export function convertResponseBadFinishReasonToErrorMsg( - response: EnhancedGenerateContentResponse -): string | null { - if (response.candidates && response.candidates.length > 0) { - const candidate = response.candidates[0]; - if (hadBadFinishReason(candidate)) { - if ( - candidate.finishReason === FinishReason.SAFETY && - candidate.safetyRatings && - (candidate.safetyRatings?.length ?? 0) > 0 - ) { - const safetyReasons = getSafetyReasons(candidate.safetyRatings as SafetyReason[]); - return `ActionsClientGeminiChatModel: action result status is error. Candidate was blocked due to ${candidate.finishReason} - ${safetyReasons}`; - } else { - return `ActionsClientGeminiChatModel: action result status is error. Candidate was blocked due to ${candidate.finishReason}`; - } - } - } - return null; -} - -const getSafetyReasons = (safetyRatings: SafetyReason[]) => { - const reasons = safetyRatings.filter((t: SafetyReason) => t.blocked); - return reasons.reduce( - (acc: string, t: SafetyReason, i: number) => - `${acc.length ? `${acc} ` : ''}${t.category}: ${t.severity}${ - i < reasons.length - 1 ? ',' : '' - }`, - '' - ); -}; diff --git a/x-pack/packages/kbn-langchain/server/language_models/index.ts b/x-pack/packages/kbn-langchain/server/language_models/index.ts index f5415079cbc1..b3c5053f1170 100644 --- a/x-pack/packages/kbn-langchain/server/language_models/index.ts +++ b/x-pack/packages/kbn-langchain/server/language_models/index.ts @@ -8,5 +8,6 @@ export { ActionsClientBedrockChatModel } from './bedrock_chat'; export { ActionsClientChatOpenAI } from './chat_openai'; export { ActionsClientGeminiChatModel } from './gemini_chat'; +export { ActionsClientChatVertexAI } from './chat_vertex'; export { ActionsClientLlm } from './llm'; export { ActionsClientSimpleChatModel } from './simple_chat_model'; diff --git a/x-pack/packages/kbn-langchain/server/utils/gemini.ts b/x-pack/packages/kbn-langchain/server/utils/gemini.ts index 7d0892308383..9cc975d8c1f2 100644 --- a/x-pack/packages/kbn-langchain/server/utils/gemini.ts +++ b/x-pack/packages/kbn-langchain/server/utils/gemini.ts @@ -6,9 +6,306 @@ */ import { Logger } from '@kbn/core/server'; +import { + Content, + EnhancedGenerateContentResponse, + FinishReason, + FunctionCallPart, + FunctionResponsePart, + InlineDataPart, + Part, + POSSIBLE_ROLES, + SafetyRating, + TextPart, +} from '@google/generative-ai'; +import { + AIMessageChunk, + BaseMessage, + ChatMessage, + isBaseMessage, + UsageMetadata, +} from '@langchain/core/messages'; +import { ChatGenerationChunk } from '@langchain/core/outputs'; +import { ToolCallChunk } from '@langchain/core/dist/messages/tool'; import { Readable } from 'stream'; import { StreamParser } from './types'; +export function convertResponseContentToChatGenerationChunk( + response: EnhancedGenerateContentResponse, + extra: { + usageMetadata?: UsageMetadata | undefined; + index: number; + } +): ChatGenerationChunk | null { + if (!response.candidates || response.candidates.length === 0) { + return null; + } + const functionCalls = response.functionCalls(); + const [candidate] = response.candidates; + const { content, ...generationInfo } = candidate; + const text = content?.parts[0]?.text ?? ''; + + const toolCallChunks: ToolCallChunk[] = []; + if (functionCalls) { + toolCallChunks.push( + ...functionCalls.map((fc) => ({ + ...fc, + args: JSON.stringify(fc.args), + index: extra.index, + type: 'tool_call_chunk' as const, + })) + ); + } + return new ChatGenerationChunk({ + text, + message: new AIMessageChunk({ + content: text, + name: !content ? undefined : content.role, + tool_call_chunks: toolCallChunks, + // Each chunk can have unique "generationInfo", and merging strategy is unclear, + // so leave blank for now. + additional_kwargs: {}, + usage_metadata: extra.usageMetadata, + }), + generationInfo, + }); +} + +export function convertAuthorToRole(author: string): (typeof POSSIBLE_ROLES)[number] { + switch (author) { + /** + * Note: Gemini currently is not supporting system messages + * we will convert them to human messages and merge with following + * */ + case 'ai': + case 'model': // getMessageAuthor returns message.name. code ex.: return message.name ?? type; + return 'model'; + case 'system': + case 'human': + return 'user'; + case 'tool': + case 'function': + return 'function'; + default: + throw new Error(`Unknown / unsupported author: ${author}`); + } +} +export function convertBaseMessagesToContent(messages: BaseMessage[], isMultimodalModel: boolean) { + return messages.reduce<{ + content: Content[]; + mergeWithPreviousContent: boolean; + }>( + (acc, message, index) => { + if (!isBaseMessage(message)) { + throw new Error('Unsupported message input'); + } + const author = getMessageAuthor(message); + if (author === 'system' && index !== 0) { + throw new Error('System message should be the first one'); + } + const role = convertAuthorToRole(author); + const parts = convertMessageContentToParts(message, isMultimodalModel); + + if (acc.mergeWithPreviousContent) { + const prevContent = acc.content[acc.content.length - 1]; + if (!prevContent) { + throw new Error( + 'There was a problem parsing your system message. Please try a prompt without one.' + ); + } + prevContent.parts.push(...parts); + + return { + mergeWithPreviousContent: false, + content: acc.content, + }; + } + let actualRole = role; + if (actualRole === 'function') { + // GenerativeAI API will throw an error if the role is not "user" or "model." + actualRole = 'user'; + } + const content: Content = { + role: actualRole, + parts, + }; + return { + mergeWithPreviousContent: author === 'system', + content: [...acc.content, content], + }; + }, + { content: [], mergeWithPreviousContent: false } + ).content; +} + +export function convertMessageContentToParts( + message: BaseMessage, + isMultimodalModel: boolean +): Part[] { + if (typeof message.content === 'string' && message.content !== '') { + return [{ text: message.content }]; + } + + let functionCalls: FunctionCallPart[] = []; + let functionResponses: FunctionResponsePart[] = []; + let messageParts: Part[] = []; + + if ( + 'tool_calls' in message && + Array.isArray(message.tool_calls) && + message.tool_calls.length > 0 + ) { + functionCalls = message.tool_calls.map((tc) => ({ + functionCall: { + name: tc.name, + args: tc.args, + }, + })); + } else if (message._getType() === 'tool' && message.name && message.content) { + functionResponses = [ + { + functionResponse: { + name: message.name, + response: message.content, + }, + }, + ]; + } else if (Array.isArray(message.content)) { + messageParts = message.content.map((c) => { + if (c.type === 'text') { + return { + text: c.text, + } as TextPart; + } + + if (c.type === 'image_url') { + if (!isMultimodalModel) { + throw new Error(`This model does not support images`); + } + let source; + if (typeof c.image_url === 'string') { + source = c.image_url; + } else if (typeof c.image_url === 'object' && 'url' in c.image_url) { + source = c.image_url.url; + } else { + throw new Error('Please provide image as base64 encoded data URL'); + } + const [dm, data] = source.split(','); + if (!dm.startsWith('data:')) { + throw new Error('Please provide image as base64 encoded data URL'); + } + + const [mimeType, encoding] = dm.replace(/^data:/, '').split(';'); + if (encoding !== 'base64') { + throw new Error('Please provide image as base64 encoded data URL'); + } + + return { + inlineData: { + data, + mimeType, + }, + } as InlineDataPart; + } else if (c.type === 'media') { + return messageContentMedia(c); + } else if (c.type === 'tool_use') { + return { + functionCall: { + name: c.name, + args: c.input, + }, + } as FunctionCallPart; + } + throw new Error(`Unknown content type ${(c as { type: string }).type}`); + }); + } + + return [...messageParts, ...functionCalls, ...functionResponses]; +} + +export function getMessageAuthor(message: BaseMessage) { + const type = message._getType(); + if (ChatMessage.isInstance(message)) { + return message.role; + } + if (type === 'tool') { + return type; + } + return message.name ?? type; +} + +// will be removed once FileDataPart is supported in @langchain/google-genai +function messageContentMedia(content: Record): InlineDataPart { + if ('mimeType' in content && 'data' in content) { + return { + inlineData: { + mimeType: content.mimeType, + data: content.data, + }, + } as InlineDataPart; + } + throw new Error('Invalid media content'); +} + +// TODO Google's TS library is behind the API +// remove this enum once the library is updated +// https://github.com/google-gemini/generative-ai-js/pull/270 +enum FinishReasonMore { + BLOCKLIST = 'BLOCKLIST', + PROHIBITED_CONTENT = 'PROHIBITED_CONTENT', + SPII = 'SPII', + MALFORMED_FUNCTION_CALL = 'MALFORMED_FUNCTION_CALL', +} +const badFinishReasons = [ + FinishReason.RECITATION, + FinishReason.SAFETY, + FinishReasonMore.BLOCKLIST, + FinishReasonMore.PROHIBITED_CONTENT, + FinishReasonMore.SPII, + FinishReasonMore.MALFORMED_FUNCTION_CALL, +]; +function hadBadFinishReason(candidate: { finishReason?: FinishReason }) { + return !!candidate.finishReason && badFinishReasons.includes(candidate.finishReason); +} + +export function convertResponseBadFinishReasonToErrorMsg( + response: EnhancedGenerateContentResponse +): string | null { + if (response.candidates && response.candidates.length > 0) { + const candidate = response.candidates[0]; + if (hadBadFinishReason(candidate)) { + if ( + candidate.finishReason === FinishReason.SAFETY && + candidate.safetyRatings && + (candidate.safetyRatings?.length ?? 0) > 0 + ) { + const safetyReasons = getSafetyReasons(candidate.safetyRatings as SafetyReason[]); + return `Gemini Utils: action result status is error. Candidate was blocked due to ${candidate.finishReason} - ${safetyReasons}`; + } else { + return `Gemini Utils: action result status is error. Candidate was blocked due to ${candidate.finishReason}`; + } + } + } + return null; +} + +// not sure why these properties are not on the type, as they are on the data +interface SafetyReason extends SafetyRating { + blocked: boolean; + severity: string; +} + +const getSafetyReasons = (safetyRatings: SafetyReason[]) => { + const reasons = safetyRatings.filter((t: SafetyReason) => t.blocked); + return reasons.reduce( + (acc: string, t: SafetyReason, i: number) => + `${acc.length ? `${acc} ` : ''}${t.category}: ${t.severity}${ + i < reasons.length - 1 ? ',' : '' + }`, + '' + ); +}; + export const parseGeminiStreamAsAsyncIterator = async function* ( stream: Readable, logger: Logger, diff --git a/x-pack/plugins/alerting/server/usage/task_state.test.ts b/x-pack/plugins/alerting/server/usage/task_state.test.ts index 28d186b421cd..f7286a1952d7 100644 --- a/x-pack/plugins/alerting/server/usage/task_state.test.ts +++ b/x-pack/plugins/alerting/server/usage/task_state.test.ts @@ -174,4 +174,180 @@ describe('telemetry task state', () => { expect(result).not.toHaveProperty('foo'); }); }); + + describe('v2', () => { + const v2 = stateSchemaByVersion[2]; + it('should work on empty object when running the up migration', () => { + const result = v2.up({}); + expect(result).toMatchInlineSnapshot(` + Object { + "avg_es_search_duration_by_type_per_day": Object {}, + "avg_es_search_duration_per_day": 0, + "avg_execution_time_by_type_per_day": Object {}, + "avg_execution_time_per_day": 0, + "avg_total_search_duration_by_type_per_day": Object {}, + "avg_total_search_duration_per_day": 0, + "connectors_per_alert": Object { + "avg": 0, + "max": 0, + "min": 0, + }, + "count_active_by_type": Object {}, + "count_active_total": 0, + "count_alerts_by_rule_type": Object {}, + "count_alerts_total": 0, + "count_by_type": Object {}, + "count_connector_types_by_consumers": Object {}, + "count_disabled_total": 0, + "count_failed_and_unrecognized_rule_tasks_by_status_by_type_per_day": Object {}, + "count_failed_and_unrecognized_rule_tasks_by_status_per_day": Object {}, + "count_failed_and_unrecognized_rule_tasks_per_day": 0, + "count_mw_total": 0, + "count_mw_with_filter_alert_toggle_on": 0, + "count_mw_with_repeat_toggle_on": 0, + "count_rules_by_execution_status": Object { + "error": 0, + "success": 0, + "warning": 0, + }, + "count_rules_by_execution_status_per_day": Object {}, + "count_rules_by_notify_when": Object { + "on_action_group_change": 0, + "on_active_alert": 0, + "on_throttle_interval": 0, + }, + "count_rules_executions_by_type_per_day": Object {}, + "count_rules_executions_failured_by_reason_by_type_per_day": Object {}, + "count_rules_executions_failured_by_reason_per_day": Object {}, + "count_rules_executions_failured_per_day": 0, + "count_rules_executions_per_day": 0, + "count_rules_executions_timeouts_by_type_per_day": Object {}, + "count_rules_executions_timeouts_per_day": 0, + "count_rules_muted": 0, + "count_rules_namespaces": 0, + "count_rules_snoozed": 0, + "count_rules_with_muted_alerts": 0, + "count_rules_with_tags": 0, + "count_total": 0, + "error_messages": undefined, + "has_errors": false, + "percentile_num_alerts_by_type_per_day": Object {}, + "percentile_num_alerts_per_day": Object {}, + "percentile_num_generated_actions_by_type_per_day": Object {}, + "percentile_num_generated_actions_per_day": Object {}, + "runs": 0, + "schedule_time": Object { + "avg": "0s", + "max": "0s", + "min": "0s", + }, + "schedule_time_number_s": Object { + "avg": 0, + "max": 0, + "min": 0, + }, + "throttle_time": Object { + "avg": "0s", + "max": "0s", + "min": "0s", + }, + "throttle_time_number_s": Object { + "avg": 0, + "max": 0, + "min": 0, + }, + } + `); + }); + + it(`shouldn't overwrite properties when running the up migration`, () => { + const state = { + avg_es_search_duration_by_type_per_day: { '.index-threshold': 1 }, + avg_es_search_duration_per_day: 2, + avg_execution_time_by_type_per_day: { '.index-threshold': 3 }, + avg_execution_time_per_day: 4, + avg_total_search_duration_by_type_per_day: { '.index-threshold': 5 }, + avg_total_search_duration_per_day: 6, + connectors_per_alert: { + avg: 7, + max: 8, + min: 9, + }, + count_active_by_type: { '.index-threshold': 10 }, + count_active_total: 11, + count_alerts_by_rule_type: {}, + count_alerts_total: 0, + count_by_type: { '.index-threshold': 12 }, + count_connector_types_by_consumers: { '.index-threshold': 13 }, + count_disabled_total: 14, + count_failed_and_unrecognized_rule_tasks_by_status_by_type_per_day: { + '.index-threshold': 15, + }, + count_failed_and_unrecognized_rule_tasks_by_status_per_day: { '.index-threshold': 16 }, + count_failed_and_unrecognized_rule_tasks_per_day: 17, + count_mw_total: 0, + count_mw_with_filter_alert_toggle_on: 0, + count_mw_with_repeat_toggle_on: 0, + count_rules_by_execution_status: { + error: 18, + success: 19, + warning: 20, + }, + count_rules_by_execution_status_per_day: { '.index-threshold': 21 }, + count_rules_by_notify_when: { + on_action_group_change: 22, + on_active_alert: 23, + on_throttle_interval: 24, + }, + count_rules_executions_by_type_per_day: { '.index-threshold': 25 }, + count_rules_executions_failured_by_reason_by_type_per_day: { '.index-threshold': 26 }, + count_rules_executions_failured_by_reason_per_day: { '.index-threshold': 27 }, + count_rules_executions_failured_per_day: 28, + count_rules_executions_per_day: 29, + count_rules_executions_timeouts_by_type_per_day: { '.index-threshold': 30 }, + count_rules_executions_timeouts_per_day: 31, + count_rules_muted: 32, + count_rules_namespaces: 33, + count_rules_snoozed: 34, + count_rules_with_muted_alerts: 35, + count_rules_with_tags: 36, + count_total: 37, + error_messages: ['foo'], + has_errors: true, + percentile_num_alerts_by_type_per_day: { '.index-threshold': 38 }, + percentile_num_alerts_per_day: { '.index-threshold': 39 }, + percentile_num_generated_actions_by_type_per_day: { '.index-threshold': 40 }, + percentile_num_generated_actions_per_day: { '.index-threshold': 41 }, + runs: 42, + schedule_time: { + avg: '43s', + max: '44s', + min: '45s', + }, + schedule_time_number_s: { + avg: 46, + max: 47, + min: 48, + }, + throttle_time: { + avg: '49s', + max: '50s', + min: '51s', + }, + throttle_time_number_s: { + avg: 52, + max: 53, + min: 54, + }, + }; + const result = v2.up(cloneDeep(state)); + expect(result).toEqual(state); + }); + + it('should drop unknown properties when running the up migration', () => { + const state = { foo: true }; + const result = v2.up(state); + expect(result).not.toHaveProperty('foo'); + }); + }); }); diff --git a/x-pack/plugins/alerting/server/usage/task_state.ts b/x-pack/plugins/alerting/server/usage/task_state.ts index ac9852b3dbac..3b33e540914c 100644 --- a/x-pack/plugins/alerting/server/usage/task_state.ts +++ b/x-pack/plugins/alerting/server/usage/task_state.ts @@ -14,6 +14,112 @@ import { schema, TypeOf } from '@kbn/config-schema'; * As you add a new schema version, don't forget to change latestTaskStateSchema variable to reference the latest schema. * For example, changing stateSchemaByVersion[1].schema to stateSchemaByVersion[2].schema. */ + +const stateSchemaV1 = schema.object({ + has_errors: schema.boolean(), + error_messages: schema.maybe(schema.arrayOf(schema.any())), + runs: schema.number(), + count_total: schema.number(), + count_by_type: schema.recordOf(schema.string(), schema.number()), + throttle_time: schema.object({ + min: schema.string(), + avg: schema.string(), + max: schema.string(), + }), + schedule_time: schema.object({ + min: schema.string(), + avg: schema.string(), + max: schema.string(), + }), + throttle_time_number_s: schema.object({ + min: schema.number(), + avg: schema.number(), + max: schema.number(), + }), + schedule_time_number_s: schema.object({ + min: schema.number(), + avg: schema.number(), + max: schema.number(), + }), + connectors_per_alert: schema.object({ + min: schema.number(), + avg: schema.number(), + max: schema.number(), + }), + count_active_by_type: schema.recordOf(schema.string(), schema.number()), + count_active_total: schema.number(), + count_disabled_total: schema.number(), + count_rules_by_execution_status: schema.object({ + success: schema.number(), + error: schema.number(), + warning: schema.number(), + }), + count_rules_with_tags: schema.number(), + count_rules_by_notify_when: schema.object({ + on_action_group_change: schema.number(), + on_active_alert: schema.number(), + on_throttle_interval: schema.number(), + }), + count_rules_snoozed: schema.number(), + count_rules_muted: schema.number(), + count_rules_with_muted_alerts: schema.number(), + count_connector_types_by_consumers: schema.recordOf( + schema.string(), + schema.recordOf(schema.string(), schema.number()) + ), + count_rules_namespaces: schema.number(), + count_rules_executions_per_day: schema.number(), + count_rules_executions_by_type_per_day: schema.recordOf(schema.string(), schema.number()), + count_rules_executions_failured_per_day: schema.number(), + count_rules_executions_failured_by_reason_per_day: schema.recordOf( + schema.string(), + schema.number() + ), + count_rules_executions_failured_by_reason_by_type_per_day: schema.recordOf( + schema.string(), + schema.recordOf(schema.string(), schema.number()) + ), + count_rules_by_execution_status_per_day: schema.recordOf(schema.string(), schema.number()), + count_rules_executions_timeouts_per_day: schema.number(), + count_rules_executions_timeouts_by_type_per_day: schema.recordOf( + schema.string(), + schema.number() + ), + count_failed_and_unrecognized_rule_tasks_per_day: schema.number(), + count_failed_and_unrecognized_rule_tasks_by_status_per_day: schema.recordOf( + schema.string(), + schema.number() + ), + count_failed_and_unrecognized_rule_tasks_by_status_by_type_per_day: schema.recordOf( + schema.string(), + schema.recordOf(schema.string(), schema.number()) + ), + avg_execution_time_per_day: schema.number(), + avg_execution_time_by_type_per_day: schema.recordOf(schema.string(), schema.number()), + avg_es_search_duration_per_day: schema.number(), + avg_es_search_duration_by_type_per_day: schema.recordOf(schema.string(), schema.number()), + avg_total_search_duration_per_day: schema.number(), + avg_total_search_duration_by_type_per_day: schema.recordOf(schema.string(), schema.number()), + percentile_num_generated_actions_per_day: schema.recordOf(schema.string(), schema.number()), + percentile_num_generated_actions_by_type_per_day: schema.recordOf( + schema.string(), + schema.recordOf(schema.string(), schema.number()) + ), + percentile_num_alerts_per_day: schema.recordOf(schema.string(), schema.number()), + percentile_num_alerts_by_type_per_day: schema.recordOf( + schema.string(), + schema.recordOf(schema.string(), schema.number()) + ), +}); + +const stateSchemaV2 = stateSchemaV1.extends({ + count_mw_total: schema.number(), + count_mw_with_repeat_toggle_on: schema.number(), + count_mw_with_filter_alert_toggle_on: schema.number(), + count_alerts_total: schema.number(), + count_alerts_by_rule_type: schema.recordOf(schema.string(), schema.number()), +}); + export const stateSchemaByVersion = { 1: { // A task that was created < 8.10 will go through this "up" migration @@ -99,111 +205,22 @@ export const stateSchemaByVersion = { percentile_num_alerts_per_day: state.percentile_num_alerts_per_day || {}, percentile_num_alerts_by_type_per_day: state.percentile_num_alerts_by_type_per_day || {}, }), - schema: schema.object({ - has_errors: schema.boolean(), - error_messages: schema.maybe(schema.arrayOf(schema.any())), - runs: schema.number(), - count_total: schema.number(), - count_by_type: schema.recordOf(schema.string(), schema.number()), - throttle_time: schema.object({ - min: schema.string(), - avg: schema.string(), - max: schema.string(), - }), - schedule_time: schema.object({ - min: schema.string(), - avg: schema.string(), - max: schema.string(), - }), - throttle_time_number_s: schema.object({ - min: schema.number(), - avg: schema.number(), - max: schema.number(), - }), - schedule_time_number_s: schema.object({ - min: schema.number(), - avg: schema.number(), - max: schema.number(), - }), - connectors_per_alert: schema.object({ - min: schema.number(), - avg: schema.number(), - max: schema.number(), - }), - count_active_by_type: schema.recordOf(schema.string(), schema.number()), - count_active_total: schema.number(), - count_disabled_total: schema.number(), - count_rules_by_execution_status: schema.object({ - success: schema.number(), - error: schema.number(), - warning: schema.number(), - }), - count_rules_with_tags: schema.number(), - count_rules_by_notify_when: schema.object({ - on_action_group_change: schema.number(), - on_active_alert: schema.number(), - on_throttle_interval: schema.number(), - }), - count_rules_snoozed: schema.number(), - count_rules_muted: schema.number(), - count_mw_total: schema.number(), - count_mw_with_repeat_toggle_on: schema.number(), - count_mw_with_filter_alert_toggle_on: schema.number(), - count_rules_with_muted_alerts: schema.number(), - count_connector_types_by_consumers: schema.recordOf( - schema.string(), - schema.recordOf(schema.string(), schema.number()) - ), - count_rules_namespaces: schema.number(), - count_rules_executions_per_day: schema.number(), - count_rules_executions_by_type_per_day: schema.recordOf(schema.string(), schema.number()), - count_rules_executions_failured_per_day: schema.number(), - count_rules_executions_failured_by_reason_per_day: schema.recordOf( - schema.string(), - schema.number() - ), - count_rules_executions_failured_by_reason_by_type_per_day: schema.recordOf( - schema.string(), - schema.recordOf(schema.string(), schema.number()) - ), - count_rules_by_execution_status_per_day: schema.recordOf(schema.string(), schema.number()), - count_rules_executions_timeouts_per_day: schema.number(), - count_rules_executions_timeouts_by_type_per_day: schema.recordOf( - schema.string(), - schema.number() - ), - count_failed_and_unrecognized_rule_tasks_per_day: schema.number(), - count_failed_and_unrecognized_rule_tasks_by_status_per_day: schema.recordOf( - schema.string(), - schema.number() - ), - count_failed_and_unrecognized_rule_tasks_by_status_by_type_per_day: schema.recordOf( - schema.string(), - schema.recordOf(schema.string(), schema.number()) - ), - avg_execution_time_per_day: schema.number(), - avg_execution_time_by_type_per_day: schema.recordOf(schema.string(), schema.number()), - avg_es_search_duration_per_day: schema.number(), - avg_es_search_duration_by_type_per_day: schema.recordOf(schema.string(), schema.number()), - avg_total_search_duration_per_day: schema.number(), - avg_total_search_duration_by_type_per_day: schema.recordOf(schema.string(), schema.number()), - percentile_num_generated_actions_per_day: schema.recordOf(schema.string(), schema.number()), - percentile_num_generated_actions_by_type_per_day: schema.recordOf( - schema.string(), - schema.recordOf(schema.string(), schema.number()) - ), - percentile_num_alerts_per_day: schema.recordOf(schema.string(), schema.number()), - percentile_num_alerts_by_type_per_day: schema.recordOf( - schema.string(), - schema.recordOf(schema.string(), schema.number()) - ), - count_alerts_total: schema.number(), - count_alerts_by_rule_type: schema.recordOf(schema.string(), schema.number()), + schema: stateSchemaV1, + }, + 2: { + up: (state: Record) => ({ + ...stateSchemaByVersion[1].up(state), + count_mw_total: state.count_mw_total || 0, + count_mw_with_repeat_toggle_on: state.count_mw_with_repeat_toggle_on || 0, + count_mw_with_filter_alert_toggle_on: state.count_mw_with_filter_alert_toggle_on || 0, + count_alerts_total: state.count_alerts_total || 0, + count_alerts_by_rule_type: state.count_alerts_by_rule_type || {}, }), + schema: stateSchemaV2, }, }; -const latestTaskStateSchema = stateSchemaByVersion[1].schema; +const latestTaskStateSchema = stateSchemaByVersion[2].schema; export type LatestTaskStateSchema = TypeOf; export const emptyState: LatestTaskStateSchema = { diff --git a/x-pack/plugins/cases/public/components/all_cases/columns_popover.tsx b/x-pack/plugins/cases/public/components/all_cases/columns_popover.tsx index d16b1f20059a..25c4de69b731 100644 --- a/x-pack/plugins/cases/public/components/all_cases/columns_popover.tsx +++ b/x-pack/plugins/cases/public/components/all_cases/columns_popover.tsx @@ -98,7 +98,6 @@ export const ColumnsPopover: React.FC = ({ closePopover={closePopover} panelPaddingSize="s" anchorPosition="leftUp" - hasDragDrop zIndex={0} data-test-subj="column-selection-popover" button={ @@ -158,6 +157,7 @@ export const ColumnsPopover: React.FC = ({ css={{ height: euiTheme.size.xl, paddingLeft: euiTheme.size.base }} customDragHandle hasInteractiveChildren + usePortal > {(provided) => ( diff --git a/x-pack/plugins/cloud_security_posture/common/constants.ts b/x-pack/plugins/cloud_security_posture/common/constants.ts index e5d95b882b2e..d415d4cfcfc6 100644 --- a/x-pack/plugins/cloud_security_posture/common/constants.ts +++ b/x-pack/plugins/cloud_security_posture/common/constants.ts @@ -6,7 +6,7 @@ */ import { KSPM_POLICY_TEMPLATE, CSPM_POLICY_TEMPLATE } from '@kbn/cloud-security-posture-common'; -import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; + import { AwsCredentialsTypeFieldMap, GcpCredentialsTypeFieldMap, PostureTypes } from './types_old'; export const CLOUD_SECURITY_INTERTAL_PREFIX_ROUTE_PATH = '/internal/cloud_security_posture/'; @@ -125,14 +125,6 @@ export const POSTURE_TYPES: { [x: string]: PostureTypes } = { [POSTURE_TYPE_ALL]: POSTURE_TYPE_ALL, }; -export const VULNERABILITIES_SEVERITY: Record = { - LOW: 'LOW', - MEDIUM: 'MEDIUM', - HIGH: 'HIGH', - CRITICAL: 'CRITICAL', - UNKNOWN: 'UNKNOWN', -}; - export const AWS_CREDENTIALS_TYPE_TO_FIELDS_MAP: AwsCredentialsTypeFieldMap = { assume_role: ['role_arn'], direct_access_keys: ['access_key_id', 'secret_access_key'], diff --git a/x-pack/plugins/cloud_security_posture/public/common/constants.ts b/x-pack/plugins/cloud_security_posture/public/common/constants.ts index f6726731cad9..50d191cf0716 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/constants.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/constants.ts @@ -38,6 +38,9 @@ export const LOCAL_STORAGE_DASHBOARD_BENCHMARK_SORT_KEY = 'cloudPosture:complianceDashboard:benchmarkSort'; export const LOCAL_STORAGE_FINDINGS_LAST_SELECTED_TAB_KEY = 'cloudPosture:findings:lastSelectedTab'; +export const LOCAL_STORAGE_3P_INTEGRATIONS_CALLOUT_KEY = + 'cloudPosture:findings:3pIntegrationsCallout'; + export const LOCAL_STORAGE_VULNERABILITIES_GROUPING_KEY = 'cspLatestVulnerabilitiesGrouping'; export const LOCAL_STORAGE_FINDINGS_GROUPING_KEY = 'cspLatestFindingsGrouping'; @@ -230,6 +233,7 @@ export const FINDINGS_GROUPING_OPTIONS = { CLOUD_ACCOUNT_NAME: 'cloud.account.name', ORCHESTRATOR_CLUSTER_NAME: 'orchestrator.cluster.name', }; + export const VULNERABILITY_FIELDS = { VULNERABILITY_ID: 'vulnerability.id', SCORE_BASE: 'vulnerability.score.base', @@ -242,8 +246,9 @@ export const VULNERABILITY_FIELDS = { CLOUD_ACCOUNT_NAME: 'cloud.account.name', CLOUD_PROVIDER: 'cloud.provider', DESCRIPTION: 'vulnerability.description', - SOURCE: 'data_stream.dataset', + VENDOR: 'observer.vendor', } as const; + export const VULNERABILITY_GROUPING_OPTIONS = { NONE: 'none', RESOURCE_NAME: VULNERABILITY_FIELDS.RESOURCE_NAME, diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_dataset_display_name.test.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_dataset_display_name.test.ts deleted file mode 100644 index 432de02699d3..000000000000 --- a/x-pack/plugins/cloud_security_posture/public/common/utils/get_dataset_display_name.test.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { - CSP_MISCONFIGURATIONS_DATASET, - CSP_VULN_DATASET, - getDatasetDisplayName, - WIZ_MISCONFIGURATIONS_DATASET, - WIZ_VULN_DATASET, -} from './get_dataset_display_name'; - -describe('getDatasetDisplayName', () => { - it('should return "Wiz" when dataset is from Wiz integration', () => { - const wizMisconfigsDatasetDisplayName = getDatasetDisplayName(WIZ_MISCONFIGURATIONS_DATASET); - expect(wizMisconfigsDatasetDisplayName).toBe('Wiz'); - const wizVulnDatasetDisplayName = getDatasetDisplayName(WIZ_VULN_DATASET); - expect(wizVulnDatasetDisplayName).toBe('Wiz'); - }); - - it('should return "Elastic CSP" when dataset is from Elastic CSP integration', () => { - const elasticCspMisconfigsDatasetDisplayName = getDatasetDisplayName( - CSP_MISCONFIGURATIONS_DATASET - ); - expect(elasticCspMisconfigsDatasetDisplayName).toBe('Elastic CSP'); - const elasticCspVulnDatasetDisplayName = getDatasetDisplayName(CSP_VULN_DATASET); - expect(elasticCspVulnDatasetDisplayName).toBe('Elastic CSP'); - }); - - it('should return undefined when dataset is undefined', () => { - const result = getDatasetDisplayName(undefined); - expect(result).toBeUndefined(); - }); - - it('should return undefined when dataset is an empty string', () => { - const result = getDatasetDisplayName(''); - expect(result).toBeUndefined(); - }); -}); diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_vendor_name.test.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vendor_name.test.ts new file mode 100644 index 000000000000..70e0e5b957f7 --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vendor_name.test.ts @@ -0,0 +1,71 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { CspFinding, CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common'; +import { getVendorName } from './get_vendor_name'; + +describe('getVendorName', () => { + it('should return the vendor from the finding if available', () => { + const finding = { + observer: { vendor: 'SomeVendor' }, + data_stream: { dataset: 'some.dataset' }, + } as CspFinding; + + const result = getVendorName(finding); + expect(result).toBe('SomeVendor'); + }); + + it('should return "Wiz" for Wiz misconfiguration dataset', () => { + const finding = { + observer: {}, + data_stream: { dataset: 'wiz.cloud_configuration_finding' }, + } as CspFinding; + + const result = getVendorName(finding); + expect(result).toBe('Wiz'); + }); + + it('should return "Wiz" for Wiz vulnerability dataset', () => { + const finding = { + observer: {}, + data_stream: { dataset: 'wiz.vulnerability' }, + } as CspVulnerabilityFinding; + + const result = getVendorName(finding); + expect(result).toBe('Wiz'); + }); + + it('should return "Elastic" for Elastic misconfiguration dataset', () => { + const finding = { + observer: {}, + data_stream: { dataset: 'cloud_security_posture.findings' }, + } as CspFinding; + + const result = getVendorName(finding); + expect(result).toBe('Elastic'); + }); + + it('should return "Elastic" for Elastic vulnerability dataset', () => { + const finding = { + observer: {}, + data_stream: { dataset: 'cloud_security_posture.vulnerabilities' }, + } as CspVulnerabilityFinding; + + const result = getVendorName(finding); + expect(result).toBe('Elastic'); + }); + + it('should return undefined if no vendor or known dataset is provided', () => { + const finding = { + observer: {}, + data_stream: { dataset: 'unknown.dataset' }, + } as CspFinding; + + const result = getVendorName(finding); + expect(result).toBeUndefined(); + }); +}); diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_dataset_display_name.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vendor_name.ts similarity index 61% rename from x-pack/plugins/cloud_security_posture/public/common/utils/get_dataset_display_name.ts rename to x-pack/plugins/cloud_security_posture/public/common/utils/get_vendor_name.ts index 7164135e1ef1..e3595c9ae65f 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/utils/get_dataset_display_name.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vendor_name.ts @@ -5,15 +5,19 @@ * 2.0. */ -type Dataset = 'wiz.cloud_configuration_finding' | 'cloud_security_posture.findings'; +import { CspFinding, CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common'; +import { isNativeCspFinding } from './is_native_csp_finding'; export const CSP_MISCONFIGURATIONS_DATASET = 'cloud_security_posture.findings'; export const CSP_VULN_DATASET = 'cloud_security_posture.vulnerabilities'; export const WIZ_MISCONFIGURATIONS_DATASET = 'wiz.cloud_configuration_finding'; export const WIZ_VULN_DATASET = 'wiz.vulnerability'; -export const getDatasetDisplayName = (dataset?: Dataset | string) => { +export const getVendorName = (finding: CspFinding | CspVulnerabilityFinding) => { + if (finding.observer?.vendor) return finding.observer.vendor; + + const dataset = finding.data_stream?.dataset; + if (dataset === WIZ_MISCONFIGURATIONS_DATASET || dataset === WIZ_VULN_DATASET) return 'Wiz'; - if (dataset === CSP_MISCONFIGURATIONS_DATASET || dataset === CSP_VULN_DATASET) - return 'Elastic CSP'; + if (isNativeCspFinding(finding)) return 'Elastic'; }; diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerability_colors.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerability_colors.ts index fc63ac1131fa..cba51677dd58 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerability_colors.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerability_colors.ts @@ -6,8 +6,6 @@ */ import { euiThemeVars } from '@kbn/ui-theme'; -import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; -import { VULNERABILITIES_SEVERITY } from '../../../common/constants'; export const getCvsScoreColor = (score: number): string | undefined => { if (score <= 4) { @@ -20,18 +18,3 @@ export const getCvsScoreColor = (score: number): string | undefined => { return euiThemeVars.euiColorDanger; // critical severity } }; - -export const getSeverityStatusColor = (severity: VulnSeverity): string => { - switch (severity) { - case VULNERABILITIES_SEVERITY.LOW: - return euiThemeVars.euiColorVis0; - case VULNERABILITIES_SEVERITY.MEDIUM: - return euiThemeVars.euiColorVis5_behindText; - case VULNERABILITIES_SEVERITY.HIGH: - return euiThemeVars.euiColorVis9_behindText; - case VULNERABILITIES_SEVERITY.CRITICAL: - return euiThemeVars.euiColorDanger; - default: - return '#aaa'; - } -}; diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerabiltity_colors.test.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerabiltity_colors.test.ts index e276e0eeeafc..5000e14a5afc 100644 --- a/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerabiltity_colors.test.ts +++ b/x-pack/plugins/cloud_security_posture/public/common/utils/get_vulnerabiltity_colors.test.ts @@ -6,7 +6,7 @@ */ import { euiThemeVars } from '@kbn/ui-theme'; -import { getCvsScoreColor, getSeverityStatusColor } from './get_vulnerability_colors'; +import { getCvsScoreColor } from './get_vulnerability_colors'; describe('getCvsScoreColor', () => { it('returns correct color for low severity score', () => { @@ -29,25 +29,3 @@ describe('getCvsScoreColor', () => { expect(getCvsScoreColor(-0.2)).toBe(euiThemeVars.euiColorVis0); }); }); - -describe('getSeverityStatusColor', () => { - it('should return the correct color for LOW severity', () => { - expect(getSeverityStatusColor('LOW')).toBe(euiThemeVars.euiColorVis0); - }); - - it('should return the correct color for MEDIUM severity', () => { - expect(getSeverityStatusColor('MEDIUM')).toBe(euiThemeVars.euiColorVis5_behindText); - }); - - it('should return the correct color for HIGH severity', () => { - expect(getSeverityStatusColor('HIGH')).toBe(euiThemeVars.euiColorVis9_behindText); - }); - - it('should return the correct color for CRITICAL severity', () => { - expect(getSeverityStatusColor('CRITICAL')).toBe(euiThemeVars.euiColorDanger); - }); - - it('should return #aaa for an unknown severity', () => { - expect(getSeverityStatusColor('UNKNOWN')).toBe('#aaa'); - }); -}); diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/is_native_csp_finding.test.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/is_native_csp_finding.test.ts new file mode 100644 index 000000000000..1ebe6cb5c274 --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/common/utils/is_native_csp_finding.test.ts @@ -0,0 +1,56 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { CSP_MISCONFIGURATIONS_DATASET, CSP_VULN_DATASET } from './get_vendor_name'; +import { isNativeCspFinding } from './is_native_csp_finding'; +import { CspFinding } from '@kbn/cloud-security-posture-common'; +import { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding'; + +describe('isNativeCspFinding', () => { + it("should return true when finding's dataset matches CSP_MISCONFIGURATIONS_DATASET", () => { + const finding = { + data_stream: { + dataset: CSP_MISCONFIGURATIONS_DATASET, + }, + } as CspFinding; + + expect(isNativeCspFinding(finding)).toBe(true); + }); + + it("should return true when finding's dataset matches CSP_VULN_DATASET", () => { + const finding = { + data_stream: { + dataset: CSP_VULN_DATASET, + }, + } as CspVulnerabilityFinding; + + expect(isNativeCspFinding(finding)).toBe(true); + }); + + it('should return false when finding object is missing data_stream property', () => { + const finding = {} as CspFinding; + + expect(isNativeCspFinding(finding)).toBe(false); + }); + + it('should return false when finding object has data_stream property but missing dataset property', () => { + const finding = { + data_stream: {}, + } as CspFinding; + + expect(isNativeCspFinding(finding)).toBe(false); + }); + + it('should return false when dataset property is null or undefined', () => { + const findingWithUndefinedDataset = { + data_stream: { + dataset: undefined, + }, + } as CspFinding; + + expect(isNativeCspFinding(findingWithUndefinedDataset)).toBe(false); + }); +}); diff --git a/x-pack/plugins/cloud_security_posture/public/common/utils/is_native_csp_finding.ts b/x-pack/plugins/cloud_security_posture/public/common/utils/is_native_csp_finding.ts new file mode 100644 index 000000000000..0cad6fc7d542 --- /dev/null +++ b/x-pack/plugins/cloud_security_posture/public/common/utils/is_native_csp_finding.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { CspFinding } from '@kbn/cloud-security-posture-common'; +import { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding'; +import { CSP_MISCONFIGURATIONS_DATASET, CSP_VULN_DATASET } from './get_vendor_name'; + +export const isNativeCspFinding = (finding: CspFinding | CspVulnerabilityFinding) => + finding.data_stream?.dataset === CSP_MISCONFIGURATIONS_DATASET || + finding.data_stream?.dataset === CSP_VULN_DATASET; diff --git a/x-pack/plugins/cloud_security_posture/public/components/vulnerability_badges.tsx b/x-pack/plugins/cloud_security_posture/public/components/vulnerability_badges.tsx index cb4fbbad83a3..7d4095b4bd66 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/vulnerability_badges.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/vulnerability_badges.tsx @@ -10,7 +10,8 @@ import React from 'react'; import { css } from '@emotion/react'; import { float } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; -import { getCvsScoreColor, getSeverityStatusColor } from '../common/utils/get_vulnerability_colors'; +import { getSeverityStatusColor } from '@kbn/cloud-security-posture'; +import { getCvsScoreColor } from '../common/utils/get_vulnerability_colors'; import { VULNERABILITIES_CVSS_SCORE_BADGE_SUBJ } from './test_subjects'; interface CVSScoreBadgeProps { diff --git a/x-pack/plugins/cloud_security_posture/public/components/vulnerability_severity_map.tsx b/x-pack/plugins/cloud_security_posture/public/components/vulnerability_severity_map.tsx index 74341095caac..9046fcb265a8 100644 --- a/x-pack/plugins/cloud_security_posture/public/components/vulnerability_severity_map.tsx +++ b/x-pack/plugins/cloud_security_posture/public/components/vulnerability_severity_map.tsx @@ -17,7 +17,7 @@ import { import { PaletteColorStop } from '@elastic/eui/src/components/color_picker/color_palette_picker'; import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; import { i18n } from '@kbn/i18n'; -import { getSeverityStatusColor } from '../common/utils/get_vulnerability_colors'; +import { getSeverityStatusColor } from '@kbn/cloud-security-posture'; import { SeverityStatusBadge } from './vulnerability_badges'; interface Props { diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/__mocks__/findings.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/__mocks__/findings.ts index 4693459c0985..43b1c859a44f 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/__mocks__/findings.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/__mocks__/findings.ts @@ -118,6 +118,9 @@ export const mockFindingsHit: CspFinding = { data_stream: { dataset: 'cloud_security_posture.findings', }, + observer: { + vendor: 'Elastic', + }, }; export const mockWizFinding = { @@ -183,6 +186,9 @@ export const mockWizFinding = { type: 'logs', dataset: 'wiz.cloud_configuration_finding', }, + observer: { + vendor: 'Wiz', + }, event: { agent_id_status: 'auth_metadata_missing', ingested: '2024-07-15T10:49:45Z', diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts index 10e79145cd02..be08984c16db 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/configurations.handlers.mock.ts @@ -135,6 +135,9 @@ export const generateCspFinding = ( data_stream: { dataset: 'cloud_security_posture.findings', }, + observer: { + vendor: 'Elastic', + }, }; }; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_flyout.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_flyout.tsx index 2a45528ef49d..462652b4869d 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_flyout.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/findings_flyout.tsx @@ -37,10 +37,12 @@ import { css } from '@emotion/react'; import { euiThemeVars } from '@kbn/ui-theme'; import { CspEvaluationBadge } from '@kbn/cloud-security-posture'; import type { CspFinding } from '@kbn/cloud-security-posture-common'; +import { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/csp_vulnerability_finding'; +import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding'; import { CSP_MISCONFIGURATIONS_DATASET, - getDatasetDisplayName, -} from '../../../common/utils/get_dataset_display_name'; + getVendorName, +} from '../../../common/utils/get_vendor_name'; import { truthy } from '../../../../common/utils/helpers'; import { benchmarksNavigation } from '../../../common/navigation/constants'; import cisLogoIcon from '../../../assets/icons/cis_logo.svg'; @@ -200,13 +202,13 @@ const FindingsTab = ({ tab, finding }: { finding: CspFinding; tab: FindingsTab } } }; -const isNativeCspFinding = (finding: CspFinding) => - finding.data_stream.dataset === CSP_MISCONFIGURATIONS_DATASET; - -const MissingFieldsCallout = ({ finding }: { finding: CspFinding }) => { +export const MissingFieldsCallout = ({ + finding, +}: { + finding: CspFinding | CspVulnerabilityFinding; +}) => { const { euiTheme } = useEuiTheme(); - const datasetDisplayName = - getDatasetDisplayName(finding.data_stream.dataset) || finding.data_stream.dataset; + const vendor = getVendorName(finding); return ( { @@ -285,7 +287,7 @@ export const FindingsRuleFlyout = ({ {!isNativeCspFinding(finding) && ['overview', 'rule'].includes(tab.id) && ( -
+
)} diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/overview_tab.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/overview_tab.tsx index 5f54e34846b9..9ffa3ae8580d 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/overview_tab.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/overview_tab.tsx @@ -26,7 +26,7 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { isEmpty } from 'lodash'; import type { CspFinding } from '@kbn/cloud-security-posture-common'; import { useDataView } from '@kbn/cloud-security-posture/src/hooks/use_data_view'; -import { getDatasetDisplayName } from '../../../common/utils/get_dataset_display_name'; +import { getVendorName } from '../../../common/utils/get_vendor_name'; import { truthy } from '../../../../common/utils/helpers'; import { CSP_MOMENT_FORMAT } from '../../../common/constants'; import { INTERNAL_FEATURE_FLAGS } from '../../../../common/constants'; @@ -107,11 +107,10 @@ const getDetailsList = ( description: data.rule?.section ? data.rule?.section : EMPTY_VALUE, }, { - title: i18n.translate('xpack.csp.findings.findingsFlyout.overviewTab.sourceTitle', { - defaultMessage: 'Source', + title: i18n.translate('xpack.csp.findings.findingsFlyout.overviewTab.vendorTitle', { + defaultMessage: 'Vendor', }), - description: - getDatasetDisplayName(data.data_stream?.dataset) || data.data_stream?.dataset || EMPTY_VALUE, + description: getVendorName(data) || EMPTY_VALUE, }, { title: i18n.translate('xpack.csp.findings.findingsFlyout.overviewTab.dataViewTitle', { diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/rule_tab.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/rule_tab.tsx index 26007205f43f..2dcca4932935 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/rule_tab.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/findings_flyout/rule_tab.tsx @@ -43,13 +43,15 @@ export const getRuleList = ( defaultMessage: 'Alerts', }), description: - ruleState === 'unmuted' && rule?.benchmark?.name ? ( - - ) : ( + ruleState === 'muted' ? ( + ) : rule?.benchmark?.name ? ( + + ) : ( + EMPTY_VALUE ), }, { diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/constants.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/constants.ts index 9472a7064a6a..d9f20e3e712e 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/constants.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/constants.ts @@ -126,6 +126,6 @@ export const defaultColumns: CloudSecurityDefaultColumn[] = [ { id: 'rule.benchmark.rule_number' }, { id: 'rule.name' }, { id: 'rule.section' }, - { id: 'data_stream.dataset' }, + { id: 'observer.vendor' }, { id: '@timestamp' }, ]; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/findings_table_field_labels.ts b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/findings_table_field_labels.ts index 75ffaef8085e..b1e6196aec73 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/findings_table_field_labels.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/findings_table_field_labels.ts @@ -35,9 +35,9 @@ export const findingsTableFieldLabels: Record = { 'xpack.csp.findings.findingsTable.findingsTableColumn.ruleSectionColumnLabel', { defaultMessage: 'Framework Section' } ), - 'data_stream.dataset': i18n.translate( - 'xpack.csp.findings.findingsTable.findingsTableColumn.sourceColumnLabel', - { defaultMessage: 'Source' } + 'observer.vendor': i18n.translate( + 'xpack.csp.findings.findingsTable.findingsTableColumn.vendorColumnLabel', + { defaultMessage: 'Vendor' } ), '@timestamp': i18n.translate( 'xpack.csp.findings.findingsTable.findingsTableColumn.lastCheckedColumnLabel', diff --git a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_table.tsx b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_table.tsx index b8bd387ad57a..25546d2e02cb 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_table.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/configurations/latest_findings/latest_findings_table.tsx @@ -18,7 +18,7 @@ import { uiMetricService, } from '@kbn/cloud-security-posture-common/utils/ui_metrics'; import { METRIC_TYPE } from '@kbn/analytics'; -import { getDatasetDisplayName } from '../../../common/utils/get_dataset_display_name'; +import { getVendorName } from '../../../common/utils/get_vendor_name'; import * as TEST_SUBJECTS from '../test_subjects'; import { FindingsDistributionBar } from '../layout/findings_distribution_bar'; import { ErrorCallout } from '../layout/error_callout'; @@ -68,11 +68,13 @@ const customCellRenderer = (rows: DataTableRecord[]) => ({ return ; }, - 'data_stream.dataset': ({ rowIndex }: EuiDataGridCellValueElementProps) => { + 'observer.vendor': ({ rowIndex }: EuiDataGridCellValueElementProps) => { const finding = getCspFinding(rows[rowIndex].raw._source); - const source = getDatasetDisplayName(finding?.data_stream?.dataset); + if (!finding) return <>{''}; - return <>{source || finding?.data_stream?.dataset || ''}; + const vendor = getVendorName(finding); + + return <>{vendor || ''}; }, '@timestamp': ({ rowIndex }: EuiDataGridCellValueElementProps) => { const finding = getCspFinding(rows[rowIndex].raw._source); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx b/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx index 00837a362989..6b1dc4dacdf6 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/findings/findings.tsx @@ -6,15 +6,20 @@ */ import React from 'react'; import useLocalStorage from 'react-use/lib/useLocalStorage'; -import { EuiSpacer, EuiTab, EuiTabs, EuiTitle } from '@elastic/eui'; +import { EuiSpacer, EuiTab, EuiTabs, EuiTitle, EuiCallOut, EuiButton } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { Redirect, useHistory, useLocation, matchPath } from 'react-router-dom'; import { Routes, Route } from '@kbn/shared-ux-router'; import { findingsNavigation } from '@kbn/cloud-security-posture'; import { useCspSetupStatusApi } from '@kbn/cloud-security-posture/src/hooks/use_csp_setup_status_api'; +import { i18n } from '@kbn/i18n'; +import { useAdd3PIntegrationRoute } from '../../common/api/use_wiz_integration_route'; import { Configurations } from '../configurations'; import { cloudPosturePages } from '../../common/navigation/constants'; -import { LOCAL_STORAGE_FINDINGS_LAST_SELECTED_TAB_KEY } from '../../common/constants'; +import { + LOCAL_STORAGE_3P_INTEGRATIONS_CALLOUT_KEY, + LOCAL_STORAGE_FINDINGS_LAST_SELECTED_TAB_KEY, +} from '../../common/constants'; import { VULNERABILITIES_INDEX_NAME, FINDINGS_INDEX_NAME } from '../../../common/constants'; import { getStatusForIndexName } from '../../../common/utils/helpers'; import { Vulnerabilities } from '../vulnerabilities'; @@ -59,7 +64,10 @@ const FindingsTabRedirecter = ({ lastTabSelected }: { lastTabSelected?: Findings export const Findings = () => { const history = useHistory(); const location = useLocation(); - + const wizAddIntegrationLink = useAdd3PIntegrationRoute('wiz'); + const [userHasDismissedCallout, setUserHasDismissedCallout] = useLocalStorage( + LOCAL_STORAGE_3P_INTEGRATIONS_CALLOUT_KEY + ); // restore the users most recent tab selection const [lastTabSelected, setLastTabSelected] = useLocalStorage( LOCAL_STORAGE_FINDINGS_LAST_SELECTED_TAB_KEY @@ -101,6 +109,26 @@ export const Findings = () => { + {!userHasDismissedCallout && ( + <> + setUserHasDismissedCallout(true)} + > + + + + + + + )} ({ {({ finding }) => } ), - 'data_stream.dataset': ({ rowIndex }: EuiDataGridCellValueElementProps) => ( + 'observer.vendor': ({ rowIndex }: EuiDataGridCellValueElementProps) => ( - {({ finding }) => <>{getDatasetDisplayName(finding.data_stream.dataset) || '-'}} + {({ finding }) => <>{getVendorName(finding) || '-'}} ), }); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts index 7e817a3d56a1..a09f9130836b 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/utils/create_detection_rule_from_vulnerability.ts @@ -7,12 +7,12 @@ import { HttpSetup } from '@kbn/core/public'; import { i18n } from '@kbn/i18n'; -import { LATEST_VULNERABILITIES_RETENTION_POLICY } from '@kbn/cloud-security-posture-common'; -import type { Vulnerability } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; import { - VULNERABILITIES_INDEX_PATTERN, + LATEST_VULNERABILITIES_RETENTION_POLICY, VULNERABILITIES_SEVERITY, -} from '../../../../common/constants'; +} from '@kbn/cloud-security-posture-common'; +import type { Vulnerability } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; +import { VULNERABILITIES_INDEX_PATTERN } from '../../../../common/constants'; import { createDetectionRule } from '../../../common/api/create_detection_rule'; const DEFAULT_RULE_RISK_SCORE = 0; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_detection_rule_counter.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_detection_rule_counter.tsx index facb4817cec5..1c726a450655 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_detection_rule_counter.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_detection_rule_counter.tsx @@ -8,7 +8,7 @@ import React from 'react'; import type { HttpSetup } from '@kbn/core/public'; import type { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; -import { CSP_VULN_DATASET } from '../../../common/utils/get_dataset_display_name'; +import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding'; import { DetectionRuleCounter } from '../../../components/detection_rule_counter'; import { createDetectionRuleFromVulnerabilityFinding } from '../utils/create_detection_rule_from_vulnerability'; @@ -19,11 +19,12 @@ const CNVM_RULE_TAG_OS = 'OS: Linux'; const getTags = (vulnerabilityRecord: CspVulnerabilityFinding) => { let tags = [vulnerabilityRecord.vulnerability.id]; + const vendor = vulnerabilityRecord.observer?.vendor || vulnerabilityRecord?.data_stream?.dataset; - if (vulnerabilityRecord?.data_stream?.dataset === CSP_VULN_DATASET) { + if (isNativeCspFinding(vulnerabilityRecord)) { tags = [CNVM_TAG, CNVM_RULE_TAG_DATA_SOURCE, CNVM_RULE_TAG_USE_CASE, CNVM_RULE_TAG_OS, ...tags]; - } else { - tags.push(vulnerabilityRecord?.data_stream?.dataset); + } else if (!!vendor) { + tags.push(vendor); } return tags; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.test.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.test.tsx index 8f3f37390cfa..d22d1fd80286 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.test.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.test.tsx @@ -72,7 +72,7 @@ describe('', () => { ); getByText(mockVulnerabilityHit.vulnerability.data_source!.ID); - getByText('Elastic CSP'); + getByText('Elastic'); getByText(moment(mockVulnerabilityHit.vulnerability.published_date).format('LL').toString()); getByText(mockVulnerabilityHit.vulnerability.description); getAllByText(mockVulnerabilityHit.vulnerability?.cvss?.nvd?.V3Vector as string); @@ -93,13 +93,24 @@ describe('', () => { ); const dataSource = getByTestId(DATA_SOURCE_VULNERABILITY_FLYOUT); - const publisedDate = getByTestId(PUBLISHED_DATE_VULNERABILITY_FLYOUT); + const publishedDate = getByTestId(PUBLISHED_DATE_VULNERABILITY_FLYOUT); const vulnerabilityScores = getByTestId(VULNERABILITY_SCORES_FLYOUT); expect(dataSource.textContent).toEqual(`Data Source${EMPTY_VALUE}`); - expect(publisedDate.textContent).toEqual(`Published Date${EMPTY_VALUE}`); + expect(publishedDate.textContent).toEqual(`Published Date${EMPTY_VALUE}`); expect(vulnerabilityScores.textContent).toEqual(`Vulnerability Scores${EMPTY_VALUE}`); }); + it('displays missing info callout when data source is not CSP', () => { + const { getByText } = render(); + getByText('Some fields not provided by Wiz'); + }); + + it('does not display missing info callout when data source is CSP', () => { + const { queryByText } = render(); + const missingInfoCallout = queryByText('Some fields not provided by Wiz'); + expect(missingInfoCallout).toBeNull(); + }); + it('show empty state for no fixes', () => { const { getByText } = render( diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.tsx index 102fc272801e..8c7e3341424d 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_finding_flyout.tsx @@ -28,6 +28,7 @@ import { euiThemeVars } from '@kbn/ui-theme'; import { css } from '@emotion/react'; import { HttpSetup } from '@kbn/core-http-browser'; import type { CspVulnerabilityFinding } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; +import { isNativeCspFinding } from '../../../common/utils/is_native_csp_finding'; import { TakeAction } from '../../../components/take_action'; import { truthy } from '../../../../common/utils/helpers'; import { CspInlineDescriptionList } from '../../../components/csp_inline_description_list'; @@ -40,6 +41,7 @@ import { } from '../test_subjects'; import { VulnerabilityTableTab } from './vulnerability_table_tab'; import { createDetectionRuleFromVulnerabilityFinding } from '../utils/create_detection_rule_from_vulnerability'; +import { MissingFieldsCallout } from '../../configurations/findings_flyout/findings_flyout'; const overviewTabId = 'vuln-flyout-overview-tab'; const tableTabId = 'vuln-flyout-table-tab'; @@ -232,6 +234,11 @@ export const VulnerabilityFindingFlyout = ({ isLoading={isLoading} contentAriaLabel={LOADING_ARIA_LABEL} > + {!isNativeCspFinding(vulnerabilityRecord) && selectedTabId === overviewTabId && ( +
+ +
+ )} {selectedTabContent} diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_overview_tab.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_overview_tab.tsx index b050b374d692..d67649c508c1 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_overview_tab.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_finding_flyout/vulnerability_overview_tab.tsx @@ -24,12 +24,11 @@ import { CspVulnerabilityFinding, } from '@kbn/cloud-security-posture-common/schema/vulnerabilities/latest'; import { METRIC_TYPE } from '@kbn/analytics'; - import { VULNERABILITIES_FLYOUT_VISITS, uiMetricService, } from '@kbn/cloud-security-posture-common/utils/ui_metrics'; -import { getDatasetDisplayName } from '../../../common/utils/get_dataset_display_name'; +import { getVendorName } from '../../../common/utils/get_vendor_name'; import { CspFlyoutMarkdown } from '../../configurations/findings_flyout/findings_flyout'; import { NvdLogo } from '../../../assets/icons/nvd_logo_svg'; import { CVSScoreBadge } from '../../../components/vulnerability_badges'; @@ -287,11 +286,11 @@ export const VulnerabilityOverviewTab = ({ vulnerabilityRecord }: VulnerabilityT

- {getDatasetDisplayName(vulnerabilityRecord.data_stream?.dataset) || EMPTY_VALUE} + {getVendorName(vulnerabilityRecord) || EMPTY_VALUE} diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_table_field_labels.ts b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_table_field_labels.ts index cc8e0bd75c46..761bbfa9b7cc 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_table_field_labels.ts +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities_table_field_labels.ts @@ -39,8 +39,8 @@ export const vulnerabilitiesTableFieldLabels: Record = { 'xpack.csp.vulnerabilityFindings.vulnerabilityFindingsTable.vulnerabilityFindingsTableColumn.packageFixedVersionColumnLabel', { defaultMessage: 'Fix Version' } ), - 'data_stream.dataset': i18n.translate( - 'xpack.csp.vulnerabilityFindings.vulnerabilityFindingsTable.vulnerabilityFindingsTableColumn.sourceColumnLabel', - { defaultMessage: 'Source' } + 'observer.vendor': i18n.translate( + 'xpack.csp.vulnerabilityFindings.vulnerabilityFindingsTable.vulnerabilityFindingsTableColumn.vendorColumnLabel', + { defaultMessage: 'Vendor' } ), } as const; diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_statistics.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_statistics.tsx index 6a82adcb4e05..114f28ccfc27 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_statistics.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_statistics.tsx @@ -8,11 +8,11 @@ import React, { useMemo } from 'react'; import { EuiFlexGroup, EuiFlexItem, EuiHealth } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { useNavigateVulnerabilities } from '@kbn/cloud-security-posture/src/hooks/use_navigate_findings'; +import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common'; +import { getSeverityStatusColor } from '@kbn/cloud-security-posture'; import { VulnCounterCard, type VulnCounterCardProps } from '../../components/vuln_counter_card'; -import { VULNERABILITIES_SEVERITY } from '../../../common/constants'; import { useVulnerabilityDashboardApi } from '../../common/api/use_vulnerability_dashboard_api'; import { CompactFormattedNumber } from '../../components/compact_formatted_number'; -import { getSeverityStatusColor } from '../../common/utils/get_vulnerability_colors'; export const VulnerabilityStatistics = () => { const navToVulnerabilities = useNavigateVulnerabilities(); diff --git a/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_trend_graph.tsx b/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_trend_graph.tsx index ca29b18822fa..ff610b640cd3 100644 --- a/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_trend_graph.tsx +++ b/x-pack/plugins/cloud_security_posture/public/pages/vulnerability_dashboard/vulnerability_trend_graph.tsx @@ -21,12 +21,12 @@ import { FormattedMessage } from '@kbn/i18n-react'; import { useNavigateVulnerabilities } from '@kbn/cloud-security-posture/src/hooks/use_navigate_findings'; import type { VulnSeverity } from '@kbn/cloud-security-posture-common'; +import { VULNERABILITIES_SEVERITY } from '@kbn/cloud-security-posture-common'; +import { getSeverityStatusColor } from '@kbn/cloud-security-posture'; import { truthy } from '../../../common/utils/helpers'; import { VulnStatsTrend } from '../../../common/types_old'; import { useVulnerabilityDashboardApi } from '../../common/api/use_vulnerability_dashboard_api'; -import { getSeverityStatusColor } from '../../common/utils/get_vulnerability_colors'; import { ChartPanel } from '../../components/chart_panel'; -import { VULNERABILITIES_SEVERITY } from '../../../common/constants'; import { useKibana } from '../../common/hooks/use_kibana'; const stackAccessors: VulnSeverity[] = [ diff --git a/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_vulnerabilities_statistics.ts b/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_vulnerabilities_statistics.ts index 905810f1efc0..e4c8bbaf1e6b 100644 --- a/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_vulnerabilities_statistics.ts +++ b/x-pack/plugins/cloud_security_posture/server/routes/vulnerabilities_dashboard/get_vulnerabilities_statistics.ts @@ -7,8 +7,10 @@ import { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; import { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; -import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common'; -import { VULNERABILITIES_SEVERITY } from '../../../common/constants'; +import { + CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, + VULNERABILITIES_SEVERITY, +} from '@kbn/cloud-security-posture-common'; export interface VulnerabilitiesStatisticsQueryResult { critical: { diff --git a/x-pack/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts b/x-pack/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts index 1f8614c6d4a5..673ec5cb9f7a 100644 --- a/x-pack/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts +++ b/x-pack/plugins/cloud_security_posture/server/tasks/findings_stats_task.ts @@ -14,7 +14,10 @@ import { import type { SearchRequest } from '@elastic/elasticsearch/lib/api/types'; import { ElasticsearchClient } from '@kbn/core/server'; import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types'; -import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common'; +import { + CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN, + VULNERABILITIES_SEVERITY, +} from '@kbn/cloud-security-posture-common'; import type { ISavedObjectsRepository, Logger } from '@kbn/core/server'; import { getMutedRulesFilterQuery } from '../routes/benchmark_rules/get_states/v1'; import { getSafePostureTypeRuntimeMapping } from '../../common/runtime_mappings/get_safe_posture_type_runtime_mapping'; @@ -25,7 +28,6 @@ import { CSPM_FINDINGS_STATS_INTERVAL, INTERNAL_CSP_SETTINGS_SAVED_OBJECT_TYPE, LATEST_FINDINGS_INDEX_DEFAULT_NS, - VULNERABILITIES_SEVERITY, VULN_MGMT_POLICY_TEMPLATE, } from '../../common/constants'; import { scheduleTaskSafe, removeTaskSafe } from '../lib/task_manager_util'; diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/generate_chat_title.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/generate_chat_title.ts index dcef2ae6345f..47a36ddf844b 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/generate_chat_title.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/generate_chat_title.ts @@ -28,7 +28,7 @@ export const GENERATE_CHAT_TITLE_PROMPT = (responseLanguage: string, llmType?: s ? ChatPromptTemplate.fromMessages([ [ 'system', - `You are a title generator for a helpful assistant for Elastic Security. Assume the following human message is the start of a conversation between you and a human; Do not respond to the human message, instead respond with conversation title relevant to the human's message. DO NOT UNDER ANY CIRCUMSTANCES use quotes or markdown in your response. This title is shown in a list of conversations to the human, so title it for the user, not for you. Please create the title in ${responseLanguage}. Respond with the title only with no other text explaining your response. As an example, for the given MESSAGE, this is the TITLE: + `You are a title generator for a helpful assistant for Elastic Security. Assume the following human message is the start of a conversation between you and a human. Generate a relevant conversation title for the human's message in plain text. Make sure the title is formatted for the user, without using quotes or markdown. The title should clearly reflect the content of the message and be appropriate for a list of conversations. Please create the title in ${responseLanguage}. Respond only with the title. As an example, for the given MESSAGE, this is the TITLE: MESSAGE: I am having trouble with the Elastic Security app. TITLE: Troubleshooting Elastic Security app issues diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/run_agent.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/run_agent.ts index 36c15aa44445..2d076f6bd147 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/run_agent.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/run_agent.ts @@ -7,6 +7,7 @@ import { RunnableConfig } from '@langchain/core/runnables'; import { AgentRunnableSequence } from 'langchain/dist/agents/agent'; +import { formatLatestUserMessage } from '../prompts'; import { AgentState, NodeParamsBase } from '../types'; import { NodeType } from '../constants'; @@ -37,6 +38,8 @@ export async function runAgent({ const agentOutcome = await agentRunnable.withConfig({ tags: [AGENT_NODE_TAG] }).invoke( { ...state, + // prepend any user prompt (gemini) + input: formatLatestUserMessage(state.input, state.llmType), chat_history: state.messages, // TODO: Message de-dupe with ...state spread }, config diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/translations.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/translations.ts index ae8e3c18c221..9eedce48ba69 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/translations.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/nodes/translations.ts @@ -10,8 +10,11 @@ const YOU_ARE_A_HELPFUL_EXPERT_ASSISTANT = const IF_YOU_DONT_KNOW_THE_ANSWER = 'Do not answer questions unrelated to Elastic Security.'; export const DEFAULT_SYSTEM_PROMPT = `${YOU_ARE_A_HELPFUL_EXPERT_ASSISTANT} ${IF_YOU_DONT_KNOW_THE_ANSWER}`; - -export const GEMINI_SYSTEM_PROMPT = - `ALWAYS use the provided tools, as they have access to the latest data and syntax.` + - "The final response is the only output the user sees and should be a complete answer to the user's question. Do not leave out important tool output. The final response should never be empty. Don't forget to use tools."; +// system prompt from @afirstenberg +const BASE_GEMINI_PROMPT = + 'You are an assistant that is an expert at using tools and Elastic Security, doing your best to use these tools to answer questions or follow instructions. It is very important to use tools to answer the question or follow the instructions rather than coming up with your own answer. Tool calls are good. Sometimes you may need to make several tool calls to accomplish the task or get an answer to the question that was asked. Use as many tool calls as necessary.'; +const KB_CATCH = + 'If the knowledge base tool gives empty results, do your best to answer the question from the perspective of an expert security analyst.'; +export const GEMINI_SYSTEM_PROMPT = `${BASE_GEMINI_PROMPT} ${KB_CATCH}`; export const BEDROCK_SYSTEM_PROMPT = `Use tools as often as possible, as they have access to the latest data and syntax. Always return value from ESQLKnowledgeBaseTool as is. Never return tags in the response, but make sure to include tags content in the response. Do not reflect on the quality of the returned search results in your response.`; +export const GEMINI_USER_PROMPT = `Now, always using the tools at your disposal, step by step, come up with a response to this request:\n\n`; diff --git a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/prompts.ts b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/prompts.ts index eb52c227421f..4a7b1fd46ccb 100644 --- a/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/prompts.ts +++ b/x-pack/plugins/elastic_assistant/server/lib/langchain/graphs/default_assistant_graph/prompts.ts @@ -10,6 +10,7 @@ import { BEDROCK_SYSTEM_PROMPT, DEFAULT_SYSTEM_PROMPT, GEMINI_SYSTEM_PROMPT, + GEMINI_USER_PROMPT, } from './nodes/translations'; export const formatPrompt = (prompt: string, additionalPrompt?: string) => @@ -23,7 +24,8 @@ export const formatPrompt = (prompt: string, additionalPrompt?: string) => export const systemPrompts = { openai: DEFAULT_SYSTEM_PROMPT, bedrock: `${DEFAULT_SYSTEM_PROMPT} ${BEDROCK_SYSTEM_PROMPT}`, - gemini: `${DEFAULT_SYSTEM_PROMPT} ${GEMINI_SYSTEM_PROMPT}`, + // The default prompt overwhelms gemini, do not prepend + gemini: GEMINI_SYSTEM_PROMPT, structuredChat: `Respond to the human as helpfully and accurately as possible. You have access to the following tools: {tools} @@ -98,3 +100,16 @@ export const formatPromptStructured = (prompt: string, additionalPrompt?: string ]); export const structuredChatAgentPrompt = formatPromptStructured(systemPrompts.structuredChat); + +/** + * If Gemini is the llmType, + * Adds a user prompt for the latest message in a conversation + * @param prompt + * @param llmType + */ +export const formatLatestUserMessage = (prompt: string, llmType?: string): string => { + if (llmType === 'gemini') { + return `${GEMINI_USER_PROMPT}${prompt}`; + } + return prompt; +}; diff --git a/x-pack/plugins/elastic_assistant/server/routes/utils.ts b/x-pack/plugins/elastic_assistant/server/routes/utils.ts index e163526d996a..651a809e1a56 100644 --- a/x-pack/plugins/elastic_assistant/server/routes/utils.ts +++ b/x-pack/plugins/elastic_assistant/server/routes/utils.ts @@ -17,7 +17,7 @@ import { ActionsClientChatOpenAI, ActionsClientBedrockChatModel, ActionsClientSimpleChatModel, - ActionsClientGeminiChatModel, + ActionsClientChatVertexAI, } from '@kbn/langchain/server'; import { CustomHttpRequestError } from './custom_http_request_error'; @@ -187,5 +187,5 @@ export const getLlmClass = (llmType?: string, bedrockChatEnabled?: boolean) => : llmType === 'bedrock' && bedrockChatEnabled ? ActionsClientBedrockChatModel : llmType === 'gemini' && bedrockChatEnabled - ? ActionsClientGeminiChatModel + ? ActionsClientChatVertexAI : ActionsClientSimpleChatModel; diff --git a/x-pack/plugins/elastic_assistant/server/types.ts b/x-pack/plugins/elastic_assistant/server/types.ts index 58ee4a9dd454..af8d019539a6 100755 --- a/x-pack/plugins/elastic_assistant/server/types.ts +++ b/x-pack/plugins/elastic_assistant/server/types.ts @@ -39,6 +39,7 @@ import { import { ActionsClientBedrockChatModel, ActionsClientChatOpenAI, + ActionsClientChatVertexAI, ActionsClientGeminiChatModel, ActionsClientLlm, ActionsClientSimpleChatModel, @@ -230,6 +231,7 @@ export type AssistantToolLlm = | ActionsClientBedrockChatModel | ActionsClientChatOpenAI | ActionsClientGeminiChatModel + | ActionsClientChatVertexAI | ActionsClientSimpleChatModel; export interface AssistantToolParams { diff --git a/x-pack/plugins/enterprise_search/kibana.jsonc b/x-pack/plugins/enterprise_search/kibana.jsonc index 91221ef0ed95..f631bd2dc53d 100644 --- a/x-pack/plugins/enterprise_search/kibana.jsonc +++ b/x-pack/plugins/enterprise_search/kibana.jsonc @@ -7,9 +7,7 @@ "id": "enterpriseSearch", "server": true, "browser": true, - "configPath": [ - "enterpriseSearch" - ], + "configPath": ["enterpriseSearch"], "requiredPlugins": [ "data", "features", @@ -17,7 +15,7 @@ "logsShared", "logsDataAccess", "esUiShared", - "navigation", + "navigation" ], "optionalPlugins": [ "customIntegrations", @@ -31,7 +29,6 @@ "guidedOnboarding", "console", "searchConnectors", - "searchHomepage", "searchPlayground", "searchInferenceEndpoints", "embeddable", @@ -39,10 +36,8 @@ "charts", "cloud", "lens", - "share", + "share" ], - "requiredBundles": [ - "kibanaReact" - ] + "requiredBundles": ["kibanaReact"] } } diff --git a/x-pack/plugins/enterprise_search/public/applications/__mocks__/kea_logic/kibana_logic.mock.ts b/x-pack/plugins/enterprise_search/public/applications/__mocks__/kea_logic/kibana_logic.mock.ts index 5f4774be15b9..cca5523ded68 100644 --- a/x-pack/plugins/enterprise_search/public/applications/__mocks__/kea_logic/kibana_logic.mock.ts +++ b/x-pack/plugins/enterprise_search/public/applications/__mocks__/kea_logic/kibana_logic.mock.ts @@ -45,7 +45,6 @@ export const mockKibanaValues = { history: mockHistory, indexMappingComponent: null, isCloud: false, - isSearchHomepageEnabled: false, isSidebarEnabled: true, lens: { EmbeddableComponent: jest.fn(), @@ -65,7 +64,6 @@ export const mockKibanaValues = { hasWebCrawler: true, }, renderHeaderActions: jest.fn(), - searchHomepage: null, searchInferenceEndpoints: null, searchPlayground: searchPlaygroundMock.createStart(), security: securityMock.createStart(), diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/connector_detail.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/connector_detail.tsx index 645090ee4b77..4c787e9ef28e 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/connector_detail.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/connector_detail/connector_detail.tsx @@ -121,7 +121,7 @@ export const ConnectorDetail: React.FC = () => { label: i18n.translate( 'xpack.enterpriseSearch.content.connectors.connectorDetail.indexMappingsTabLabel', { - defaultMessage: 'Index mappings', + defaultMessage: 'Mappings', } ), onClick: () => diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/components/access_control_index_selector/access_control_index_selector.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/components/access_control_index_selector/access_control_index_selector.tsx index c525ed0a413a..e02741638f86 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/components/access_control_index_selector/access_control_index_selector.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/components/access_control_index_selector/access_control_index_selector.tsx @@ -7,21 +7,36 @@ import React from 'react'; -import { EuiFlexGrid, EuiFlexItem, EuiSuperSelect, EuiText, EuiTitle } from '@elastic/eui'; +import { + EuiFlexGroup, + EuiFlexItem, + EuiIcon, + EuiSuperSelect, + EuiText, + EuiTitle, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; export interface AccessControlSelectorOption { description: string; + error?: boolean; title: string; value: 'content-index' | 'access-control-index'; } -const indexSelectorOptions: AccessControlSelectorOption[] = [ +interface IndexSelectorProps { + fullWidth?: boolean; + indexSelectorOptions?: AccessControlSelectorOption[]; + onChange(value: AccessControlSelectorOption['value']): void; + valueOfSelected?: AccessControlSelectorOption['value']; +} + +export const DEFAULT_INDEX_SELECTOR_OPTIONS: AccessControlSelectorOption[] = [ { description: i18n.translate( 'xpack.enterpriseSearch.content.searchIndex.documents.selector.contentIndex.description', { - defaultMessage: 'Browse content fields', + defaultMessage: 'Browse documents ingested by content syncs', } ), title: i18n.translate( @@ -36,7 +51,7 @@ const indexSelectorOptions: AccessControlSelectorOption[] = [ description: i18n.translate( 'xpack.enterpriseSearch.content.searchIndex.documents.selector.accessControl.description', { - defaultMessage: 'Browse document level security fields', + defaultMessage: 'Browse access control lists ingested by access control syncs', } ), title: i18n.translate( @@ -49,34 +64,44 @@ const indexSelectorOptions: AccessControlSelectorOption[] = [ }, ]; -interface IndexSelectorProps { - onChange(value: AccessControlSelectorOption['value']): void; - valueOfSelected?: AccessControlSelectorOption['value']; -} - export const AccessControlIndexSelector: React.FC = ({ - valueOfSelected, + indexSelectorOptions = DEFAULT_INDEX_SELECTOR_OPTIONS, onChange, + valueOfSelected, + fullWidth, }) => { return ( option.error) ? ( + + ) : undefined + } options={indexSelectorOptions.map((option) => { return { dropdownDisplay: ( - - - -

{option.title}

- - - - -

{option.description}

- - - + + {option.error ? ( + + {' '} + + ) : null} + + + +

{option.title}

+ + + + +

{option.description}

+ + + + ), inputDisplay: option.title, value: option.value, diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/connector_rules.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/connector_rules.tsx index 2607cea17ce6..6791e7778c9a 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/connector_rules.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/connector/sync_rules/connector_rules.tsx @@ -56,7 +56,6 @@ export const ConnectorSyncRules: React.FC = () => { setIsEditing={setIsEditing} /> )} - {hasDraft && ( @@ -71,18 +70,6 @@ export const ConnectorSyncRules: React.FC = () => { - - - -

- {i18n.translate('xpack.enterpriseSearch.index.connector.syncRules.title', { - defaultMessage: 'Sync rules ', - })} -

- - - -

{i18n.translate('xpack.enterpriseSearch.index.connector.syncRules.description', { diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/documents.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/documents.tsx index 592da5d044f2..d384d218c0e2 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/documents.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/documents.tsx @@ -133,6 +133,7 @@ export const SearchIndexDocuments: React.FC = () => { accessControlSwitch={ shouldShowAccessControlSwitcher ? ( diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.scss b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.scss index bdde0fedc412..a52d3d75c851 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.scss +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.scss @@ -1,3 +1,3 @@ .enterpriseSearchMappingsSelector { - max-width: $euiSizeXXL * 6; + width: 100%; } diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.tsx index b35415cc2e0e..f9f46e854bec 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/index_mappings.tsx @@ -69,13 +69,13 @@ export const SearchIndexIndexMappings: React.FC = () => { return ( <> - {shouldShowAccessControlSwitch && ( diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/pipelines.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/pipelines.tsx index b05e2b66c37e..40b7c9596cb3 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/pipelines.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/pipelines/pipelines.tsx @@ -110,7 +110,6 @@ export const SearchIndexPipelines: React.FC = () => { return ( <> - {showMissingPipelineCallout && ( <> { }), }, { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.DOCUMENTS, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.documentsTabLabel', { defaultMessage: 'Documents', }), }, { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.INDEX_MAPPINGS, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.indexMappingsTabLabel', { - defaultMessage: 'Index mappings', + defaultMessage: 'Mappings', }), }, ]; const CONNECTOR_TABS: EuiTabbedContentTab[] = [ { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.CONFIGURATION, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.configurationTabLabel', { defaultMessage: 'Configuration', @@ -167,7 +182,12 @@ export const SearchIndex: React.FC = () => { ...(hasFilteringFeature ? [ { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.SYNC_RULES, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.syncRulesTabLabel', { defaultMessage: 'Sync rules', @@ -176,7 +196,12 @@ export const SearchIndex: React.FC = () => { ] : []), { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.SCHEDULING, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.schedulingTabLabel', { defaultMessage: 'Scheduling', @@ -186,14 +211,24 @@ export const SearchIndex: React.FC = () => { const CRAWLER_TABS: EuiTabbedContentTab[] = [ { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.DOMAIN_MANAGEMENT, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.domainManagementTabLabel', { defaultMessage: 'Manage Domains', }), }, { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.CRAWLER_CONFIGURATION, name: i18n.translate( 'xpack.enterpriseSearch.content.searchIndex.crawlerConfigurationTabLabel', @@ -203,7 +238,12 @@ export const SearchIndex: React.FC = () => { ), }, { - content: , + content: ( + <> + + + + ), 'data-test-subj': 'entSearchContent-index-crawler-scheduler-tab', id: SearchIndexTabId.SCHEDULING, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.schedulingTabLabel', { @@ -213,7 +253,12 @@ export const SearchIndex: React.FC = () => { ]; const PIPELINES_TAB: EuiTabbedContentTab = { - content: , + content: ( + <> + + + + ), id: SearchIndexTabId.PIPELINES, name: i18n.translate('xpack.enterpriseSearch.content.searchIndex.pipelinesTabLabel', { defaultMessage: 'Pipelines', @@ -289,7 +334,7 @@ const Content: React.FC = ({ } return ( <> - + {isCrawlerIndex(index) && } ); diff --git a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/sync_jobs/sync_jobs.tsx b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/sync_jobs/sync_jobs.tsx index 9495716e1a5e..2669457cb683 100644 --- a/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/sync_jobs/sync_jobs.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/enterprise_search_content/components/search_index/sync_jobs/sync_jobs.tsx @@ -5,20 +5,25 @@ * 2.0. */ -import React, { useEffect } from 'react'; +import React, { useEffect, useState } from 'react'; +import { css } from '@emotion/react'; import { useActions, useValues } from 'kea'; -import { EuiButtonGroup } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiIconTip, EuiSpacer, useEuiTheme } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; - import { Connector, SyncJobsTable } from '@kbn/search-connectors'; import { KibanaLogic } from '../../../../shared/kibana'; import { hasDocumentLevelSecurityFeature } from '../../../utils/connector_helpers'; +import { + AccessControlIndexSelector, + AccessControlSelectorOption, +} from '../components/access_control_index_selector/access_control_index_selector'; + import { SyncJobsViewLogic } from './sync_jobs_view_logic'; export interface SyncJobsProps { @@ -31,6 +36,8 @@ export const SyncJobs: React.FC = ({ connector }) => { productFeatures.hasDocumentLevelSecurityEnabled && hasDocumentLevelSecurityFeature(connector); const errorOnAccessSync = Boolean(connector.last_access_control_sync_error); const errorOnContentSync = Boolean(connector.last_sync_error); + const [selectedIndexType, setSelectedIndexType] = + useState('content-index'); const { connectorId, syncJobsPagination: pagination, @@ -63,44 +70,84 @@ export const SyncJobs: React.FC = ({ connector }) => { } }, [connectorId, selectedSyncJobCategory]); + useEffect(() => { + if (selectedIndexType === 'content-index') { + setSelectedSyncJobCategory('content'); + } else { + setSelectedSyncJobCategory('access_control'); + } + }, [selectedIndexType]); + const { euiTheme } = useEuiTheme(); return ( <> {shouldShowAccessSyncs && ( - { - if (optionId === 'content' || optionId === 'access_control') { - setSelectedSyncJobCategory(optionId); - } - }} - options={[ - { - id: 'content', - label: i18n.translate( - 'xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.content.label', - { defaultMessage: 'Content syncs' } - ), - ...(errorOnContentSync ? { iconSide: 'right', iconType: 'warning' } : {}), - }, - - { - id: 'access_control', - label: i18n.translate( - 'xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.accessControl.label', - { defaultMessage: 'Access control syncs' } - ), - ...(errorOnAccessSync ? { iconSide: 'right', iconType: 'warning' } : {}), - }, - ]} - /> + <> + + + + + + + {i18n.translate( + 'xpack.enterpriseSearch.accessControlIndexSelector.p.accessControlSyncsAreLabel', + { + defaultMessage: + 'Access control syncs keep permissions information up to date for document level security (DLS)', + } + )} +

+ } + position="right" + /> + + + + )} {selectedSyncJobCategory === 'content' ? ( { - beforeAll(() => { - TestHelper.prepare(); - }); - - it('renders as expected', async () => { - const { container } = TestHelper.render( - -
Test
- - ); - - expect(container.querySelector('.kbnSolutionNav__title')).toHaveTextContent('Search'); - }); -}); diff --git a/x-pack/plugins/enterprise_search/public/applications/search_homepage/components/layout/page_template.tsx b/x-pack/plugins/enterprise_search/public/applications/search_homepage/components/layout/page_template.tsx deleted file mode 100644 index 76f2e6e52623..000000000000 --- a/x-pack/plugins/enterprise_search/public/applications/search_homepage/components/layout/page_template.tsx +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; - -import { SEARCH_PRODUCT_NAME } from '../../../../../common/constants'; -import { SetSearchChrome } from '../../../shared/kibana_chrome'; -import { EnterpriseSearchPageTemplateWrapper, PageTemplateProps } from '../../../shared/layout'; -import { useEnterpriseSearchNav } from '../../../shared/layout'; -import { SendEnterpriseSearchTelemetry } from '../../../shared/telemetry'; - -export const SearchHomepagePageTemplate: React.FC = ({ - children, - pageChrome, - pageViewTelemetry, - ...pageTemplateProps -}) => { - return ( - } - > - {pageViewTelemetry && ( - - )} - {children} - - ); -}; diff --git a/x-pack/plugins/enterprise_search/public/applications/search_homepage/components/search_homepage.tsx b/x-pack/plugins/enterprise_search/public/applications/search_homepage/components/search_homepage.tsx deleted file mode 100644 index a605010fcb00..000000000000 --- a/x-pack/plugins/enterprise_search/public/applications/search_homepage/components/search_homepage.tsx +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; - -import { useValues } from 'kea'; - -import { KibanaLogic } from '../../shared/kibana'; -import { SetSearchChrome } from '../../shared/kibana_chrome'; - -import { SearchHomepagePageTemplate } from './layout/page_template'; - -export const SearchHomepagePage = () => { - const { isSearchHomepageEnabled, searchHomepage } = useValues(KibanaLogic); - - if (!isSearchHomepageEnabled || !searchHomepage) { - return null; - } - - return ( - - - - - ); -}; diff --git a/x-pack/plugins/enterprise_search/public/applications/search_homepage/index.tsx b/x-pack/plugins/enterprise_search/public/applications/search_homepage/index.tsx deleted file mode 100644 index 43963f21d3b5..000000000000 --- a/x-pack/plugins/enterprise_search/public/applications/search_homepage/index.tsx +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; - -import { Routes, Route } from '@kbn/shared-ux-router'; - -import { isVersionMismatch } from '../../../common/is_version_mismatch'; -import type { InitialAppData } from '../../../common/types'; -import { VersionMismatchPage } from '../shared/version_mismatch'; - -import { SearchHomepagePage } from './components/search_homepage'; - -export const SearchHomepage: React.FC = (props) => { - const { enterpriseSearchVersion, kibanaVersion } = props; - const incompatibleVersions = isVersionMismatch(enterpriseSearchVersion, kibanaVersion); - - const showView = () => { - if (incompatibleVersions) { - return ( - - ); - } - - return ; - }; - - return ( - - - {showView()} - - - ); -}; diff --git a/x-pack/plugins/enterprise_search/public/applications/search_homepage/jest.config.js b/x-pack/plugins/enterprise_search/public/applications/search_homepage/jest.config.js deleted file mode 100644 index c18a3561afb6..000000000000 --- a/x-pack/plugins/enterprise_search/public/applications/search_homepage/jest.config.js +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -module.exports = { - preset: '@kbn/test', - rootDir: '../../../../../..', - roots: ['/x-pack/plugins/enterprise_search/public/applications/search_homepage'], - collectCoverage: true, - coverageReporters: ['text', 'html'], - collectCoverageFrom: [ - '/x-pack/plugins/enterprise_search/public/applications/**/*.{ts,tsx}', - '!/x-pack/plugins/enterprise_search/public/*.ts', - '!/x-pack/plugins/enterprise_search/server/*.ts', - '!/x-pack/plugins/enterprise_search/public/applications/test_helpers/**/*.{ts,tsx}', - ], - coverageDirectory: - '/target/kibana-coverage/jest/x-pack/plugins/enterprise_search/public/applications/search_homepage', - modulePathIgnorePatterns: [ - '/x-pack/plugins/enterprise_search/public/applications/app_search/cypress', - '/x-pack/plugins/enterprise_search/public/applications/workplace_search/cypress', - ], -}; diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/kibana/kibana_logic.ts b/x-pack/plugins/enterprise_search/public/applications/shared/kibana/kibana_logic.ts index 939d92745006..f74345a1c75c 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/kibana/kibana_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/kibana/kibana_logic.ts @@ -29,7 +29,6 @@ import { LensPublicStart } from '@kbn/lens-plugin/public'; import { MlPluginStart } from '@kbn/ml-plugin/public'; import { ELASTICSEARCH_URL_PLACEHOLDER } from '@kbn/search-api-panels/constants'; import { ConnectorDefinition } from '@kbn/search-connectors-plugin/public'; -import type { SearchHomepagePluginStart } from '@kbn/search-homepage/public'; import { SearchInferenceEndpointsPluginStart } from '@kbn/search-inference-endpoints/public'; import { SearchPlaygroundPluginStart } from '@kbn/search-playground/public'; import { AuthenticatedUser, SecurityPluginStart } from '@kbn/security-plugin/public'; @@ -59,7 +58,6 @@ export interface KibanaLogicProps { guidedOnboarding?: GuidedOnboardingPluginStart; history: ScopedHistory; indexMappingComponent?: React.FC; - isSearchHomepageEnabled: boolean; isSidebarEnabled: boolean; lens?: LensPublicStart; ml?: MlPluginStart; @@ -67,7 +65,6 @@ export interface KibanaLogicProps { productAccess: ProductAccess; productFeatures: ProductFeatures; renderHeaderActions(HeaderActions?: FC): void; - searchHomepage?: SearchHomepagePluginStart; searchInferenceEndpoints?: SearchInferenceEndpointsPluginStart; searchPlayground?: SearchPlaygroundPluginStart; security?: SecurityPluginStart; @@ -94,7 +91,6 @@ export interface KibanaValues { history: ScopedHistory; indexMappingComponent: React.FC | null; isCloud: boolean; - isSearchHomepageEnabled: boolean; isSidebarEnabled: boolean; lens: LensPublicStart | null; ml: MlPluginStart | null; @@ -102,7 +98,6 @@ export interface KibanaValues { productAccess: ProductAccess; productFeatures: ProductFeatures; renderHeaderActions(HeaderActions?: FC): void; - searchHomepage: SearchHomepagePluginStart | null; searchInferenceEndpoints: SearchInferenceEndpointsPluginStart | null; searchPlayground: SearchPlaygroundPluginStart | null; security: SecurityPluginStart | null; @@ -134,7 +129,6 @@ export const KibanaLogic = kea>({ guidedOnboarding: [props.guidedOnboarding || null, {}], history: [props.history, {}], indexMappingComponent: [props.indexMappingComponent || null, {}], - isSearchHomepageEnabled: [props.isSearchHomepageEnabled, {}], isSidebarEnabled: [props.isSidebarEnabled, {}], lens: [props.lens || null, {}], ml: [props.ml || null, {}], @@ -149,7 +143,6 @@ export const KibanaLogic = kea>({ productAccess: [props.productAccess, {}], productFeatures: [props.productFeatures, {}], renderHeaderActions: [props.renderHeaderActions, {}], - searchHomepage: [props.searchHomepage || null, {}], searchInferenceEndpoints: [props.searchInferenceEndpoints || null, {}], searchPlayground: [props.searchPlayground || null, {}], security: [props.security || null, {}], diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx index 1c967c17c9c1..3b3960a7a92b 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/shared/layout/nav.tsx @@ -52,8 +52,7 @@ import { generateNavLink } from './nav_link_helpers'; * @returns The Enterprise Search navigation items */ export const useEnterpriseSearchNav = (alwaysReturn = false) => { - const { isSearchHomepageEnabled, searchHomepage, isSidebarEnabled, productAccess } = - useValues(KibanaLogic); + const { isSidebarEnabled, productAccess } = useValues(KibanaLogic); const { hasEnterpriseLicense } = useValues(LicensingLogic); @@ -74,10 +73,7 @@ export const useEnterpriseSearchNav = (alwaysReturn = false) => { ...generateNavLink({ shouldNotCreateHref: true, shouldShowActiveForSubroutes: true, - to: - isSearchHomepageEnabled && searchHomepage - ? searchHomepage.app.appRoute - : ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.URL, + to: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.URL, }), }, { diff --git a/x-pack/plugins/enterprise_search/public/applications/test_helpers/test_utils.test_helper.tsx b/x-pack/plugins/enterprise_search/public/applications/test_helpers/test_utils.test_helper.tsx index 861152c024b6..d1729a50909e 100644 --- a/x-pack/plugins/enterprise_search/public/applications/test_helpers/test_utils.test_helper.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/test_helpers/test_utils.test_helper.tsx @@ -63,7 +63,6 @@ export const mockKibanaProps: KibanaLogicProps = { indexMappingComponent: () => { return <>; }, - isSearchHomepageEnabled: false, isSidebarEnabled: true, lens: { EmbeddableComponent: jest.fn(), @@ -86,7 +85,6 @@ export const mockKibanaProps: KibanaLogicProps = { hasWebCrawler: true, }, renderHeaderActions: jest.fn(), - searchHomepage: undefined, searchPlayground: searchPlaygroundMock.createStart(), security: securityMock.createStart(), setBreadcrumbs: jest.fn(), diff --git a/x-pack/plugins/enterprise_search/public/navigation_tree.ts b/x-pack/plugins/enterprise_search/public/navigation_tree.ts index 74db04a3141d..c893c56f372c 100644 --- a/x-pack/plugins/enterprise_search/public/navigation_tree.ts +++ b/x-pack/plugins/enterprise_search/public/navigation_tree.ts @@ -69,14 +69,12 @@ const euiItemTypeToNodeDefinition = ({ export const getNavigationTreeDefinition = ({ dynamicItems$, - isSearchHomepageEnabled, }: { dynamicItems$: Observable; - isSearchHomepageEnabled: boolean; }): AddSolutionNavigationArg => { return { dataTestSubj: 'searchSideNav', - homePage: isSearchHomepageEnabled ? 'searchHomepage' : 'enterpriseSearch', + homePage: 'enterpriseSearch', icon, id: 'es', navigationTree$: dynamicItems$.pipe( @@ -88,7 +86,7 @@ export const getNavigationTreeDefinition = ({ breadcrumbStatus: 'hidden', children: [ { - link: isSearchHomepageEnabled ? 'searchHomepage' : 'enterpriseSearch', + link: 'enterpriseSearch', }, { getIsActive: ({ pathNameSerialized, prepend }) => { diff --git a/x-pack/plugins/enterprise_search/public/plugin.ts b/x-pack/plugins/enterprise_search/public/plugin.ts index 73dbe6885fdc..a1558c4855aa 100644 --- a/x-pack/plugins/enterprise_search/public/plugin.ts +++ b/x-pack/plugins/enterprise_search/public/plugin.ts @@ -32,10 +32,6 @@ import { MlPluginStart } from '@kbn/ml-plugin/public'; import type { NavigationPublicPluginStart } from '@kbn/navigation-plugin/public'; import { ELASTICSEARCH_URL_PLACEHOLDER } from '@kbn/search-api-panels/constants'; import { SearchConnectorsPluginStart } from '@kbn/search-connectors-plugin/public'; -import type { - SearchHomepagePluginSetup, - SearchHomepagePluginStart, -} from '@kbn/search-homepage/public'; import { SearchInferenceEndpointsPluginStart } from '@kbn/search-inference-endpoints/public'; import { SearchPlaygroundPluginStart } from '@kbn/search-playground/public'; import { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/public'; @@ -70,7 +66,6 @@ import { import { INFERENCE_ENDPOINTS_PATH } from './applications/enterprise_search_relevance/routes'; import { docLinks } from './applications/shared/doc_links'; -import { setBreadcrumbHomeUrl } from './applications/shared/kibana_chrome/breadcrumbs_home'; import type { DynamicSideNavItems } from './navigation_tree'; export interface ClientData extends InitialAppData { @@ -85,7 +80,6 @@ interface PluginsSetup { cloud?: CloudSetup; licensing: LicensingPluginStart; home?: HomePublicPluginSetup; - searchHomepage?: SearchHomepagePluginSetup; security?: SecurityPluginSetup; share?: SharePluginSetup; } @@ -102,7 +96,6 @@ export interface PluginsStart { ml?: MlPluginStart; navigation: NavigationPublicPluginStart; searchConnectors?: SearchConnectorsPluginStart; - searchHomepage?: SearchHomepagePluginStart; searchPlayground?: SearchPlaygroundPluginStart; searchInferenceEndpoints?: SearchInferenceEndpointsPluginStart; security?: SecurityPluginStart; @@ -264,56 +257,29 @@ export class EnterpriseSearchPlugin implements Plugin { } const { cloud, share } = plugins; - const useSearchHomepage = - plugins.searchHomepage && plugins.searchHomepage.isHomepageFeatureEnabled(); - - if (useSearchHomepage) { - const { app } = plugins.searchHomepage!; - core.application.register({ - ...app, - category: DEFAULT_APP_CATEGORIES.enterpriseSearch, - euiIconType: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.LOGO, - visibleIn: ['home', 'kibanaOverview', 'globalSearch', 'sideNav'], - mount: async (params: AppMountParameters) => { - const kibanaDeps = await this.getKibanaDeps(core, params, cloud); - const { chrome, http } = kibanaDeps.core; - chrome.docTitle.change(app.title); - - await this.getInitialData(http); - const pluginData = this.getPluginData(); - - const { renderApp } = await import('./applications'); - const { SearchHomepage } = await import('./applications/search_homepage'); - - return renderApp(SearchHomepage, kibanaDeps, pluginData); - }, - }); - setBreadcrumbHomeUrl(app.appRoute); - } else { - core.application.register({ - appRoute: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.URL, - category: DEFAULT_APP_CATEGORIES.enterpriseSearch, - euiIconType: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.LOGO, - id: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.ID, - mount: async (params: AppMountParameters) => { - const kibanaDeps = await this.getKibanaDeps(core, params, cloud); - const { chrome, http } = kibanaDeps.core; - chrome.docTitle.change(ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.NAME); + core.application.register({ + appRoute: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.URL, + category: DEFAULT_APP_CATEGORIES.enterpriseSearch, + euiIconType: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.LOGO, + id: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.ID, + mount: async (params: AppMountParameters) => { + const kibanaDeps = await this.getKibanaDeps(core, params, cloud); + const { chrome, http } = kibanaDeps.core; + chrome.docTitle.change(ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.NAME); - await this.getInitialData(http); - const pluginData = this.getPluginData(); + await this.getInitialData(http); + const pluginData = this.getPluginData(); - const { renderApp } = await import('./applications'); - const { EnterpriseSearchOverview } = await import( - './applications/enterprise_search_overview' - ); + const { renderApp } = await import('./applications'); + const { EnterpriseSearchOverview } = await import( + './applications/enterprise_search_overview' + ); - return renderApp(EnterpriseSearchOverview, kibanaDeps, pluginData); - }, - title: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.NAV_TITLE, - visibleIn: ['home', 'kibanaOverview', 'globalSearch', 'sideNav'], - }); - } + return renderApp(EnterpriseSearchOverview, kibanaDeps, pluginData); + }, + title: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.NAV_TITLE, + visibleIn: ['home', 'kibanaOverview', 'globalSearch', 'sideNav'], + }); core.application.register({ appRoute: ENTERPRISE_SEARCH_CONTENT_PLUGIN.URL, @@ -568,27 +534,14 @@ export class EnterpriseSearchPlugin implements Plugin { } if (plugins.home) { - if (useSearchHomepage) { - const { searchHomepage } = plugins; - - plugins.home.featureCatalogue.registerSolution({ - description: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.DESCRIPTION, - icon: 'logoEnterpriseSearch', - id: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.ID, - order: 100, - path: searchHomepage!.app.appRoute, - title: SEARCH_PRODUCT_NAME, - }); - } else { - plugins.home.featureCatalogue.registerSolution({ - description: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.DESCRIPTION, - icon: 'logoEnterpriseSearch', - id: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.ID, - order: 100, - path: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.URL, - title: SEARCH_PRODUCT_NAME, - }); - } + plugins.home.featureCatalogue.registerSolution({ + description: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.DESCRIPTION, + icon: 'logoEnterpriseSearch', + id: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.ID, + order: 100, + path: ENTERPRISE_SEARCH_OVERVIEW_PLUGIN.URL, + title: SEARCH_PRODUCT_NAME, + }); plugins.home.featureCatalogue.register({ category: 'data', @@ -658,7 +611,6 @@ export class EnterpriseSearchPlugin implements Plugin { return plugins.navigation.addSolutionNavigation( getNavigationTreeDefinition({ dynamicItems$: this.sideNavDynamicItems$, - isSearchHomepageEnabled: plugins.searchHomepage?.isHomepageFeatureEnabled() ?? false, }) ); }); diff --git a/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.test.ts b/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.test.ts index f865da1f0dce..0d05ed77ba7c 100644 --- a/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.test.ts +++ b/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.test.ts @@ -5,10 +5,12 @@ * 2.0. */ -import { NEVER, lastValueFrom } from 'rxjs'; +import { NEVER, lastValueFrom, of } from 'rxjs'; import { IScopedClusterClient } from '@kbn/core/server'; +import type { GlobalSearchProviderContext } from '@kbn/global-search-plugin/server'; + import { ENTERPRISE_SEARCH_CONTENT_PLUGIN } from '../../common/constants'; import { getConnectorsSearchResultProvider } from './connectors_search_result_provider'; @@ -57,6 +59,24 @@ describe('Enterprise Search - connectors search provider', () => { }, asInternalUser: {}, }; + + const getSearchProviderContext = ({ + enterpriseSearchEnabled, + }: { + enterpriseSearchEnabled: boolean; + }): GlobalSearchProviderContext => ({ + core: { + capabilities: of({ + catalogue: { enterpriseSearch: enterpriseSearchEnabled }, + management: {}, + navLinks: {}, + }), + savedObjects: {} as any, + uiSettings: {} as any, + }, + }); + const mockSearchProviderContext = getSearchProviderContext({ enterpriseSearchEnabled: true }); + afterEach(() => { jest.clearAllMocks(); }); @@ -74,7 +94,7 @@ describe('Enterprise Search - connectors search provider', () => { client, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toEqual([{ ...getConnectorSearchData('postgres'), score: 100 }]); @@ -90,7 +110,7 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 100, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toEqual([ @@ -110,7 +130,7 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 100, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toHaveLength(0); @@ -126,7 +146,7 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 1, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toEqual([{ ...getConnectorSearchData('postgres'), score: 90 }]); @@ -143,7 +163,7 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 100, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toEqual([]); @@ -159,7 +179,7 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 100, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toEqual([]); @@ -175,7 +195,7 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 100, preference: '', }, - {} as any + mockSearchProviderContext ) ); expect(results).toEqual([]); @@ -191,7 +211,23 @@ describe('Enterprise Search - connectors search provider', () => { maxResults: 100, preference: '', }, - {} as any + mockSearchProviderContext + ) + ); + expect(results).toEqual([]); + }); + + it('if capabilities.catalogue.enterpriseSearch is false', async () => { + const results = await lastValueFrom( + connectorsSearchResultProvider.find( + { term: 'companyName-postgres-connector-all' }, + { + aborted$: NEVER, + client, + maxResults: 100, + preference: '', + }, + getSearchProviderContext({ enterpriseSearchEnabled: false }) ) ); expect(results).toEqual([]); diff --git a/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.ts b/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.ts index 7e81d5b6d09e..09386a4a3030 100644 --- a/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.ts +++ b/x-pack/plugins/enterprise_search/server/utils/connectors_search_result_provider.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { from, takeUntil } from 'rxjs'; +import { from, takeUntil, switchMap, of } from 'rxjs'; import type { IStaticAssets } from '@kbn/core-http-browser'; @@ -25,7 +25,7 @@ export function getConnectorsSearchResultProvider( staticAssets: IStaticAssets ): GlobalSearchResultProvider { return { - find: ({ term, types, tags }, { aborted$, client, maxResults }) => { + find: ({ term, types, tags }, { aborted$, client, maxResults }, { core: { capabilities } }) => { if (!client || !term || tags || (types && !types.includes('connector'))) { return from([[]]); } @@ -52,7 +52,17 @@ export function getConnectorsSearchResultProvider( .slice(0, maxResults); return searchResults; }; - return from(getConnectorData()).pipe(takeUntil(aborted$)); + + return capabilities.pipe( + takeUntil(aborted$), + switchMap((caps) => { + if (!caps.catalogue.enterpriseSearch) { + return of([]); + } + + return from(getConnectorData()); + }) + ); }, getSearchableTypes: () => ['connector'], id: 'enterpriseSearchConnectors', diff --git a/x-pack/plugins/enterprise_search/server/utils/search_result_provider.test.ts b/x-pack/plugins/enterprise_search/server/utils/search_result_provider.test.ts index ef6e3f665b55..49e94e76cd7a 100644 --- a/x-pack/plugins/enterprise_search/server/utils/search_result_provider.test.ts +++ b/x-pack/plugins/enterprise_search/server/utils/search_result_provider.test.ts @@ -5,9 +5,11 @@ * 2.0. */ -import { NEVER } from 'rxjs'; +import { NEVER, of } from 'rxjs'; import { TestScheduler } from 'rxjs/testing'; +import type { GlobalSearchProviderContext } from '@kbn/global-search-plugin/server'; + import { ENTERPRISE_SEARCH_CONTENT_PLUGIN } from '../../common/constants'; import { getSearchResultProvider } from './search_result_provider'; @@ -18,6 +20,23 @@ const getTestScheduler = () => { }); }; +const getSearchProviderContext = ({ + enterpriseSearchEnabled, +}: { + enterpriseSearchEnabled: boolean; +}): GlobalSearchProviderContext => ({ + core: { + capabilities: of({ + catalogue: { enterpriseSearch: enterpriseSearchEnabled }, + management: {}, + navLinks: {}, + }), + savedObjects: {} as any, + uiSettings: {} as any, + }, +}); +const mockSearchProviderContext = getSearchProviderContext({ enterpriseSearchEnabled: true }); + const connectors = [ { categories: [ @@ -119,7 +138,7 @@ describe('Enterprise Search search provider', () => { searchResultProvider.find( { term: 'crawler' }, { aborted$: NEVER, maxResults: 100, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [crawlerResult], @@ -133,7 +152,7 @@ describe('Enterprise Search search provider', () => { searchResultProvider.find( { term: '' }, { aborted$: NEVER, maxResults: 100, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: expect.arrayContaining([ @@ -150,7 +169,7 @@ describe('Enterprise Search search provider', () => { searchResultProvider.find( { term: '' }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [{ ...crawlerResult, score: 80 }], @@ -173,7 +192,7 @@ describe('Enterprise Search search provider', () => { searchProvider.find( { term: '' }, { aborted$: NEVER, maxResults: 100, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: expect.not.arrayContaining([{ ...crawlerResult, score: 80 }]), @@ -196,7 +215,7 @@ describe('Enterprise Search search provider', () => { searchProvider.find( { term: '' }, { aborted$: NEVER, maxResults: 100, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: expect.not.arrayContaining([{ mongoResult, score: 80 }]), @@ -210,20 +229,34 @@ describe('Enterprise Search search provider', () => { searchResultProvider.find( { tags: ['tag'], term: '' }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [], }); }); }); + it('returns nothing if unknown type is specified', () => { getTestScheduler().run(({ expectObservable }) => { expectObservable( searchResultProvider.find( { term: '', types: ['tag'] }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext + ) + ).toBe('(a|)', { + a: [], + }); + }); + }); + it('returns nothing if capabilities.catalogue.enterpriseSearch is false', () => { + getTestScheduler().run(({ expectObservable }) => { + expectObservable( + searchResultProvider.find( + { term: '', types: ['tag'] }, + { aborted$: NEVER, maxResults: 1, preference: '' }, + getSearchProviderContext({ enterpriseSearchEnabled: false }) ) ).toBe('(a|)', { a: [], @@ -236,7 +269,7 @@ describe('Enterprise Search search provider', () => { searchResultProvider.find( { term: 'crawler', types: ['integration'] }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [crawlerResult], @@ -249,7 +282,7 @@ describe('Enterprise Search search provider', () => { searchResultProvider.find( { term: 'crawler', types: ['enterprise search'] }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [crawlerResult], @@ -272,7 +305,7 @@ describe('Enterprise Search search provider', () => { searchProvider.find( { term: 'app search' }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [], @@ -295,7 +328,7 @@ describe('Enterprise Search search provider', () => { searchProvider.find( { term: 'workplace search' }, { aborted$: NEVER, maxResults: 1, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: [], @@ -318,7 +351,7 @@ describe('Enterprise Search search provider', () => { searchProvider.find( { term: '' }, { aborted$: NEVER, maxResults: 100, preference: '' }, - {} as any + mockSearchProviderContext ) ).toBe('(a|)', { a: expect.arrayContaining([ diff --git a/x-pack/plugins/enterprise_search/server/utils/search_result_provider.ts b/x-pack/plugins/enterprise_search/server/utils/search_result_provider.ts index bd01e16109f8..15b1971c6aec 100644 --- a/x-pack/plugins/enterprise_search/server/utils/search_result_provider.ts +++ b/x-pack/plugins/enterprise_search/server/utils/search_result_provider.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { from, takeUntil } from 'rxjs'; +import { takeUntil, of, map } from 'rxjs'; import { GlobalSearchResultProvider } from '@kbn/global-search-plugin/server'; import { i18n } from '@kbn/i18n'; @@ -79,73 +79,84 @@ export function getSearchResultProvider( crawlerIconPath: string ): GlobalSearchResultProvider { return { - find: ({ term, types, tags }, { aborted$, maxResults }) => { + find: ({ term, types, tags }, { aborted$, maxResults }, { core: { capabilities } }) => { if ( tags || (types && !(types.includes('integration') || types.includes('enterprise search'))) ) { - return from([[]]); + return of([]); } - const services: ServiceDefinition[] = [ - ...(config.hasWebCrawler - ? [ - { - iconPath: crawlerIconPath, - keywords: ['crawler', 'web', 'website', 'internet', 'google'], - name: i18n.translate('xpack.enterpriseSearch.searchProvider.webCrawler.name', { - defaultMessage: 'Elastic Web Crawler', - }), - serviceType: ENTERPRISE_SEARCH_CONNECTOR_CRAWLER_SERVICE_TYPE, - }, - ] - : []), - ...(config.hasConnectors ? connectorTypes : []), - ...(config.canDeployEntSearch - ? [ - { - keywords: ['esre', 'search'], - name: i18n.translate('xpack.enterpriseSearch.searchProvider.aiSearch.name', { - defaultMessage: 'Search AI', - }), - serviceType: 'ai_search', - url: AI_SEARCH_PLUGIN.URL, - }, - ] - : []), - ]; - const result = services - .map((service) => { - const { iconPath, isNative, keywords, name, serviceType } = service; - const url = 'url' in service ? service.url : undefined; - let score = 0; - const searchTerm = (term || '').toLowerCase(); - const searchName = name.toLowerCase(); - if (!searchTerm) { - score = 80; - } else if (searchName === searchTerm) { - score = 100; - } else if (searchName.startsWith(searchTerm)) { - score = 90; - } else if (searchName.includes(searchTerm)) { - score = 75; - } else if (serviceType === searchTerm) { - score = 65; - } else if (keywords.some((keyword) => keyword.includes(searchTerm))) { - score = 50; + + return capabilities.pipe( + takeUntil(aborted$), + map((caps) => { + if (!caps.catalogue.enterpriseSearch) { + return []; } - return toSearchResult({ - iconPath, - isCloud, - isNative, - name, - score, - serviceType, - url, - }); + + const services: ServiceDefinition[] = [ + ...(config.hasWebCrawler + ? [ + { + iconPath: crawlerIconPath, + keywords: ['crawler', 'web', 'website', 'internet', 'google'], + name: i18n.translate('xpack.enterpriseSearch.searchProvider.webCrawler.name', { + defaultMessage: 'Elastic Web Crawler', + }), + serviceType: ENTERPRISE_SEARCH_CONNECTOR_CRAWLER_SERVICE_TYPE, + }, + ] + : []), + ...(config.hasConnectors ? connectorTypes : []), + ...(config.canDeployEntSearch + ? [ + { + keywords: ['esre', 'search'], + name: i18n.translate('xpack.enterpriseSearch.searchProvider.aiSearch.name', { + defaultMessage: 'Search AI', + }), + serviceType: 'ai_search', + url: AI_SEARCH_PLUGIN.URL, + }, + ] + : []), + ]; + const result = services + .map((service) => { + const { iconPath, isNative, keywords, name, serviceType } = service; + const url = 'url' in service ? service.url : undefined; + let score = 0; + const searchTerm = (term || '').toLowerCase(); + const searchName = name.toLowerCase(); + if (!searchTerm) { + score = 80; + } else if (searchName === searchTerm) { + score = 100; + } else if (searchName.startsWith(searchTerm)) { + score = 90; + } else if (searchName.includes(searchTerm)) { + score = 75; + } else if (serviceType === searchTerm) { + score = 65; + } else if (keywords.some((keyword) => keyword.includes(searchTerm))) { + score = 50; + } + return toSearchResult({ + iconPath, + isCloud, + isNative, + name, + score, + serviceType, + url, + }); + }) + .filter(({ score }) => score > 0) + .slice(0, maxResults); + + return result; }) - .filter(({ score }) => score > 0) - .slice(0, maxResults); - return from([result]).pipe(takeUntil(aborted$)); + ); }, getSearchableTypes: () => ['enterprise search', 'integration'], id: 'enterpriseSearch', diff --git a/x-pack/plugins/enterprise_search/tsconfig.json b/x-pack/plugins/enterprise_search/tsconfig.json index 841cebf28cf4..fa0751078c0f 100644 --- a/x-pack/plugins/enterprise_search/tsconfig.json +++ b/x-pack/plugins/enterprise_search/tsconfig.json @@ -80,7 +80,6 @@ "@kbn/try-in-console", "@kbn/core-chrome-browser", "@kbn/navigation-plugin", - "@kbn/search-homepage", "@kbn/security-plugin-types-common", "@kbn/core-security-server", "@kbn/core-security-server-mocks" diff --git a/x-pack/plugins/license_management/__jest__/__snapshots__/license_page_header.test.js.snap b/x-pack/plugins/license_management/__jest__/__snapshots__/license_page_header.test.js.snap index 533367de2237..44cf021ef63d 100644 --- a/x-pack/plugins/license_management/__jest__/__snapshots__/license_page_header.test.js.snap +++ b/x-pack/plugins/license_management/__jest__/__snapshots__/license_page_header.test.js.snap @@ -9,10 +9,10 @@ Array [ class="euiPageHeaderContent emotion-euiPageHeaderContent-border-l" >

= { + showLegend: false, +}; diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/failed_transaction_chart.tsx b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/failed_transaction_chart.tsx index 02273f0f4314..f5031282ad7a 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/failed_transaction_chart.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/failed_transaction_chart.tsx @@ -24,7 +24,7 @@ import { UI_SETTINGS } from '@kbn/data-plugin/public'; import { Theme } from '@elastic/charts'; import { AlertActiveTimeRangeAnnotation, AlertAnnotation } from '@kbn/observability-alert-details'; import { useKibana } from '@kbn/kibana-react-plugin/public'; -import { DEFAULT_DATE_FORMAT } from './constants'; +import { CHART_SETTINGS, DEFAULT_DATE_FORMAT } from './constants'; import { useFetcher } from '../../../../hooks/use_fetcher'; import { ChartType } from '../../../shared/charts/helper/get_timeseries_color'; import * as get_timeseries_color from '../../../shared/charts/helper/get_timeseries_color'; @@ -226,6 +226,7 @@ function FailedTransactionChart({ comparisonEnabled={false} customTheme={comparisonChartTheme} timeZone={timeZone} + settings={CHART_SETTINGS} /> diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/index.tsx index b9a7f4e8d825..ada563851bdc 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/index.tsx @@ -5,9 +5,15 @@ * 2.0. */ +import React from 'react'; import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui'; +import { COMPARATORS } from '@kbn/alerting-comparators'; +import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { formatAlertEvaluationValue } from '@kbn/observability-plugin/public'; +import { useKibana } from '@kbn/kibana-react-plugin/public'; +import { formatAlertEvaluationValue, Threshold } from '@kbn/observability-plugin/public'; +import { useChartThemes } from '@kbn/observability-shared-plugin/public'; +import { getPaddedAlertTimeRange } from '@kbn/observability-get-padded-alert-time-range-util'; import { ALERT_END, ALERT_EVALUATION_THRESHOLD, @@ -15,9 +21,6 @@ import { ALERT_RULE_TYPE_ID, ALERT_START, } from '@kbn/rule-data-utils'; -import React, { useEffect } from 'react'; -import { useKibana } from '@kbn/kibana-react-plugin/public'; -import { getPaddedAlertTimeRange } from '@kbn/observability-get-padded-alert-time-range-util'; import { EuiCallOut } from '@elastic/eui'; import { CoreStart } from '@kbn/core/public'; import { @@ -36,12 +39,7 @@ import ThroughputChart from './throughput_chart'; import { AlertDetailsAppSectionProps } from './types'; import { createCallApmApi } from '../../../../services/rest/create_call_apm_api'; -export function AlertDetailsAppSection({ - rule, - alert, - timeZone, - setAlertSummaryFields, -}: AlertDetailsAppSectionProps) { +export function AlertDetailsAppSection({ rule, alert, timeZone }: AlertDetailsAppSectionProps) { const { services } = useKibana(); createCallApmApi(services as CoreStart); @@ -54,42 +52,25 @@ export function AlertDetailsAppSection({ const transactionName = alert.fields[TRANSACTION_NAME]; const transactionType = alert.fields[TRANSACTION_TYPE]; - useEffect(() => { - const alertSummaryFields = [ - { - label: ( - - ), - value: formatAlertEvaluationValue(alertRuleTypeId, alertEvaluationValue), - }, - { - label: ( - - ), - value: formatAlertEvaluationValue(alertRuleTypeId, alertEvaluationThreshold), - }, - ]; - setAlertSummaryFields(alertSummaryFields); - }, [ - alertRuleTypeId, - alertEvaluationValue, - alertEvaluationThreshold, - environment, - serviceName, - transactionName, - setAlertSummaryFields, - ]); - const params = rule.params; const latencyAggregationType = getAggsTypeFromRule(params.aggregationType); const timeRange = getPaddedAlertTimeRange(alert.fields[ALERT_START]!, alert.fields[ALERT_END]); const comparisonChartTheme = getComparisonChartTheme(); + const chartThemes = useChartThemes(); + const thresholdComponent = + alertEvaluationValue && alertEvaluationThreshold ? ( + String(formatAlertEvaluationValue(alertRuleTypeId, d))} + title={i18n.translate('xpack.apm.alertDetails.thresholdTitle', { + defaultMessage: 'Threshold breached', + })} + comparator={COMPARATORS.GREATER_THAN} + /> + ) : undefined; const { from, to } = timeRange; if (!from || !to) { @@ -138,6 +119,7 @@ export function AlertDetailsAppSection({ latencyAggregationType={latencyAggregationType} comparisonEnabled={false} offset={''} + threshold={thresholdComponent} /> diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/latency_chart.tsx b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/latency_chart.tsx index 82fa091fa661..74468c5152ec 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/latency_chart.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/latency_chart.tsx @@ -7,7 +7,7 @@ import { Theme } from '@elastic/charts'; import { RecursivePartial } from '@elastic/eui'; -import React, { useMemo } from 'react'; +import React, { useMemo, ReactElement } from 'react'; import { EuiFlexItem, EuiPanel, EuiFlexGroup, EuiTitle } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { BoolQuery } from '@kbn/es-query'; @@ -38,7 +38,7 @@ import { LatencyAggregationType } from '../../../../../common/latency_aggregatio import { isLatencyThresholdRuleType } from './helpers'; import { ApmDocumentType } from '../../../../../common/document_type'; import { usePreferredDataSourceAndBucketSize } from '../../../../hooks/use_preferred_data_source_and_bucket_size'; -import { DEFAULT_DATE_FORMAT } from './constants'; +import { CHART_SETTINGS, DEFAULT_DATE_FORMAT } from './constants'; import { TransactionTypeSelect } from './transaction_type_select'; import { ViewInAPMButton } from './view_in_apm_button'; @@ -61,6 +61,7 @@ function LatencyChart({ customAlertEvaluationThreshold, kuery = '', filters, + threshold, }: { alert: TopAlert; transactionType: string; @@ -78,6 +79,7 @@ function LatencyChart({ offset: string; timeZone: string; customAlertEvaluationThreshold?: number; + threshold?: ReactElement; kuery?: string; filters?: BoolQuery; }) { @@ -245,18 +247,28 @@ function LatencyChart({ - + + {!!threshold && ( + + {threshold} + + )} + + + + ); diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/throughput_chart.tsx b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/throughput_chart.tsx index b9eb0a4c729d..f70de0861bb2 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/throughput_chart.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/throughput_chart.tsx @@ -17,6 +17,7 @@ import { EuiIconTip, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import { CHART_SETTINGS } from './constants'; import { ChartType, getTimeSeriesColor } from '../../../shared/charts/helper/get_timeseries_color'; import { useFetcher } from '../../../../hooks/use_fetcher'; @@ -190,6 +191,7 @@ function ThroughputChart({ timeseries={timeseriesThroughput} yLabelFormat={asExactTransactionRate} timeZone={timeZone} + settings={CHART_SETTINGS} /> diff --git a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/types.ts b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/types.ts index a5c692de0584..f1a05a285d16 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/types.ts +++ b/x-pack/plugins/observability_solution/apm/public/components/alerting/ui_components/alert_details_app_section/types.ts @@ -6,7 +6,7 @@ */ import type { Rule } from '@kbn/alerting-plugin/common'; -import type { TopAlert, AlertSummaryField } from '@kbn/observability-plugin/public'; +import type { TopAlert } from '@kbn/observability-plugin/public'; import type { TIME_UNITS } from '@kbn/triggers-actions-ui-plugin/public'; import type { SERVICE_NAME, @@ -28,5 +28,4 @@ export interface AlertDetailsAppSectionProps { [SERVICE_ENVIRONMENT]: string; }>; timeZone: string; - setAlertSummaryFields: React.Dispatch>; } diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/charts/timeseries_chart.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/charts/timeseries_chart.tsx index c3654ea41f25..7b90aeb3ee03 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/charts/timeseries_chart.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/charts/timeseries_chart.tsx @@ -23,6 +23,7 @@ import { XYBrushEvent, XYChartSeriesIdentifier, Tooltip, + SettingsSpec, } from '@elastic/charts'; import { EuiFlexGroup, EuiFlexItem, EuiIcon, EuiSpacer } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; @@ -46,11 +47,13 @@ const END_ZONE_LABEL = i18n.translate('xpack.apm.timeseries.endzone', { defaultMessage: 'The selected time range does not include this entire bucket. It might contain partial data.', }); + interface TimeseriesChartProps extends TimeseriesChartWithContextProps { comparisonEnabled: boolean; offset?: string; timeZone: string; annotations?: Array>; + settings?: Partial; } export function TimeseriesChart({ id, @@ -68,6 +71,7 @@ export function TimeseriesChart({ offset, timeZone, annotations, + settings, }: TimeseriesChartProps) { const history = useHistory(); const { chartRef, updatePointerEvent } = useChartPointerEventContext(); @@ -186,6 +190,7 @@ export function TimeseriesChart({ } }} locale={i18n.getLocale()} + {...settings} /> ; alert: TopAlert>; - setAlertSummaryFields: React.Dispatch>; } diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx index 5f8b99629eeb..822173c5144d 100644 --- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx +++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.test.tsx @@ -69,7 +69,6 @@ jest.mock('../../../hooks/use_kibana', () => ({ describe('AlertDetailsAppSection', () => { const queryClient = new QueryClient(); - const mockedSetAlertSummaryFields = jest.fn(); const renderComponent = () => { return render( @@ -77,7 +76,6 @@ describe('AlertDetailsAppSection', () => { diff --git a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx index 78d908d85ad8..8f3e22c5b8a8 100644 --- a/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx +++ b/x-pack/plugins/observability_solution/infra/public/alerting/metric_threshold/components/alert_details_app_section.tsx @@ -20,7 +20,7 @@ import { } from '@elastic/eui'; import chroma from 'chroma-js'; -import { AlertSummaryField, RuleConditionChart, TopAlert } from '@kbn/observability-plugin/public'; +import { RuleConditionChart, TopAlert } from '@kbn/observability-plugin/public'; import { ALERT_END, ALERT_START, ALERT_EVALUATION_VALUES, ALERT_GROUP } from '@kbn/rule-data-utils'; import { Rule, RuleTypeParams } from '@kbn/alerting-plugin/common'; import { getPaddedAlertTimeRange } from '@kbn/observability-get-padded-alert-time-range-util'; @@ -57,10 +57,9 @@ export type MetricThresholdAlert = TopAlert; interface AppSectionProps { alert: MetricThresholdAlert; rule: MetricThresholdRule; - setAlertSummaryFields: React.Dispatch>; } -export function AlertDetailsAppSection({ alert, rule, setAlertSummaryFields }: AppSectionProps) { +export function AlertDetailsAppSection({ alert, rule }: AppSectionProps) { const { charts } = useKibanaContextForPlugin().services; const { euiTheme } = useEuiTheme(); const groups = alert.fields[ALERT_GROUP]; diff --git a/x-pack/plugins/observability_solution/infra/server/features.ts b/x-pack/plugins/observability_solution/infra/server/features.ts index 48091c9fe4b7..b2f83967920e 100644 --- a/x-pack/plugins/observability_solution/infra/server/features.ts +++ b/x-pack/plugins/observability_solution/infra/server/features.ts @@ -106,7 +106,7 @@ export const LOGS_FEATURE = { order: 700, category: DEFAULT_APP_CATEGORIES.observability, scope: [KibanaFeatureScope.Spaces, KibanaFeatureScope.Security], - app: ['infra', 'logs', 'kibana'], + app: ['infra', 'logs', 'kibana', 'observability-logs-explorer'], catalogue: ['infralogging', 'logs'], management: { insightsAndAlerting: ['triggersActions'], @@ -114,7 +114,7 @@ export const LOGS_FEATURE = { alerting: logsRuleTypes, privileges: { all: { - app: ['infra', 'logs', 'kibana'], + app: ['infra', 'logs', 'kibana', 'observability-logs-explorer'], catalogue: ['infralogging', 'logs'], api: ['infra', 'rac'], savedObject: { @@ -135,7 +135,7 @@ export const LOGS_FEATURE = { ui: ['show', 'configureSource', 'save'], }, read: { - app: ['infra', 'logs', 'kibana'], + app: ['infra', 'logs', 'kibana', 'observability-logs-explorer'], catalogue: ['infralogging', 'logs'], api: ['infra', 'rac'], alerting: { diff --git a/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc b/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc index 2cc904dafac0..792e40e92e16 100644 --- a/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc +++ b/x-pack/plugins/observability_solution/investigate_app/kibana.jsonc @@ -9,7 +9,6 @@ "configPath": ["xpack", "investigateApp"], "requiredPlugins": [ "investigate", - "observabilityAIAssistant", "observabilityShared", "lens", "dataViews", @@ -28,7 +27,7 @@ "kibanaReact", "kibanaUtils", ], - "optionalPlugins": [], + "optionalPlugins": ["observabilityAIAssistant"], "extraPublicDirs": [] } } diff --git a/x-pack/plugins/observability_solution/investigate_app/public/hooks/query_key_factory.ts b/x-pack/plugins/observability_solution/investigate_app/public/hooks/query_key_factory.ts index 44352e46997e..8484bc7d7b15 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/hooks/query_key_factory.ts +++ b/x-pack/plugins/observability_solution/investigate_app/public/hooks/query_key_factory.ts @@ -22,6 +22,16 @@ export const investigationKeys = { [...investigationKeys.detail(investigationId), 'notes'] as const, detailItems: (investigationId: string) => [...investigationKeys.detail(investigationId), 'items'] as const, + entities: ({ + investigationId, + ...params + }: { + investigationId: string; + serviceName?: string; + serviceEnvironment?: string; + hostName?: string; + containerId?: string; + }) => [...investigationKeys.detail(investigationId), 'entities', params] as const, }; export type InvestigationKeys = typeof investigationKeys; diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/hooks/use_fetch_alert.tsx b/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_alert.tsx similarity index 68% rename from x-pack/plugins/observability_solution/investigate_app/public/pages/details/hooks/use_fetch_alert.tsx rename to x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_alert.tsx index a64d333bcc9f..7d2245ac3861 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/hooks/use_fetch_alert.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_alert.tsx @@ -7,10 +7,11 @@ import { useQuery } from '@tanstack/react-query'; import { BASE_RAC_ALERTS_API_PATH, EcsFieldsResponse } from '@kbn/rule-registry-plugin/common'; -import { useKibana } from '../../../hooks/use_kibana'; +import { type GetInvestigationResponse, alertOriginSchema } from '@kbn/investigation-shared'; +import { useKibana } from './use_kibana'; -export interface AlertParams { - id?: string; +export interface UseFetchAlertParams { + investigation?: GetInvestigationResponse; } export interface UseFetchAlertResponse { @@ -22,20 +23,22 @@ export interface UseFetchAlertResponse { data: EcsFieldsResponse | undefined | null; } -export function useFetchAlert({ id }: AlertParams): UseFetchAlertResponse { +export function useFetchAlert({ investigation }: UseFetchAlertParams): UseFetchAlertResponse { const { core: { http, notifications: { toasts }, }, } = useKibana(); + const alertOriginInvestigation = alertOriginSchema.safeParse(investigation?.origin); + const alertId = alertOriginInvestigation.success ? alertOriginInvestigation.data.id : undefined; const { isInitialLoading, isLoading, isError, isSuccess, isRefetching, data } = useQuery({ - queryKey: ['fetchAlert', id], + queryKey: ['fetchAlert', investigation?.id], queryFn: async ({ signal }) => { return await http.get(BASE_RAC_ALERTS_API_PATH, { query: { - id, + id: alertId, }, signal, }); @@ -47,7 +50,7 @@ export function useFetchAlert({ id }: AlertParams): UseFetchAlertResponse { title: 'Something went wrong while fetching alert', }); }, - enabled: Boolean(id), + enabled: Boolean(alertId), }); return { diff --git a/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_entities.ts b/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_entities.ts new file mode 100644 index 000000000000..a8cee1a9c185 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_entities.ts @@ -0,0 +1,67 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { useQuery } from '@tanstack/react-query'; +import { GetEntitiesResponse } from '@kbn/investigation-shared'; +import { useKibana } from './use_kibana'; +import { investigationKeys } from './query_key_factory'; + +export interface EntityParams { + investigationId: string; + serviceName?: string; + serviceEnvironment?: string; + hostName?: string; + containerId?: string; +} + +export function useFetchEntities({ + investigationId, + serviceName, + serviceEnvironment, + hostName, + containerId, +}: EntityParams) { + const { + core: { http }, + } = useKibana(); + + const { isInitialLoading, isLoading, isError, isSuccess, isRefetching, data } = useQuery({ + queryKey: investigationKeys.entities({ + investigationId, + serviceName, + serviceEnvironment, + hostName, + containerId, + }), + queryFn: async ({ signal }) => { + return await http.get('/api/observability/investigation/entities', { + query: { + 'service.name': serviceName, + 'service.environment': serviceEnvironment, + 'host.name': hostName, + 'container.id': containerId, + }, + version: '2023-10-31', + signal, + }); + }, + refetchOnWindowFocus: false, + onError: (error: Error) => { + // ignore error + }, + enabled: Boolean(investigationId && (serviceName || hostName || containerId)), + }); + + return { + data, + isInitialLoading, + isLoading, + isRefetching, + isSuccess, + isError, + }; +} diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/hooks/use_screen_context.tsx b/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_screen_context.tsx similarity index 85% rename from x-pack/plugins/observability_solution/investigate_app/public/pages/details/hooks/use_screen_context.tsx rename to x-pack/plugins/observability_solution/investigate_app/public/hooks/use_screen_context.tsx index b6bc3fbda9e2..9d38c4333e35 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/hooks/use_screen_context.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/hooks/use_screen_context.tsx @@ -5,13 +5,12 @@ * 2.0. */ -import { alertOriginSchema } from '@kbn/investigation-shared'; import { ALERT_REASON, ALERT_START, ALERT_STATUS } from '@kbn/rule-data-utils'; import type { EcsFieldsResponse } from '@kbn/rule-registry-plugin/common'; import dedent from 'dedent'; import { useEffect } from 'react'; -import { useKibana } from '../../../hooks/use_kibana'; -import { useInvestigation } from '../contexts/investigation_context'; +import { useKibana } from './use_kibana'; +import { useInvestigation } from '../pages/details/contexts/investigation_context'; import { useFetchAlert } from './use_fetch_alert'; export function useScreenContext() { @@ -22,9 +21,7 @@ export function useScreenContext() { } = useKibana(); const { investigation } = useInvestigation(); - const alertOriginInvestigation = alertOriginSchema.safeParse(investigation?.origin); - const alertId = alertOriginInvestigation.success ? alertOriginInvestigation.data.id : undefined; - const { data: alertDetails, isLoading: isAlertDetailsLoading } = useFetchAlert({ id: alertId }); + const { data: alertDetails, isLoading: isAlertDetailsLoading } = useFetchAlert({ investigation }); useEffect(() => { if (!investigation || isAlertDetailsLoading) { diff --git a/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx b/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx index 8ebf3829b073..29b2a1319fef 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/items/embeddable_item/register_embeddable_item.tsx @@ -8,7 +8,7 @@ import { EuiLoadingSpinner, EuiFlexItem } from '@elastic/eui'; import { css } from '@emotion/css'; import { ReactEmbeddableRenderer } from '@kbn/embeddable-plugin/public'; import type { GlobalWidgetParameters } from '@kbn/investigate-plugin/public'; -import { useAbortableAsync } from '@kbn/observability-ai-assistant-plugin/public'; +import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async'; import React, { useEffect, useMemo, useRef, useState } from 'react'; import { v4 } from 'uuid'; import { ErrorMessage } from '../../components/error_message'; diff --git a/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx b/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx index 54d3698a5148..7b88081ca550 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/items/esql_item/register_esql_item.tsx @@ -10,7 +10,7 @@ import type { ESQLSearchResponse } from '@kbn/es-types'; import { i18n } from '@kbn/i18n'; import { type GlobalWidgetParameters } from '@kbn/investigate-plugin/public'; import type { Suggestion } from '@kbn/lens-plugin/public'; -import { useAbortableAsync } from '@kbn/observability-ai-assistant-plugin/public'; +import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async'; import React, { useMemo } from 'react'; import { ErrorMessage } from '../../components/error_message'; import { useKibana } from '../../hooks/use_kibana'; diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx index 6fdba0224b7d..8d0056dbd538 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/add_investigation_item/esql_widget_preview.tsx @@ -11,7 +11,7 @@ import type { ESQLColumn, ESQLRow } from '@kbn/es-types'; import { GlobalWidgetParameters } from '@kbn/investigate-plugin/public'; import { Item } from '@kbn/investigation-shared'; import type { Suggestion } from '@kbn/lens-plugin/public'; -import { useAbortableAsync } from '@kbn/observability-ai-assistant-plugin/public'; +import { useAbortableAsync } from '@kbn/observability-utils/hooks/use_abortable_async'; import React, { useEffect, useMemo, useState } from 'react'; import { ErrorMessage } from '../../../../components/error_message'; import { SuggestVisualizationList } from '../../../../components/suggest_visualization_list'; diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/assistant_hypothesis/assistant_hypothesis.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/assistant_hypothesis/assistant_hypothesis.tsx new file mode 100644 index 000000000000..2dc76d49c282 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/assistant_hypothesis/assistant_hypothesis.tsx @@ -0,0 +1,122 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import dedent from 'dedent'; +import { + ALERT_RULE_PARAMETERS, + ALERT_START, + ALERT_RULE_CATEGORY, + ALERT_REASON, +} from '@kbn/rule-data-utils'; +import { i18n } from '@kbn/i18n'; +import { EntityWithSource } from '@kbn/investigation-shared'; +import React, { useCallback } from 'react'; +import { useKibana } from '../../../../hooks/use_kibana'; +import { useInvestigation } from '../../contexts/investigation_context'; +import { useFetchEntities } from '../../../../hooks/use_fetch_entities'; + +export interface InvestigationContextualInsight { + key: string; + description: string; + data: unknown; +} + +export function AssistantHypothesis({ investigationId }: { investigationId: string }) { + const { alert } = useInvestigation(); + const { + dependencies: { + start: { + observabilityAIAssistant: { + ObservabilityAIAssistantContextualInsight, + getContextualInsightMessages, + }, + }, + }, + } = useKibana(); + const { data: entitiesData } = useFetchEntities({ + investigationId, + serviceName: alert?.['service.name'] ? `${alert?.['service.name']}` : undefined, + serviceEnvironment: alert?.['service.environment'] + ? `${alert?.['service.environment']}` + : undefined, + hostName: alert?.['host.name'] ? `${alert?.['host.name']}` : undefined, + containerId: alert?.['container.id'] ? `${alert?.['container.id']}` : undefined, + }); + + const getAlertContextMessages = useCallback(async () => { + if (!getContextualInsightMessages || !alert) { + return []; + } + + const entities = entitiesData?.entities ?? []; + + const entityContext = entities?.length + ? ` + Alerts can optionally be associated with entities. Entities can be services, hosts, containers, or other resources. Entities can have metrics associated with them. + + The alert that triggered this investigation is associated with the following entities: ${entities + .map((entity, index) => { + return dedent(` + ## Entity ${index + 1}: + ${formatEntityMetrics(entity)}; + `); + }) + .join('/n/n')}` + : ''; + + return getContextualInsightMessages({ + message: `I am investigating a failure in my system. I was made aware of the failure by an alert and I am trying to understand the root cause of the issue.`, + instructions: dedent( + `I'm an SRE. I am investigating a failure in my system. I was made aware of the failure via an alert. Your current task is to help me identify the root cause of the failure in my system. + + The rule that triggered the alert is a ${ + alert[ALERT_RULE_CATEGORY] + } rule. The alert started at ${alert[ALERT_START]}. The alert reason is ${ + alert[ALERT_REASON] + }. The rule parameters are ${JSON.stringify(ALERT_RULE_PARAMETERS)}. + + ${entityContext} + + Based on the alert details, suggest a root cause and next steps to mitigate the issue. + + I do not have the alert details or entity details in front of me, so be sure to repeat the alert reason (${ + alert[ALERT_REASON] + }), when the alert was triggered (${ + alert[ALERT_START] + }), and the entity metrics in your response. + + When displaying the entity metrics, please convert the metrics to a human-readable format. For example, convert "logRate" to "Log Rate" and "errorRate" to "Error Rate". + ` + ), + }); + }, [alert, getContextualInsightMessages, entitiesData?.entities]); + + if (!ObservabilityAIAssistantContextualInsight) { + return null; + } + + return alert && entitiesData ? ( + + ) : null; +} +const formatEntityMetrics = (entity: EntityWithSource): string => { + const entityMetrics = Object.entries(entity.metrics) + .map(([key, value]) => `${key}: ${value}`) + .join(', '); + const entitySources = entity.sources.map((source) => source.dataStream).join(', '); + return dedent(` + Entity name: ${entity.displayName}; + Entity type: ${entity.type}; + Entity metrics: ${entityMetrics}; + Entity data streams: ${entitySources} + `); +}; diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_details/investigation_details.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_details/investigation_details.tsx index 5d5c66a4554f..5c9682348ee2 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_details/investigation_details.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_details/investigation_details.tsx @@ -16,7 +16,7 @@ import { useInvestigation } from '../../contexts/investigation_context'; import { InvestigationHeader } from '../investigation_header/investigation_header'; import { InvestigationItems } from '../investigation_items/investigation_items'; import { InvestigationNotes } from '../investigation_notes/investigation_notes'; -import { useScreenContext } from '../../hooks/use_screen_context'; +import { useScreenContext } from '../../../../hooks/use_screen_context'; interface Props { user: AuthenticatedUser; diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_header/alert_details_button.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_header/alert_details_button.tsx index ff33ca7949f7..391be0abf808 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_header/alert_details_button.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_header/alert_details_button.tsx @@ -6,12 +6,14 @@ */ import { EuiButtonEmpty, EuiText } from '@elastic/eui'; -import { alertOriginSchema } from '@kbn/investigation-shared'; -import { ALERT_RULE_CATEGORY } from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names'; +import { + ALERT_RULE_CATEGORY, + ALERT_UUID, +} from '@kbn/rule-registry-plugin/common/technical_rule_data_field_names'; import React from 'react'; import { useKibana } from '../../../../hooks/use_kibana'; +import { useFetchAlert } from '../../../../hooks/use_fetch_alert'; import { useInvestigation } from '../../contexts/investigation_context'; -import { useFetchAlert } from '../../hooks/use_fetch_alert'; export function AlertDetailsButton() { const { @@ -21,9 +23,7 @@ export function AlertDetailsButton() { } = useKibana(); const { investigation } = useInvestigation(); - const alertOriginInvestigation = alertOriginSchema.safeParse(investigation?.origin); - const alertId = alertOriginInvestigation.success ? alertOriginInvestigation.data.id : undefined; - const { data: alertDetails } = useFetchAlert({ id: alertId }); + const { data: alertDetails } = useFetchAlert({ investigation }); if (!alertDetails) { return null; @@ -33,7 +33,7 @@ export function AlertDetailsButton() { data-test-subj="investigationDetailsAlertLink" iconType="arrowLeft" size="xs" - href={basePath.prepend(`/app/observability/alerts/${alertId}`)} + href={basePath.prepend(`/app/observability/alerts/${alertDetails[ALERT_UUID]}`)} > {`[Alert] ${alertDetails?.[ALERT_RULE_CATEGORY]} breached`} diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_items/investigation_items.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_items/investigation_items.tsx index f9398038173c..a95c50274d19 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_items/investigation_items.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/components/investigation_items/investigation_items.tsx @@ -12,9 +12,10 @@ import { useInvestigation } from '../../contexts/investigation_context'; import { AddInvestigationItem } from '../add_investigation_item/add_investigation_item'; import { InvestigationItemsList } from '../investigation_items_list/investigation_items_list'; import { InvestigationSearchBar } from '../investigation_search_bar/investigation_search_bar'; +import { AssistantHypothesis } from '../assistant_hypothesis/assistant_hypothesis'; export function InvestigationItems() { - const { globalParams, updateInvestigationParams } = useInvestigation(); + const { globalParams, updateInvestigationParams, investigation } = useInvestigation(); return ( @@ -33,10 +34,14 @@ export function InvestigationItems() { /> + {investigation?.id && ( + + + + )} - ); diff --git a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/contexts/investigation_context.tsx b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/contexts/investigation_context.tsx index ad3e01ccb4e7..ec571d0e2db8 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/pages/details/contexts/investigation_context.tsx +++ b/x-pack/plugins/observability_solution/investigate_app/public/pages/details/contexts/investigation_context.tsx @@ -7,6 +7,7 @@ import { i18n } from '@kbn/i18n'; import { type GlobalWidgetParameters } from '@kbn/investigate-plugin/public'; +import { EcsFieldsResponse } from '@kbn/rule-registry-plugin/common'; import { GetInvestigationResponse, InvestigationItem, Item } from '@kbn/investigation-shared'; import { isEqual } from 'lodash'; import React, { createContext, useContext, useEffect, useRef, useState } from 'react'; @@ -15,6 +16,7 @@ import { useAddInvestigationNote } from '../../../hooks/use_add_investigation_no import { useDeleteInvestigationItem } from '../../../hooks/use_delete_investigation_item'; import { useDeleteInvestigationNote } from '../../../hooks/use_delete_investigation_note'; import { useFetchInvestigation } from '../../../hooks/use_fetch_investigation'; +import { useFetchAlert } from '../../../hooks/use_fetch_alert'; import { useKibana } from '../../../hooks/use_kibana'; import { useUpdateInvestigation } from '../../../hooks/use_update_investigation'; import { useUpdateInvestigationNote } from '../../../hooks/use_update_investigation_note'; @@ -26,6 +28,7 @@ export type RenderedInvestigationItem = InvestigationItem & { interface InvestigationContextProps { investigation?: GetInvestigationResponse; + alert?: EcsFieldsResponse; renderableItems: RenderedInvestigationItem[]; globalParams: GlobalWidgetParameters; updateInvestigationParams: (params: GlobalWidgetParameters) => Promise; @@ -81,6 +84,7 @@ export function InvestigationProvider({ id: initialInvestigation.id, initialInvestigation, }); + const { data: alert } = useFetchAlert({ investigation }); const cache = useRef< Record @@ -211,6 +215,7 @@ export function InvestigationProvider({ renderableItems, updateInvestigationParams, investigation, + alert: alert ?? undefined, globalParams, addItem, deleteItem, diff --git a/x-pack/plugins/observability_solution/investigate_app/public/types.ts b/x-pack/plugins/observability_solution/investigate_app/public/types.ts index f3b81f3db7b2..101d6993ab9c 100644 --- a/x-pack/plugins/observability_solution/investigate_app/public/types.ts +++ b/x-pack/plugins/observability_solution/investigate_app/public/types.ts @@ -4,6 +4,10 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ +import type { + ObservabilityAIAssistantPublicSetup, + ObservabilityAIAssistantPublicStart, +} from '@kbn/observability-ai-assistant-plugin/public'; import type { ContentManagementPublicStart } from '@kbn/content-management-plugin/public'; import type { DataPublicPluginSetup, DataPublicPluginStart } from '@kbn/data-plugin/public'; import type { @@ -27,10 +31,6 @@ import type { import type { SecurityPluginSetup, SecurityPluginStart } from '@kbn/security-plugin/public'; import type { UiActionsSetup, UiActionsStart } from '@kbn/ui-actions-plugin/public'; import type { UnifiedSearchPublicPluginStart } from '@kbn/unified-search-plugin/public'; -import type { - ObservabilityAIAssistantPublicSetup, - ObservabilityAIAssistantPublicStart, -} from '@kbn/observability-ai-assistant-plugin/public'; /* eslint-disable @typescript-eslint/no-empty-interface*/ @@ -41,6 +41,7 @@ export interface ConfigSchema { export interface InvestigateAppSetupDependencies { investigate: InvestigatePublicSetup; observabilityShared: ObservabilitySharedPluginSetup; + observabilityAIAssistant: ObservabilityAIAssistantPublicSetup; lens: LensPublicSetup; dataViews: DataViewsPublicPluginSetup; data: DataPublicPluginSetup; @@ -50,12 +51,12 @@ export interface InvestigateAppSetupDependencies { unifiedSearch: {}; uiActions: UiActionsSetup; security: SecurityPluginSetup; - observabilityAIAssistant: ObservabilityAIAssistantPublicSetup; } export interface InvestigateAppStartDependencies { investigate: InvestigatePublicStart; observabilityShared: ObservabilitySharedPluginStart; + observabilityAIAssistant: ObservabilityAIAssistantPublicStart; lens: LensPublicStart; dataViews: DataViewsPublicPluginStart; data: DataPublicPluginStart; @@ -65,7 +66,6 @@ export interface InvestigateAppStartDependencies { unifiedSearch: UnifiedSearchPublicPluginStart; uiActions: UiActionsStart; security: SecurityPluginStart; - observabilityAIAssistant: ObservabilityAIAssistantPublicStart; } export interface InvestigateAppPublicSetup {} diff --git a/x-pack/plugins/observability_solution/investigate_app/server/clients/create_entities_es_client.ts b/x-pack/plugins/observability_solution/investigate_app/server/clients/create_entities_es_client.ts new file mode 100644 index 000000000000..c11cd3eb9bc0 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/server/clients/create_entities_es_client.ts @@ -0,0 +1,127 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ESSearchRequest, InferSearchResponseOf } from '@kbn/es-types'; +import type { KibanaRequest } from '@kbn/core/server'; +import { ElasticsearchClient } from '@kbn/core/server'; +import { entitiesAliasPattern, ENTITY_LATEST } from '@kbn/entities-schema'; +import { unwrapEsResponse } from '@kbn/observability-plugin/common/utils/unwrap_es_response'; +import { + MsearchMultisearchBody, + MsearchMultisearchHeader, +} from '@elastic/elasticsearch/lib/api/types'; + +export const SERVICE_ENTITIES_LATEST_ALIAS = entitiesAliasPattern({ + type: 'service', + dataset: ENTITY_LATEST, +}); +export const HOST_ENTITIES_LATEST_ALIAS = entitiesAliasPattern({ + type: 'host', + dataset: ENTITY_LATEST, +}); +export const CONTAINER_ENTITIES_LATEST_ALIAS = entitiesAliasPattern({ + type: 'container', + dataset: ENTITY_LATEST, +}); +type LatestAlias = + | typeof SERVICE_ENTITIES_LATEST_ALIAS + | typeof HOST_ENTITIES_LATEST_ALIAS + | typeof CONTAINER_ENTITIES_LATEST_ALIAS; + +export function cancelEsRequestOnAbort>( + promise: T, + request: KibanaRequest, + controller: AbortController +): T { + const subscription = request.events.aborted$.subscribe(() => { + controller.abort(); + }); + + return promise.finally(() => subscription.unsubscribe()) as T; +} + +export interface EntitiesESClient { + search( + indexName: string, + searchRequest: TSearchRequest + ): Promise>; + msearch( + allSearches: TSearchRequest[] + ): Promise<{ responses: Array> }>; +} + +export function createEntitiesESClient({ + request, + esClient, +}: { + request: KibanaRequest; + esClient: ElasticsearchClient; +}) { + function search( + indexName: string, + searchRequest: TSearchRequest + ): Promise> { + const controller = new AbortController(); + + const promise = cancelEsRequestOnAbort( + esClient.search( + { ...searchRequest, index: [indexName], ignore_unavailable: true }, + { + signal: controller.signal, + meta: true, + } + ) as unknown as Promise<{ + body: InferSearchResponseOf; + }>, + request, + controller + ); + + return unwrapEsResponse(promise); + } + + return { + async search( + entityIndexAlias: LatestAlias, + searchRequest: TSearchRequest + ): Promise> { + return search(entityIndexAlias, searchRequest); + }, + + async msearch( + allSearches: Array + ): Promise<{ responses: Array> }> { + const searches = allSearches + .map((params) => { + const searchParams: [MsearchMultisearchHeader, MsearchMultisearchBody] = [ + { + index: [params.index], + ignore_unavailable: true, + }, + { + ...params.body, + }, + ]; + + return searchParams; + }) + .flat(); + + const promise = esClient.msearch( + { searches }, + { + meta: true, + } + ) as unknown as Promise<{ + body: { responses: Array> }; + }>; + + const { body } = await promise; + return { responses: body.responses }; + }, + }; +} diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/get_document_categories.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/get_document_categories.ts new file mode 100644 index 000000000000..863872fd6d01 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/get_document_categories.ts @@ -0,0 +1,493 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ElasticsearchClient } from '@kbn/core/server'; +import moment from 'moment'; +import { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/types'; +import { calculateAuto } from '@kbn/calculate-auto'; +import { + type RandomSamplerWrapper, + createRandomSamplerWrapper, +} from '@kbn/ml-random-sampler-utils'; +import { z } from '@kbn/zod'; + +const isoTimestampFormat = "YYYY-MM-DD'T'HH:mm:ss.SSS'Z'"; + +export interface LogCategory { + change: LogCategoryChange; + documentCount: number; + histogram: LogCategoryHistogramBucket[]; + terms: string; +} + +export type LogCategoryChange = + | LogCategoryNoChange + | LogCategoryRareChange + | LogCategorySpikeChange + | LogCategoryDipChange + | LogCategoryStepChange + | LogCategoryDistributionChange + | LogCategoryTrendChange + | LogCategoryOtherChange + | LogCategoryUnknownChange; + +export interface LogCategoryNoChange { + type: 'none'; +} + +export interface LogCategoryRareChange { + type: 'rare'; + timestamp: string; +} + +export interface LogCategorySpikeChange { + type: 'spike'; + timestamp: string; +} + +export interface LogCategoryDipChange { + type: 'dip'; + timestamp: string; +} + +export interface LogCategoryStepChange { + type: 'step'; + timestamp: string; +} + +export interface LogCategoryTrendChange { + type: 'trend'; + timestamp: string; + correlationCoefficient: number; +} + +export interface LogCategoryDistributionChange { + type: 'distribution'; + timestamp: string; +} + +export interface LogCategoryOtherChange { + type: 'other'; + timestamp?: string; +} + +export interface LogCategoryUnknownChange { + type: 'unknown'; + rawChange: string; +} + +export interface LogCategoryHistogramBucket { + documentCount: number; + timestamp: string; +} + +export interface LogCategorizationParams { + documentFilters: QueryDslQueryContainer[]; + endTimestamp: string; + index: string; + messageField: string; + startTimestamp: string; + timeField: string; +} + +// the fraction of a category's histogram below which the category is considered rare +const rarityThreshold = 0.2; + +export const categorizeDocuments = async ({ + esClient, + index, + endTimestamp, + startTimestamp, + timeField, + messageField, + samplingProbability, + ignoredCategoryTerms, + documentFilters = [], + minDocsPerCategory, +}: { + esClient: ElasticsearchClient; + index: string; + endTimestamp: string; + startTimestamp: string; + timeField: string; + messageField: string; + samplingProbability: number; + ignoredCategoryTerms: string[]; + documentFilters?: QueryDslQueryContainer[]; + minDocsPerCategory?: number; +}) => { + const randomSampler = createRandomSamplerWrapper({ + probability: samplingProbability, + seed: 1, + }); + + const requestParams = createCategorizationRequestParams({ + index, + timeField, + messageField, + startTimestamp, + endTimestamp, + randomSampler, + additionalFilters: documentFilters, + ignoredCategoryTerms, + minDocsPerCategory, + maxCategoriesCount: 1000, + }); + + const rawResponse = await esClient.search(requestParams); + + if (rawResponse.aggregations == null) { + throw new Error('No aggregations found in large categories response'); + } + + const logCategoriesAggResult = randomSampler.unwrap(rawResponse.aggregations); + + if (!('categories' in logCategoriesAggResult)) { + throw new Error('No categorization aggregation found in large categories response'); + } + + const logCategories = + (logCategoriesAggResult.categories.buckets as unknown[]).map(mapCategoryBucket) ?? []; + + return { + categories: logCategories, + hasReachedLimit: logCategories.length >= 1000, + }; +}; + +const mapCategoryBucket = (bucket: any): LogCategory => + esCategoryBucketSchema + .transform((parsedBucket) => ({ + change: mapChangePoint(parsedBucket), + documentCount: parsedBucket.doc_count, + histogram: parsedBucket.histogram, + terms: parsedBucket.key, + })) + .parse(bucket); + +const mapChangePoint = ({ change, histogram }: EsCategoryBucket): LogCategoryChange => { + switch (change.type) { + case 'stationary': + if (isRareInHistogram(histogram)) { + return { + type: 'rare', + timestamp: findFirstNonZeroBucket(histogram)?.timestamp ?? histogram[0].timestamp, + }; + } else { + return { + type: 'none', + }; + } + case 'dip': + case 'spike': + return { + type: change.type, + timestamp: change.bucket.key, + }; + case 'step_change': + return { + type: 'step', + timestamp: change.bucket.key, + }; + case 'distribution_change': + return { + type: 'distribution', + timestamp: change.bucket.key, + }; + case 'trend_change': + return { + type: 'trend', + timestamp: change.bucket.key, + correlationCoefficient: change.details.r_value, + }; + case 'unknown': + return { + type: 'unknown', + rawChange: change.rawChange, + }; + case 'non_stationary': + default: + return { + type: 'other', + }; + } +}; + +/** + * The official types are lacking the change_point aggregation + */ +const esChangePointBucketSchema = z.object({ + key: z.string().datetime(), + doc_count: z.number(), +}); + +const esChangePointDetailsSchema = z.object({ + p_value: z.number(), +}); + +const esChangePointCorrelationSchema = esChangePointDetailsSchema.extend({ + r_value: z.number(), +}); + +const esChangePointSchema = z.union([ + z + .object({ + bucket: esChangePointBucketSchema, + type: z.object({ + dip: esChangePointDetailsSchema, + }), + }) + .transform(({ bucket, type: { dip: details } }) => ({ + type: 'dip' as const, + bucket, + details, + })), + z + .object({ + bucket: esChangePointBucketSchema, + type: z.object({ + spike: esChangePointDetailsSchema, + }), + }) + .transform(({ bucket, type: { spike: details } }) => ({ + type: 'spike' as const, + bucket, + details, + })), + z + .object({ + bucket: esChangePointBucketSchema, + type: z.object({ + step_change: esChangePointDetailsSchema, + }), + }) + .transform(({ bucket, type: { step_change: details } }) => ({ + type: 'step_change' as const, + bucket, + details, + })), + z + .object({ + bucket: esChangePointBucketSchema, + type: z.object({ + trend_change: esChangePointCorrelationSchema, + }), + }) + .transform(({ bucket, type: { trend_change: details } }) => ({ + type: 'trend_change' as const, + bucket, + details, + })), + z + .object({ + bucket: esChangePointBucketSchema, + type: z.object({ + distribution_change: esChangePointDetailsSchema, + }), + }) + .transform(({ bucket, type: { distribution_change: details } }) => ({ + type: 'distribution_change' as const, + bucket, + details, + })), + z + .object({ + type: z.object({ + non_stationary: esChangePointCorrelationSchema.extend({ + trend: z.enum(['increasing', 'decreasing']), + }), + }), + }) + .transform(({ type: { non_stationary: details } }) => ({ + type: 'non_stationary' as const, + details, + })), + z + .object({ + type: z.object({ + stationary: z.object({}), + }), + }) + .transform(() => ({ type: 'stationary' as const })), + z + .object({ + type: z.object({}), + }) + .transform((value) => ({ type: 'unknown' as const, rawChange: JSON.stringify(value) })), +]); + +const esHistogramSchema = z + .object({ + buckets: z.array( + z + .object({ + key_as_string: z.string(), + doc_count: z.number(), + }) + .transform((bucket) => ({ + timestamp: bucket.key_as_string, + documentCount: bucket.doc_count, + })) + ), + }) + .transform(({ buckets }) => buckets); + +type EsHistogram = z.output; + +const esCategoryBucketSchema = z.object({ + key: z.string(), + doc_count: z.number(), + change: esChangePointSchema, + histogram: esHistogramSchema, +}); + +type EsCategoryBucket = z.output; + +const isRareInHistogram = (histogram: EsHistogram): boolean => + histogram.filter((bucket) => bucket.documentCount > 0).length < + histogram.length * rarityThreshold; + +const findFirstNonZeroBucket = (histogram: EsHistogram) => + histogram.find((bucket) => bucket.documentCount > 0); + +export const createCategorizationRequestParams = ({ + index, + timeField, + messageField, + startTimestamp, + endTimestamp, + randomSampler, + minDocsPerCategory = 0, + additionalFilters = [], + ignoredCategoryTerms = [], + maxCategoriesCount = 1000, +}: { + startTimestamp: string; + endTimestamp: string; + index: string; + timeField: string; + messageField: string; + randomSampler: RandomSamplerWrapper; + minDocsPerCategory?: number; + additionalFilters?: QueryDslQueryContainer[]; + ignoredCategoryTerms?: string[]; + maxCategoriesCount?: number; +}) => { + const startMoment = moment(startTimestamp, isoTimestampFormat); + const endMoment = moment(endTimestamp, isoTimestampFormat); + const fixedIntervalDuration = calculateAuto.atLeast( + 24, + moment.duration(endMoment.diff(startMoment)) + ); + const fixedIntervalSize = `${Math.ceil(fixedIntervalDuration?.asMinutes() ?? 1)}m`; + + return { + index, + size: 0, + track_total_hits: false, + query: createCategorizationQuery({ + messageField, + timeField, + startTimestamp, + endTimestamp, + additionalFilters, + ignoredCategoryTerms, + }), + aggs: randomSampler.wrap({ + histogram: { + date_histogram: { + field: '@timestamp', + fixed_interval: fixedIntervalSize, + extended_bounds: { + min: startTimestamp, + max: endTimestamp, + }, + }, + }, + categories: { + categorize_text: { + field: messageField, + size: maxCategoriesCount, + categorization_analyzer: { + tokenizer: 'standard', + }, + ...(minDocsPerCategory > 0 ? { min_doc_count: minDocsPerCategory } : {}), + }, + aggs: { + histogram: { + date_histogram: { + field: timeField, + fixed_interval: fixedIntervalSize, + extended_bounds: { + min: startTimestamp, + max: endTimestamp, + }, + }, + }, + change: { + // @ts-expect-error the official types don't support the change_point aggregation + change_point: { + buckets_path: 'histogram>_count', + }, + }, + }, + }, + }), + }; +}; + +export const createCategoryQuery = + (messageField: string) => + (categoryTerms: string): QueryDslQueryContainer => ({ + match: { + [messageField]: { + query: categoryTerms, + operator: 'AND' as const, + fuzziness: 0, + auto_generate_synonyms_phrase_query: false, + }, + }, + }); + +export const createCategorizationQuery = ({ + messageField, + timeField, + startTimestamp, + endTimestamp, + additionalFilters = [], + ignoredCategoryTerms = [], +}: { + messageField: string; + timeField: string; + startTimestamp: string; + endTimestamp: string; + additionalFilters?: QueryDslQueryContainer[]; + ignoredCategoryTerms?: string[]; +}): QueryDslQueryContainer => { + return { + bool: { + filter: [ + { + exists: { + field: messageField, + }, + }, + { + range: { + [timeField]: { + gte: startTimestamp, + lte: endTimestamp, + format: 'strict_date_time', + }, + }, + }, + ...additionalFilters, + ], + must_not: ignoredCategoryTerms.map(createCategoryQuery(messageField)), + }, + }; +}; diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts new file mode 100644 index 000000000000..75e21526a650 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/get_sample_documents.ts @@ -0,0 +1,276 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import pLimit from 'p-limit'; +import { estypes } from '@elastic/elasticsearch'; +import { castArray, sortBy, uniq, partition, shuffle } from 'lodash'; +import { truncateList } from '@kbn/inference-plugin/common/util/truncate_list'; +import { QueryDslQueryContainer } from '@kbn/data-views-plugin/common/types'; +import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; +import { rangeQuery, excludeFrozenQuery } from './queries'; + +export interface DocumentAnalysis { + total: number; + sampled: number; + fields: Array<{ + name: string; + types: string[]; + cardinality: number | null; + values: Array; + empty: boolean; + }>; +} + +export async function getSampleDocuments({ + esClient, + start, + end, + indexPatterns, + count, + dslFilter, +}: { + esClient: ElasticsearchClient; + start: number; + end: number; + indexPatterns: string[]; + count: number; + dslFilter?: QueryDslQueryContainer[]; +}): Promise<{ + total: number; + samples: Array>; +}> { + return esClient + .search({ + index: indexPatterns, + track_total_hits: true, + size: count, + body: { + query: { + bool: { + should: [ + { + function_score: { + functions: [ + { + random_score: {}, + }, + ], + }, + }, + ], + must: [...rangeQuery(start, end), ...(dslFilter ?? [])], + }, + }, + sort: { + _score: { + order: 'desc', + }, + }, + _source: false, + fields: ['*' as const], + }, + }) + .then((response) => { + const hits = response.hits.total as estypes.SearchTotalHits; + if (hits.value === 0) { + return { + total: 0, + samples: [], + }; + } + return { + total: hits.value, + samples: response.hits.hits.map((hit) => hit.fields ?? {}), + }; + }); +} + +export async function getKeywordAndNumericalFields({ + indexPatterns, + esClient, + start, + end, +}: { + indexPatterns: string[]; + esClient: ElasticsearchClient; + start: number; + end: number; +}): Promise> { + const fieldCaps = await esClient.fieldCaps({ + index: indexPatterns, + fields: '*', + include_empty_fields: false, + types: [ + 'constant_keyword', + 'keyword', + 'integer', + 'long', + 'double', + 'float', + 'byte', + 'boolean', + 'alias', + 'flattened', + 'ip', + 'aggregate_metric_double', + 'histogram', + ], + index_filter: { + bool: { + filter: [...excludeFrozenQuery(), ...rangeQuery(start, end)], + }, + }, + }); + + return Object.entries(fieldCaps.fields).map(([fieldName, fieldSpec]) => { + return { + name: fieldName, + esTypes: Object.keys(fieldSpec), + }; + }); +} + +export function mergeSampleDocumentsWithFieldCaps({ + total, + samples, + fieldCaps, +}: { + total: number; + samples: Array>; + fieldCaps: Array<{ name: string; esTypes?: string[] }>; +}): DocumentAnalysis { + const nonEmptyFields = new Set(); + const fieldValues = new Map>(); + + for (const document of samples) { + Object.keys(document).forEach((field) => { + if (!nonEmptyFields.has(field)) { + nonEmptyFields.add(field); + } + + const values = castArray(document[field]); + + const currentFieldValues = fieldValues.get(field) ?? []; + + values.forEach((value) => { + if (typeof value === 'string' || typeof value === 'number' || typeof value === 'boolean') { + currentFieldValues.push(value); + } + }); + + fieldValues.set(field, currentFieldValues); + }); + } + + const fields = fieldCaps.flatMap((spec) => { + const values = fieldValues.get(spec.name); + + const countByValues = new Map(); + + values?.forEach((value) => { + const currentCount = countByValues.get(value) ?? 0; + countByValues.set(value, currentCount + 1); + }); + + const sortedValues = sortBy( + Array.from(countByValues.entries()).map(([value, count]) => { + return { + value, + count, + }; + }), + 'count', + 'desc' + ); + + return { + name: spec.name, + types: spec.esTypes ?? [], + empty: !nonEmptyFields.has(spec.name), + cardinality: countByValues.size || null, + values: uniq(sortedValues.flatMap(({ value }) => value)), + }; + }); + + return { + total, + sampled: samples.length, + fields, + }; +} + +export function sortAndTruncateAnalyzedFields(analysis: DocumentAnalysis) { + const { fields, ...meta } = analysis; + const [nonEmptyFields, emptyFields] = partition(analysis.fields, (field) => !field.empty); + + const sortedFields = [...shuffle(nonEmptyFields), ...shuffle(emptyFields)]; + + return { + ...meta, + fields: truncateList( + sortedFields.map((field) => { + let name = `${field.name}:${field.types.join(',')}`; + + if (field.empty) { + return `${name} (empty)`; + } + + name += ` - ${field.cardinality} distinct values`; + + if ( + field.values.length && + (field.types.includes('keyword') || field.types.includes('text')) && + field.values.length <= 10 + ) { + return `${name} (${truncateList( + field.values.map((value) => '`' + value + '`'), + field.types.includes('text') ? 2 : 25 + ).join(', ')})`; + } + + return name; + }), + 500 + ).sort(), + }; +} + +export async function confirmConstantsInDataset({ + esClient, + constants, + indexPatterns, +}: { + esClient: ElasticsearchClient; + constants: Array<{ field: string }>; + indexPatterns: string[]; +}): Promise> { + const limiter = pLimit(5); + + return Promise.all( + constants.map((constant) => { + return limiter(async () => { + return esClient + .termsEnum({ + index: indexPatterns.join(','), + field: constant.field, + index_filter: { + bool: { + filter: [...excludeFrozenQuery()], + }, + }, + }) + .then((response) => { + const isConstant = response.terms.length === 1; + return { + field: constant.field, + constant: isConstant, + value: isConstant ? response.terms[0] : undefined, + }; + }); + }); + }) + ); +} diff --git a/x-pack/plugins/observability_solution/investigate_app/server/lib/queries/index.ts b/x-pack/plugins/observability_solution/investigate_app/server/lib/queries/index.ts new file mode 100644 index 000000000000..2dff4d40ec85 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/server/lib/queries/index.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { estypes } from '@elastic/elasticsearch'; + +export function rangeQuery( + start: number, + end: number, + field = '@timestamp' +): estypes.QueryDslQueryContainer[] { + return [ + { + range: { + [field]: { + gte: start, + lte: end, + format: 'epoch_millis', + }, + }, + }, + ]; +} + +export function excludeFrozenQuery(): estypes.QueryDslQueryContainer[] { + return [ + { + bool: { + must_not: [ + { + term: { + _tier: 'data_frozen', + }, + }, + ], + }, + }, + ]; +} diff --git a/x-pack/plugins/observability_solution/investigate_app/server/routes/get_global_investigate_app_server_route_repository.ts b/x-pack/plugins/observability_solution/investigate_app/server/routes/get_global_investigate_app_server_route_repository.ts index 195fbdb23436..494e13efcba9 100644 --- a/x-pack/plugins/observability_solution/investigate_app/server/routes/get_global_investigate_app_server_route_repository.ts +++ b/x-pack/plugins/observability_solution/investigate_app/server/routes/get_global_investigate_app_server_route_repository.ts @@ -23,6 +23,8 @@ import { updateInvestigationParamsSchema, getEventsParamsSchema, GetEventsResponse, + getEntitiesParamsSchema, + GetEntitiesResponse, } from '@kbn/investigation-shared'; import { ScopedAnnotationsClient } from '@kbn/observability-plugin/server'; import { createInvestigation } from '../services/create_investigation'; @@ -44,6 +46,8 @@ import { updateInvestigationItem } from '../services/update_investigation_item'; import { updateInvestigationNote } from '../services/update_investigation_note'; import { createInvestigateAppServerRoute } from './create_investigate_app_server_route'; import { getAllInvestigationStats } from '../services/get_all_investigation_stats'; +import { getEntitiesWithSource } from '../services/get_entities'; +import { createEntitiesESClient } from '../clients/create_entities_es_client'; const createInvestigationRoute = createInvestigateAppServerRoute({ endpoint: 'POST /api/observability/investigations 2023-10-31', @@ -344,6 +348,39 @@ const getEventsRoute = createInvestigateAppServerRoute({ }, }); +const getEntitiesRoute = createInvestigateAppServerRoute({ + endpoint: 'GET /api/observability/investigation/entities 2023-10-31', + options: { + tags: [], + }, + params: getEntitiesParamsSchema, + handler: async ({ params, context, request }): Promise => { + const core = await context.core; + const esClient = core.elasticsearch.client.asCurrentUser; + const entitiesEsClient = createEntitiesESClient({ request, esClient }); + + const { + 'service.name': serviceName, + 'service.environment': serviceEnvironment, + 'container.id': containerId, + 'host.name': hostName, + } = params?.query ?? {}; + + const { entities } = await getEntitiesWithSource({ + serviceName, + serviceEnvironment, + containerId, + hostName, + entitiesEsClient, + esClient, + }); + + return { + entities, + }; + }, +}); + export function getGlobalInvestigateAppServerRouteRepository() { return { ...createInvestigationRoute, @@ -360,6 +397,7 @@ export function getGlobalInvestigateAppServerRouteRepository() { ...updateInvestigationItemRoute, ...getInvestigationItemsRoute, ...getEventsRoute, + ...getEntitiesRoute, ...getAllInvestigationStatsRoute, ...getAllInvestigationTagsRoute, }; diff --git a/x-pack/plugins/observability_solution/investigate_app/server/services/get_entities.ts b/x-pack/plugins/observability_solution/investigate_app/server/services/get_entities.ts new file mode 100644 index 000000000000..8f3a0abb62b6 --- /dev/null +++ b/x-pack/plugins/observability_solution/investigate_app/server/services/get_entities.ts @@ -0,0 +1,175 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { z } from '@kbn/zod'; +import { entityLatestSchema } from '@kbn/entities-schema'; +import type { ElasticsearchClient } from '@kbn/core-elasticsearch-server'; +import type { + GetEntitiesResponse, + EntityWithSource, + EntitySource, +} from '@kbn/investigation-shared'; +import type { QueryDslQueryContainer } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import type { IndicesIndexState } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import type { EntitiesESClient } from '../clients/create_entities_es_client'; +import { + SERVICE_ENTITIES_LATEST_ALIAS, + CONTAINER_ENTITIES_LATEST_ALIAS, + HOST_ENTITIES_LATEST_ALIAS, +} from '../clients/create_entities_es_client'; + +// the official types do not explicitly define sourceIndex in the schema, but it is present in the data at the time of writing this +type EntitiesLatest = z.infer & { sourceIndex: string[] }; + +export async function getEntitiesWithSource({ + serviceEnvironment, + serviceName, + containerId, + hostName, + entitiesEsClient, + esClient, +}: { + serviceName?: string; + serviceEnvironment?: string; + containerId?: string; + hostName?: string; + entitiesEsClient: EntitiesESClient; + esClient: ElasticsearchClient; +}): Promise { + const entityCategoryPromises = getFetchEntitiesPromises({ + entitiesEsClient, + serviceName, + serviceEnvironment, + hostName, + containerId, + }); + const entityResponses = await Promise.all(entityCategoryPromises); + const entitiesWithSource: EntityWithSource[] = []; + for (const response of entityResponses) { + const processedEntities = await Promise.all( + response.map(async (entity: EntitiesLatest) => { + const sourceIndex = entity?.sourceIndex; + if (!sourceIndex || !sourceIndex.length) return null; + + const indices = await esClient.indices.get({ index: sourceIndex }); + const sources = await fetchSources(indices); + + return { + identityFields: entity?.entity.identityFields, + id: entity?.entity.id, + definitionId: entity?.entity.definitionId, + firstSeenTimestamp: entity?.entity.firstSeenTimestamp, + lastSeenTimestamp: entity?.entity.lastSeenTimestamp, + displayName: entity?.entity.displayName, + metrics: entity?.entity.metrics, + schemaVersion: entity?.entity.schemaVersion, + definitionVersion: entity?.entity.definitionVersion, + type: entity?.entity.type, + sources, + }; + }) + ); + entitiesWithSource.push(...(processedEntities.filter(Boolean) as EntityWithSource[])); + } + return { + entities: entitiesWithSource, + }; +} + +function fetchSources(indices: Record): EntitySource[] { + return Object.values(indices).map((index) => { + return getEntitySource({ index }); + }); +} + +const getEntitySource = ({ index }: { index: IndicesIndexState }) => { + const dataStream = index.data_stream; + const source = { + dataStream, + }; + return source; +}; + +const getFetchEntitiesPromises = ({ + entitiesEsClient, + serviceName, + serviceEnvironment, + hostName, + containerId, +}: { + entitiesEsClient: EntitiesESClient; + serviceName?: string; + hostName?: string; + containerId?: string; + serviceEnvironment?: string; +}): Array>> => { + const shouldFilterForServiceEnvironment = + serviceEnvironment && + serviceName && + serviceEnvironment !== 'ENVIRONMENT_ALL' && + serviceEnvironment !== 'ENVIRONMENT_NOT_DEFINED'; + const containersPromise = getFetchEntityPromise({ + index: CONTAINER_ENTITIES_LATEST_ALIAS, + shouldFetch: Boolean(hostName || containerId), + shouldMatch: [ + ...(hostName ? [{ term: { 'host.name': hostName } }] : []), + ...(containerId ? [{ term: { 'container.id': containerId } }] : []), + ], + entitiesEsClient, + }); + const hostsPromise = getFetchEntityPromise({ + index: HOST_ENTITIES_LATEST_ALIAS, + shouldFetch: Boolean(hostName), + shouldMatch: hostName ? [{ term: { 'host.name': hostName } }] : [], + entitiesEsClient, + }); + const servicesPromise = getFetchEntityPromise({ + index: SERVICE_ENTITIES_LATEST_ALIAS, + shouldFetch: Boolean(serviceName), + shouldMatch: [ + ...(serviceName ? [{ term: { 'service.name': serviceName } }] : []), + ...(shouldFilterForServiceEnvironment + ? [{ term: { 'service.environment': serviceEnvironment } }] + : []), + ], + entitiesEsClient, + }); + + return [containersPromise, hostsPromise, servicesPromise].filter( + (promise) => promise !== null + ) as Array>>; +}; + +const getFetchEntityPromise = ({ + index, + shouldFetch, + shouldMatch, + entitiesEsClient, +}: { + index: string; + shouldFetch: boolean; + shouldMatch: QueryDslQueryContainer[]; + entitiesEsClient: EntitiesESClient; +}): Promise> | null => { + return shouldFetch + ? entitiesEsClient + .search<{ sourceIndex: string[]; entity: EntitiesLatest['entity'] }>(index, { + body: { + query: { + bool: { + should: shouldMatch, + minimum_should_match: 1, + }, + }, + }, + }) + .then((response) => { + return response.hits.hits.map((hit) => { + return { sourceIndex: hit?._source.sourceIndex, entity: hit._source.entity }; + }); + }) + : null; +}; diff --git a/x-pack/plugins/observability_solution/investigate_app/server/services/get_events.ts b/x-pack/plugins/observability_solution/investigate_app/server/services/get_events.ts index 52eeea7a4cbc..6b081f51dfee 100644 --- a/x-pack/plugins/observability_solution/investigate_app/server/services/get_events.ts +++ b/x-pack/plugins/observability_solution/investigate_app/server/services/get_events.ts @@ -6,7 +6,6 @@ */ import datemath from '@elastic/datemath'; -import { estypes } from '@elastic/elasticsearch'; import { GetEventsParams, GetEventsResponse, @@ -21,24 +20,7 @@ import { ALERT_UUID, } from '@kbn/rule-data-utils'; import { AlertsClient } from './get_alerts_client'; - -export function rangeQuery( - start: number, - end: number, - field = '@timestamp' -): estypes.QueryDslQueryContainer[] { - return [ - { - range: { - [field]: { - gte: start, - lte: end, - format: 'epoch_millis', - }, - }, - }, - ]; -} +import { rangeQuery } from '../lib/queries'; export async function getAnnotationEvents( params: GetEventsParams, diff --git a/x-pack/plugins/observability_solution/investigate_app/tsconfig.json b/x-pack/plugins/observability_solution/investigate_app/tsconfig.json index cd687f2dcfe7..377db42186f5 100644 --- a/x-pack/plugins/observability_solution/investigate_app/tsconfig.json +++ b/x-pack/plugins/observability_solution/investigate_app/tsconfig.json @@ -61,5 +61,11 @@ "@kbn/observability-plugin", "@kbn/licensing-plugin", "@kbn/rule-data-utils", + "@kbn/entities-schema", + "@kbn/inference-plugin", + "@kbn/core-elasticsearch-server", + "@kbn/calculate-auto", + "@kbn/ml-random-sampler-utils", + "@kbn/observability-utils", ], } diff --git a/x-pack/plugins/observability_solution/observability/public/components/alert_sources/get_sources.ts b/x-pack/plugins/observability_solution/observability/public/components/alert_sources/get_sources.ts index 3832e744a31e..836967ea88aa 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/alert_sources/get_sources.ts +++ b/x-pack/plugins/observability_solution/observability/public/components/alert_sources/get_sources.ts @@ -8,27 +8,33 @@ import { ALERT_GROUP_FIELD, ALERT_GROUP_VALUE, ALERT_GROUP } from '@kbn/rule-data-utils'; import { TopAlert } from '../../typings/alerts'; import { apmSources, infraSources } from './get_alert_source_links'; +import { Group } from '../../../common/typings'; interface AlertFields { [key: string]: any; } -export const getSources = (alert: TopAlert) => { +const isGroup = (item: Group | undefined): item is Group => { + return !!item; +}; + +export const getSources = (alert: TopAlert): Group[] => { // when `kibana.alert.group` is not flattened (for alert detail pages) - if (alert.fields[ALERT_GROUP]) return alert.fields[ALERT_GROUP]; + if (alert.fields[ALERT_GROUP]) return alert.fields[ALERT_GROUP] as Group[]; // when `kibana.alert.group` is flattened (for alert flyout) const groupsFromGroupFields = alert.fields[ALERT_GROUP_FIELD]?.map((field, index) => { const values = alert.fields[ALERT_GROUP_VALUE]; if (values?.length && values[index]) { - return { field, value: values[index] }; + const group: Group = { field, value: values[index] }; + return group; } - }); + }).filter(isGroup); if (groupsFromGroupFields?.length) return groupsFromGroupFields; // Not all rules has group.fields, in that case we search in the alert fields. - const matchedSources: Array<{ field: string; value: any }> = []; + const matchedSources: Group[] = []; const ALL_SOURCES = [...infraSources, ...apmSources]; const alertFields = alert.fields as AlertFields; ALL_SOURCES.forEach((source: string) => { diff --git a/x-pack/plugins/observability_solution/observability/public/components/alert_sources/groups.tsx b/x-pack/plugins/observability_solution/observability/public/components/alert_sources/groups.tsx index 5a14f39a9781..17c596b146d1 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/alert_sources/groups.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/alert_sources/groups.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { EuiLink } from '@elastic/eui'; +import { EuiLink, EuiText } from '@elastic/eui'; import React, { useEffect, useState } from 'react'; import { SERVICE_NAME } from '@kbn/observability-shared-plugin/common'; import { useKibana } from '../../utils/kibana_react'; @@ -54,7 +54,7 @@ export function Groups({ groups, timeRange }: { groups: Group[]; timeRange: Time {groups && groups.map((group) => { return ( - + {group.field}:{' '} {sourceLinks[group.field] ? ( @@ -63,8 +63,7 @@ export function Groups({ groups, timeRange }: { groups: Group[]; timeRange: Time ) : ( {group.value} )} -
- + ); })} diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx index d16df6b6120d..de74fe2ec14b 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.test.tsx @@ -103,7 +103,7 @@ describe('AlertDetailsAppSection', () => { const result = renderComponent(); expect((await result.findByTestId('thresholdAlertOverviewSection')).children.length).toBe(6); - expect(result.getByTestId('thresholdRule-2000-2500')).toBeTruthy(); + expect(result.getByTestId('threshold-2000-2500')).toBeTruthy(); }); it('should render annotations', async () => { diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx index a7ec41f4ab66..7885301650ec 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/alert_details_app_section/alert_details_app_section.tsx @@ -38,7 +38,7 @@ import { useLicense } from '../../../../hooks/use_license'; import { useKibana } from '../../../../utils/kibana_react'; import { metricValueFormatter } from '../../../../../common/custom_threshold_rule/metric_value_formatter'; import { AlertParams } from '../../types'; -import { Threshold } from '../custom_threshold'; +import { Threshold } from '../threshold'; import { CustomThresholdRule, CustomThresholdAlert } from '../types'; import { LogRateAnalysis } from './log_rate_analysis'; import { RuleConditionChart } from '../../../rule_condition_chart/rule_condition_chart'; diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.stories.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.stories.tsx index f471333f5366..8eeca2e107b5 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.stories.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.stories.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { ComponentMeta } from '@storybook/react'; import { LIGHT_THEME } from '@elastic/charts'; import { COMPARATORS } from '@kbn/alerting-comparators'; -import { Props, Threshold as Component } from './custom_threshold'; +import { Props, Threshold as Component } from './threshold'; export default { component: Component, @@ -35,7 +35,7 @@ const defaultProps: Props = { threshold: [90], title: 'Threshold breached', value: 93, - valueFormatter: (d) => `${d}%`, + valueFormatter: (d: number) => `${d}%`, }; export const Default = { diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.test.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.test.tsx similarity index 85% rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.test.tsx rename to x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.test.tsx index e0c83d31ddb4..9e592f2336dc 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.test.tsx @@ -7,10 +7,10 @@ import { LIGHT_THEME } from '@elastic/charts'; -import { render } from '@testing-library/react'; -import { Props, Threshold } from './custom_threshold'; import React from 'react'; +import { render } from '@testing-library/react'; import { COMPARATORS } from '@kbn/alerting-comparators'; +import { Props, Threshold } from './threshold'; describe('Threshold', () => { const renderComponent = (props: Partial = {}) => { @@ -38,7 +38,7 @@ describe('Threshold', () => { it('shows component', () => { const component = renderComponent(); - expect(component.queryByTestId('thresholdRule-90-93')).toBeTruthy(); + expect(component.queryByTestId('threshold-90-93')).toBeTruthy(); }); it('shows component for between', () => { @@ -46,6 +46,6 @@ describe('Threshold', () => { comparator: COMPARATORS.BETWEEN, threshold: [90, 95], }); - expect(component.queryByTestId('thresholdRule-90-95-93')).toBeTruthy(); + expect(component.queryByTestId('threshold-90-95-93')).toBeTruthy(); }); }); diff --git a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.tsx b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.tsx similarity index 88% rename from x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.tsx rename to x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.tsx index a82c369c5773..347730fe4dea 100644 --- a/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/custom_threshold.tsx +++ b/x-pack/plugins/observability_solution/observability/public/components/custom_threshold/components/threshold.tsx @@ -6,14 +6,14 @@ */ import React from 'react'; -import { Chart, Metric, Settings } from '@elastic/charts'; +import { Chart, Metric, Settings, ValueFormatter } from '@elastic/charts'; import { EuiIcon, EuiPanel, useEuiBackgroundColor } from '@elastic/eui'; import type { PartialTheme, Theme } from '@elastic/charts'; import { i18n } from '@kbn/i18n'; import { COMPARATORS } from '@kbn/alerting-comparators'; export interface ChartProps { - theme?: PartialTheme; + theme?: PartialTheme[]; baseTheme: Theme; } @@ -24,7 +24,7 @@ export interface Props { threshold: number[]; title: string; value: number; - valueFormatter: (d: number) => string; + valueFormatter?: ValueFormatter; } export function Threshold({ @@ -34,7 +34,7 @@ export function Threshold({ threshold, title, value, - valueFormatter, + valueFormatter = (d) => String(d), }: Props) { const color = useEuiBackgroundColor('danger'); @@ -42,13 +42,14 @@ export function Threshold({ diff --git a/x-pack/plugins/observability_solution/observability/public/index.ts b/x-pack/plugins/observability_solution/observability/public/index.ts index 512e8e7e75bf..58c3aa4cadd6 100644 --- a/x-pack/plugins/observability_solution/observability/public/index.ts +++ b/x-pack/plugins/observability_solution/observability/public/index.ts @@ -63,9 +63,9 @@ export const LazyAlertsFlyout = lazy(() => import('./components/alerts_flyout/al export * from './typings'; import { TopAlert } from './typings/alerts'; -import { AlertSummary } from './pages/alert_details/components'; -import type { AlertSummaryField } from './pages/alert_details/components/alert_summary'; -export type { TopAlert, AlertSummary, AlertSummaryField }; +export type { TopAlert }; +import type { AlertDetailsAppSectionProps } from './pages/alert_details/types'; +export type { AlertDetailsAppSectionProps }; export { observabilityFeatureId, observabilityAppId } from '../common'; @@ -102,3 +102,4 @@ export { useAnnotations } from './components/annotations/use_annotations'; export { RuleConditionChart } from './components/rule_condition_chart'; export { getGroupFilters } from '../common/custom_threshold_rule/helpers/get_group'; export type { GenericAggType } from './components/rule_condition_chart/rule_condition_chart'; +export { Threshold } from './components/custom_threshold/components/threshold'; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx index 877b0b965d1c..be62ae6377bc 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.test.tsx @@ -9,7 +9,7 @@ import { casesPluginMock } from '@kbn/cases-plugin/public/mocks'; import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; import * as useUiSettingHook from '@kbn/kibana-react-plugin/public/ui_settings/use_ui_setting'; import { observabilityAIAssistantPluginMock } from '@kbn/observability-ai-assistant-plugin/public/mock'; -import { useBreadcrumbs } from '@kbn/observability-shared-plugin/public'; +import { useBreadcrumbs, TagsList } from '@kbn/observability-shared-plugin/public'; import { RuleTypeModel, ValidationResult } from '@kbn/triggers-actions-ui-plugin/public'; import { ruleTypeRegistryMock } from '@kbn/triggers-actions-ui-plugin/public/application/rule_type_registry.mock'; import { waitFor } from '@testing-library/react'; @@ -88,6 +88,7 @@ const useParamsMock = useParams as jest.Mock; const useLocationMock = useLocation as jest.Mock; const useHistoryMock = useHistory as jest.Mock; const useBreadcrumbsMock = useBreadcrumbs as jest.Mock; +const TagsListMock = TagsList as jest.Mock; const chance = new Chance(); @@ -114,6 +115,7 @@ describe('Alert details', () => { useLocationMock.mockReturnValue({ pathname: '/alerts/uuid', search: '', state: '', hash: '' }); useHistoryMock.mockReturnValue({ replace: jest.fn() }); useBreadcrumbsMock.mockReturnValue([]); + TagsListMock.mockReturnValue(
); ruleTypeRegistry.list.mockReturnValue([ruleType]); ruleTypeRegistry.get.mockReturnValue(ruleType); ruleTypeRegistry.has.mockReturnValue(true); diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.tsx index e7533c226df5..fbe1858858d0 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/alert_details.tsx @@ -16,6 +16,7 @@ import { EuiLoadingSpinner, EuiTabbedContentTab, useEuiTheme, + EuiFlexGroup, } from '@elastic/eui'; import { AlertStatus, @@ -31,15 +32,16 @@ import dedent from 'dedent'; import { AlertFieldsTable } from '@kbn/alerts-ui-shared'; import { css } from '@emotion/react'; import { omit } from 'lodash'; +import { AlertDetailsSource } from './types'; +import { SourceBar } from './components'; +import { StatusBar } from './components/status_bar'; import { observabilityFeatureId } from '../../../common'; import { RelatedAlerts } from './components/related_alerts'; import { useKibana } from '../../utils/kibana_react'; import { useFetchRule } from '../../hooks/use_fetch_rule'; import { usePluginContext } from '../../hooks/use_plugin_context'; import { AlertData, useFetchAlertDetail } from '../../hooks/use_fetch_alert_detail'; -import { PageTitleContent } from './components/page_title_content'; import { HeaderActions } from './components/header_actions'; -import { AlertSummary, AlertSummaryField } from './components/alert_summary'; import { CenterJustifiedSpinner } from '../../components/center_justified_spinner'; import { getTimeZone } from '../../utils/get_time_zone'; import { isAlertDetailsEnabledPerApp } from '../../utils/is_alert_details_enabled'; @@ -103,10 +105,10 @@ export function AlertDetails() { const { rule } = useFetchRule({ ruleId, }); - const [summaryFields, setSummaryFields] = useState(); const [alertStatus, setAlertStatus] = useState(); const { euiTheme } = useEuiTheme(); + const [sources, setSources] = useState(); const [relatedAlertsKuery, setRelatedAlertsKuery] = useState(); const [activeTabId, setActiveTabId] = useState(() => { const searchParams = new URLSearchParams(search); @@ -212,17 +214,19 @@ export function AlertDetails() { */ isAlertDetailsEnabledPerApp(alertDetail.formatted, config) ? ( <> - - - - + + + + + + {rule && alertDetail.formatted && ( <> @@ -290,13 +294,6 @@ export function AlertDetails() { ) : ( ), - children: ( - - ), rightSideItems: [ , ], bottomBorder: false, + 'data-test-subj': rule?.ruleTypeId || 'alertDetailsPageTitle', }} pageSectionProps={{ paddingSize: 'none', @@ -321,6 +319,8 @@ export function AlertDetails() { }} data-test-subj="alertDetails" > + + ({ - ...jest.requireActual('react-router-dom'), - useParams: jest.fn(), -})); - -jest.mock('../../../utils/kibana_react'); - -const useKibanaMock = useKibana as jest.Mock; - -const mockKibana = () => { - useKibanaMock.mockReturnValue({ - services: { - ...kibanaStartMock.startContract().services, - http: { - basePath: { - prepend: jest.fn(), - }, - }, - }, - }); -}; - -describe('Alert summary', () => { - jest - .spyOn(useUiSettingHook, 'useUiSetting') - .mockImplementation(() => 'MMM D, YYYY @ HH:mm:ss.SSS'); - - beforeEach(() => { - jest.clearAllMocks(); - mockKibana(); - }); - - it('should show alert data', async () => { - const alertSummary = render( - - ); - - const groups = alertWithGroupsAndTags.fields[ALERT_GROUP] as Group[]; - - expect(alertSummary.queryByText('Source')).toBeInTheDocument(); - expect(alertSummary.queryByText(groups[0].field, { exact: false })).toBeInTheDocument(); - expect(alertSummary.queryByText(groups[0].value)).toBeInTheDocument(); - expect(alertSummary.queryByText(groups[1].field, { exact: false })).toBeInTheDocument(); - expect(alertSummary.queryByText(groups[1].value)).toBeInTheDocument(); - expect(alertSummary.queryByText('Tags')).toBeInTheDocument(); - expect(alertSummary.queryByText(alertWithGroupsAndTags.fields[TAGS]![0])).toBeInTheDocument(); - expect(alertSummary.queryByText('Rule')).toBeInTheDocument(); - expect( - alertSummary.queryByText(alertWithGroupsAndTags.fields[ALERT_RULE_NAME]) - ).toBeInTheDocument(); - expect(alertSummary.queryByText('Actual value')).toBeInTheDocument(); - expect(alertSummary.queryByText(alertWithGroupsAndTags.fields[ALERT_EVALUATION_VALUE]!)); - expect(alertSummary.queryByText('Expected value')).toBeInTheDocument(); - expect(alertSummary.queryByText(alertWithGroupsAndTags.fields[ALERT_EVALUATION_THRESHOLD]!)); - }); -}); diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx deleted file mode 100644 index 7738b27089a5..000000000000 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/alert_summary.tsx +++ /dev/null @@ -1,115 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React, { useEffect, useState, ReactNode } from 'react'; -import { EuiFlexItem, EuiFlexGroup, EuiText, EuiSpacer, EuiLink } from '@elastic/eui'; -import { getPaddedAlertTimeRange } from '@kbn/observability-get-padded-alert-time-range-util'; -import { - TAGS, - ALERT_START, - ALERT_END, - ALERT_RULE_NAME, - ALERT_RULE_UUID, -} from '@kbn/rule-data-utils'; -import { i18n } from '@kbn/i18n'; -import { TimeRange } from '@kbn/es-query'; -import { TopAlert } from '../../..'; -import { Groups } from '../../../components/alert_sources/groups'; -import { Tags } from '../../../components/tags'; -import { getSources } from '../../../components/alert_sources/get_sources'; -import { useKibana } from '../../../utils/kibana_react'; -import { paths } from '../../../../common/locators/paths'; - -export interface AlertSummaryField { - label: ReactNode | string; - value: ReactNode | string | number; -} -export interface AlertSummaryProps { - alert: TopAlert; - alertSummaryFields?: AlertSummaryField[]; -} - -export function AlertSummary({ alert, alertSummaryFields }: AlertSummaryProps) { - const { http } = useKibana().services; - - const [timeRange, setTimeRange] = useState({ from: 'now-15m', to: 'now' }); - - const alertStart = alert.fields[ALERT_START]; - const alertEnd = alert.fields[ALERT_END]; - const ruleName = alert.fields[ALERT_RULE_NAME]; - const ruleId = alert.fields[ALERT_RULE_UUID]; - const tags = alert.fields[TAGS]; - - const ruleLink = http.basePath.prepend(paths.observability.ruleDetails(ruleId)); - const commonFieldsAtStart = []; - const commonFieldsAtEnd = []; - const groups = getSources(alert) as Array<{ field: string; value: string }>; - - useEffect(() => { - setTimeRange(getPaddedAlertTimeRange(alertStart!, alertEnd)); - }, [alertStart, alertEnd]); - - if (groups && groups.length > 0) { - commonFieldsAtStart.push({ - label: i18n.translate('xpack.observability.alertDetails.alertSummaryField.source', { - defaultMessage: 'Source', - }), - value: ( - - ), - }); - } - - if (tags && tags.length > 0) { - commonFieldsAtEnd.push({ - label: i18n.translate('xpack.observability.alertDetails.alertSummaryField.tags', { - defaultMessage: 'Tags', - }), - value: , - }); - } - - commonFieldsAtEnd.push({ - label: i18n.translate('xpack.observability.alertDetails.alertSummaryField.rule', { - defaultMessage: 'Rule', - }), - value: ( - - {ruleName} - - ), - }); - - const alertSummary = [ - ...commonFieldsAtStart, - ...(alertSummaryFields ?? []), - ...commonFieldsAtEnd, - ]; - - return ( -
- {alertSummary && alertSummary.length > 0 && ( - <> - - {alertSummary.map((field, idx) => { - return ( - - {field.label} - {field.value} - - ); - })} - - - - )} -
- ); -} - -// eslint-disable-next-line import/no-default-export -export default AlertSummary; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx index 8af473faab59..bf032ac31c12 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/index.tsx @@ -6,14 +6,14 @@ */ import React, { lazy, Suspense } from 'react'; -import type { AlertSummaryProps } from './alert_summary'; +import type { SourceBarProps } from './source_bar'; -const AlertSummaryLazy = lazy(() => import('./alert_summary')); +const SourceBarLazy = lazy(() => import('./source_bar')); -export function AlertSummary(props: AlertSummaryProps) { +export function SourceBar(props: SourceBarProps) { return ( - + ); } diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.stories.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.stories.tsx deleted file mode 100644 index 30ca4b6a108c..000000000000 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title.stories.tsx +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { ComponentStory } from '@storybook/react'; -import { EuiPageTemplate } from '@elastic/eui'; - -import { PageTitleContent as Component, PageTitleContentProps } from './page_title_content'; -import { alert } from '../mock/alert'; - -export default { - component: Component, - title: 'app/AlertDetails/PageTitleContent', - alert, -}; - -const Template: ComponentStory = (props: PageTitleContentProps) => ( - -); - -const TemplateWithPageTemplate: ComponentStory = ( - props: PageTitleContentProps -) => ( - - } bottomBorder={false} /> - -); - -const defaultProps = { - alert, -}; - -export const PageTitleContent = Template.bind({}); -PageTitleContent.args = defaultProps; - -export const PageTitleUsedWithinPageTemplate = TemplateWithPageTemplate.bind({}); -PageTitleUsedWithinPageTemplate.args = { - ...defaultProps, -}; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title_content.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title_content.test.tsx deleted file mode 100644 index d65c4f84c99d..000000000000 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title_content.test.tsx +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { render } from '@testing-library/react'; -import { __IntlProvider as IntlProvider } from '@kbn/i18n-react'; -import { - AlertStatus, - ALERT_STATUS, - ALERT_STATUS_ACTIVE, - ALERT_STATUS_RECOVERED, - ALERT_STATUS_UNTRACKED, -} from '@kbn/rule-data-utils'; -import { PageTitleContent, PageTitleContentProps } from './page_title_content'; -import { alert } from '../mock/alert'; - -describe('Page Title Content', () => { - const defaultProps = { - alert, - alertStatus: ALERT_STATUS_ACTIVE as AlertStatus, - dataTestSubj: 'ruleTypeId', - }; - - const renderComp = (props: PageTitleContentProps) => { - return render( - - - - ); - }; - - it('should display an active badge when alert is active', async () => { - const { getByText } = renderComp(defaultProps); - expect(getByText('Active')).toBeTruthy(); - }); - - it('should display a recovered badge when alert is recovered', async () => { - const updatedProps = { - alert: { - ...defaultProps.alert, - fields: { - ...defaultProps.alert.fields, - [ALERT_STATUS]: ALERT_STATUS_RECOVERED, - }, - }, - alertStatus: ALERT_STATUS_RECOVERED as AlertStatus, - dataTestSubj: defaultProps.dataTestSubj, - }; - - const { getByText } = renderComp({ ...updatedProps }); - expect(getByText('Recovered')).toBeTruthy(); - }); - - it('should display an untracked badge when alert is untracked', async () => { - const updatedProps = { - alert: { - ...defaultProps.alert, - fields: { - ...defaultProps.alert.fields, - [ALERT_STATUS]: ALERT_STATUS_UNTRACKED, - }, - }, - alertStatus: ALERT_STATUS_UNTRACKED as AlertStatus, - dataTestSubj: defaultProps.dataTestSubj, - }; - - const { getByText } = renderComp({ ...updatedProps }); - expect(getByText('Untracked')).toBeTruthy(); - }); -}); diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/source_bar.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/source_bar.test.tsx new file mode 100644 index 000000000000..6a68d77175fe --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/source_bar.test.tsx @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiLink } from '@elastic/eui'; +import React from 'react'; +import { ALERT_GROUP } from '@kbn/rule-data-utils'; +import { render } from '../../../utils/test_helper'; +import { alertWithGroupsAndTags } from '../mock/alert'; +import { useKibana } from '../../../utils/kibana_react'; +import { kibanaStartMock } from '../../../utils/kibana_react.mock'; +import { Group } from '../../../../common/typings'; +import { SourceBar } from './source_bar'; + +jest.mock('react-router-dom', () => ({ + ...jest.requireActual('react-router-dom'), + useParams: jest.fn(), +})); + +jest.mock('../../../utils/kibana_react'); + +const useKibanaMock = useKibana as jest.Mock; +const mockKibana = () => { + useKibanaMock.mockReturnValue({ + services: { + ...kibanaStartMock.startContract().services, + http: { + basePath: { + prepend: jest.fn(), + }, + }, + }, + }); +}; + +describe('Source bar', () => { + beforeEach(() => { + jest.clearAllMocks(); + mockKibana(); + }); + + it('should show alert data', async () => { + const sourceBar = render(); + + const groups = alertWithGroupsAndTags.fields[ALERT_GROUP] as Group[]; + + expect(sourceBar.queryByText('Source')).toBeInTheDocument(); + expect(sourceBar.queryByText(groups[0].field, { exact: false })).toBeInTheDocument(); + expect(sourceBar.queryByText(groups[0].value)).toBeInTheDocument(); + expect(sourceBar.queryByText(groups[1].field, { exact: false })).toBeInTheDocument(); + expect(sourceBar.queryByText(groups[1].value)).toBeInTheDocument(); + }); + + it('Should show passed sources', async () => { + const sources = [ + { label: 'MyLabel', value: 'MyValue' }, + { label: 'SLO', value: }, + ]; + const sourceBar = render(); + + expect(sourceBar.queryByText('Source')).toBeInTheDocument(); + expect(sourceBar.queryByText(sources[0].label, { exact: false })).toBeInTheDocument(); + expect(sourceBar.queryByText(sources[0].value as string, { exact: false })).toBeInTheDocument(); + expect(sourceBar.queryByText(sources[1].label, { exact: false })).toBeInTheDocument(); + expect(sourceBar.queryByTestId('SourceSloLink')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/source_bar.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/source_bar.tsx new file mode 100644 index 000000000000..be47a3f9ec3e --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/source_bar.tsx @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FormattedMessage } from '@kbn/i18n-react'; +import React, { useEffect, useState } from 'react'; +import { EuiFlexGroup, EuiTitle, EuiPanel, EuiFlexItem, EuiText } from '@elastic/eui'; +import { getPaddedAlertTimeRange } from '@kbn/observability-get-padded-alert-time-range-util'; +import { ALERT_START, ALERT_END } from '@kbn/rule-data-utils'; +import { TimeRange } from '@kbn/es-query'; +import { AlertDetailsSource } from '../types'; +import { TopAlert } from '../../..'; +import { Groups } from '../../../components/alert_sources/groups'; +import { getSources } from '../../../components/alert_sources/get_sources'; + +export interface SourceBarProps { + alert: TopAlert; + sources?: AlertDetailsSource[]; +} + +export function SourceBar({ alert, sources = [] }: SourceBarProps) { + const [timeRange, setTimeRange] = useState({ from: 'now-15m', to: 'now' }); + + const alertStart = alert.fields[ALERT_START]; + const alertEnd = alert.fields[ALERT_END]; + const groups = getSources(alert); + + useEffect(() => { + setTimeRange(getPaddedAlertTimeRange(alertStart!, alertEnd)); + }, [alertStart, alertEnd]); + + return ( + <> + {groups && groups.length > 0 && ( + + + +
+ +
+ + + {sources.map((field, idx) => { + return ( + + + {field.label}: {field.value} + + + ); + })} + + + )} + + ); +} + +// eslint-disable-next-line import/no-default-export +export default SourceBar; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.stories.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.stories.tsx new file mode 100644 index 000000000000..0c0eada41e1e --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.stories.tsx @@ -0,0 +1,43 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { ComponentStory } from '@storybook/react'; +import { I18nProvider } from '@kbn/i18n-react'; +import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; + +import { StatusBar as Component, StatusBarProps } from './status_bar'; +import { alert } from '../mock/alert'; + +export default { + component: Component, + title: 'app/AlertDetails/StatusBar', + alert, +}; + +const Template: ComponentStory = (props: StatusBarProps) => ( + + + + + +); + +const defaultProps = { + alert, +}; + +export const StatusBar = Template.bind({}); +StatusBar.args = defaultProps; + +const services = { + http: { + basePath: { + prepend: () => 'http://test', + }, + }, +}; diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.test.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.test.tsx new file mode 100644 index 000000000000..fb92597afdc0 --- /dev/null +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.test.tsx @@ -0,0 +1,91 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { + ALERT_RULE_NAME, + ALERT_STATUS, + ALERT_STATUS_RECOVERED, + ALERT_STATUS_UNTRACKED, + AlertStatus, +} from '@kbn/rule-data-utils'; +import { render } from '../../../utils/test_helper'; +import { alertWithGroupsAndTags } from '../mock/alert'; +import { useKibana } from '../../../utils/kibana_react'; +import { kibanaStartMock } from '../../../utils/kibana_react.mock'; +import { StatusBar, StatusBarProps } from './status_bar'; + +jest.mock('../../../utils/kibana_react'); + +const useKibanaMock = useKibana as jest.Mock; +const mockKibana = () => { + useKibanaMock.mockReturnValue({ + services: { + ...kibanaStartMock.startContract().services, + http: { + basePath: { + prepend: jest.fn(), + }, + }, + }, + }); +}; + +describe('Source bar', () => { + const renderComponent = (props: StatusBarProps) => { + return render(); + }; + + beforeEach(() => { + jest.clearAllMocks(); + mockKibana(); + }); + + it('should show alert data', async () => { + const statusBar = renderComponent({ + alert: alertWithGroupsAndTags, + alertStatus: alertWithGroupsAndTags.fields[ALERT_STATUS] as AlertStatus, + }); + + expect( + statusBar.queryByText(alertWithGroupsAndTags.fields[ALERT_RULE_NAME]) + ).toBeInTheDocument(); + expect(statusBar.getByText('Active')).toBeTruthy(); + }); + + it('should display a recovered badge when alert is recovered', async () => { + const updatedProps = { + alert: { + ...alertWithGroupsAndTags, + fields: { + ...alertWithGroupsAndTags.fields, + [ALERT_STATUS]: ALERT_STATUS_RECOVERED, + }, + }, + alertStatus: ALERT_STATUS_RECOVERED as AlertStatus, + }; + + const { getByText } = renderComponent({ ...updatedProps }); + expect(getByText('Recovered')).toBeTruthy(); + }); + + it('should display an untracked badge when alert is untracked', async () => { + const updatedProps = { + alert: { + ...alertWithGroupsAndTags, + fields: { + ...alertWithGroupsAndTags.fields, + [ALERT_STATUS]: ALERT_STATUS_UNTRACKED, + }, + }, + alertStatus: ALERT_STATUS_UNTRACKED as AlertStatus, + }; + + const { getByText } = renderComponent({ ...updatedProps }); + expect(getByText('Untracked')).toBeTruthy(); + }); +}); diff --git a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title_content.tsx b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.tsx similarity index 55% rename from x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title_content.tsx rename to x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.tsx index 11fc6d0a476b..eee2db8e98d5 100644 --- a/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/page_title_content.tsx +++ b/x-pack/plugins/observability_solution/observability/public/pages/alert_details/components/status_bar.tsx @@ -7,30 +7,51 @@ import React from 'react'; import moment from 'moment'; -import { EuiFlexGroup, EuiFlexItem, EuiText, useEuiTheme } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiLink, EuiText, useEuiTheme, EuiToolTip } from '@elastic/eui'; import { AlertLifecycleStatusBadge } from '@kbn/alerts-ui-shared'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; -import { AlertStatus, ALERT_DURATION, ALERT_FLAPPING, TIMESTAMP } from '@kbn/rule-data-utils'; +import { + AlertStatus, + ALERT_DURATION, + ALERT_FLAPPING, + TIMESTAMP, + TAGS, + ALERT_RULE_NAME, + ALERT_RULE_UUID, +} from '@kbn/rule-data-utils'; import { css } from '@emotion/react'; +import { TagsList } from '@kbn/observability-shared-plugin/public'; +import { useKibana } from '../../../utils/kibana_react'; +import { paths } from '../../../../common/locators/paths'; import { asDuration } from '../../../../common/utils/formatters'; import { TopAlert } from '../../../typings/alerts'; -export interface PageTitleContentProps { +export interface StatusBarProps { alert: TopAlert | null; alertStatus?: AlertStatus; - dataTestSubj: string; } -export function PageTitleContent({ alert, alertStatus, dataTestSubj }: PageTitleContentProps) { +export function StatusBar({ alert, alertStatus }: StatusBarProps) { + const { http } = useKibana().services; const { euiTheme } = useEuiTheme(); + const tags = alert?.fields[TAGS]; + const ruleName = alert?.fields[ALERT_RULE_NAME]; + const ruleId = alert?.fields[ALERT_RULE_UUID]; + const ruleLink = ruleId ? http.basePath.prepend(paths.observability.ruleDetails(ruleId)) : ''; if (!alert) { return null; } return ( - + {alertStatus && ( + + + + + + + :  + + + + + {ruleName} + + + + + + - + - + >; +} diff --git a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx index 57c92ea7ebc8..9eb7c83b03fc 100644 --- a/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx +++ b/x-pack/plugins/observability_solution/observability_onboarding/public/application/quickstart_flows/otel_logs/index.tsx @@ -556,7 +556,7 @@ rm ./otel.yml && cp ./otel_samples/platformlogs_hostmetrics.yml ./otel.yml && mk id: 'mac', name: 'Mac', firstStepTitle: HOST_COMMAND, - content: `arch=$(if [[ $(arch) == "arm64" ]]; then echo "aarch64"; else echo $(arch); fi) + content: `arch=$(if [[ $(uname -m) == "arm64" ]]; then echo "aarch64"; else echo $(uname -m); fi) curl --output elastic-distro-${agentVersion}-darwin-$arch.tar.gz --url https://${AGENT_CDN_BASE_URL}/elastic-agent-${agentVersion}-darwin-$arch.tar.gz --proto '=https' --tlsv1.2 -fOL && mkdir -p "elastic-distro-${agentVersion}-darwin-$arch" && tar -xvf elastic-distro-${agentVersion}-darwin-$arch.tar.gz -C "elastic-distro-${agentVersion}-darwin-$arch" --strip-components=1 && cd elastic-distro-${agentVersion}-darwin-$arch diff --git a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx b/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx index be83b74a0cc1..44ab29e77e1b 100644 --- a/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx +++ b/x-pack/plugins/observability_solution/slo/public/components/slo/burn_rate/alert_details/alert_details_app_section.tsx @@ -4,28 +4,24 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ + +import React, { useEffect } from 'react'; import { EuiFlexGroup, EuiLink } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; -import { AlertSummaryField } from '@kbn/observability-plugin/public'; -import React, { useEffect } from 'react'; -import { useFetchSloDetails } from '../../../../hooks/use_fetch_slo_details'; +import { AlertDetailsAppSectionProps } from '@kbn/observability-plugin/public'; import { useKibana } from '../../../../utils/kibana_react'; +import { useFetchSloDetails } from '../../../../hooks/use_fetch_slo_details'; import { CustomAlertDetailsPanel } from './components/custom_panels/custom_panels'; import { ErrorRatePanel } from './components/error_rate/error_rate_panel'; import { BurnRateAlert, BurnRateRule } from './types'; -interface AppSectionProps { +interface AppSectionProps extends AlertDetailsAppSectionProps { alert: BurnRateAlert; rule: BurnRateRule; - setAlertSummaryFields: React.Dispatch>; } // eslint-disable-next-line import/no-default-export -export default function AlertDetailsAppSection({ - alert, - rule, - setAlertSummaryFields, -}: AppSectionProps) { +export default function AlertDetailsAppSection({ alert, rule, setSources }: AppSectionProps) { const { services: { http: { basePath }, @@ -51,8 +47,8 @@ export default function AlertDetailsAppSection({ }, ]; - setAlertSummaryFields(fields); - }, [alertLink, rule, setAlertSummaryFields, basePath, slo, instanceId]); + setSources(fields); + }, [alertLink, rule, setSources, basePath, slo, instanceId]); return ( diff --git a/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml index f224add76d52..c18b9d891524 100644 --- a/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml @@ -639,3 +639,4 @@ security: tags: - description: Run live queries, manage packs and saved queries. name: Security Osquery API + x-displayName: Security Osquery diff --git a/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml index 9228355269d0..3e308d1ebfcc 100644 --- a/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml @@ -639,3 +639,4 @@ security: tags: - description: Run live queries, manage packs and saved queries. name: Security Osquery API + x-displayName: Security Osquery diff --git a/x-pack/plugins/osquery/scripts/openapi/bundle.js b/x-pack/plugins/osquery/scripts/openapi/bundle.js index cc9e1dc93b66..49594c2fa5ce 100644 --- a/x-pack/plugins/osquery/scripts/openapi/bundle.js +++ b/x-pack/plugins/osquery/scripts/openapi/bundle.js @@ -28,6 +28,7 @@ const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Osquery API', + 'x-displayName': 'Security Osquery', description: 'Run live queries, manage packs and saved queries.', }, ], @@ -49,6 +50,7 @@ const ELASTIC_ASSISTANT_ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Osquery API', + 'x-displayName': 'Security Osquery', description: 'Run live queries, manage packs and saved queries.', }, ], diff --git a/x-pack/plugins/search_homepage/server/config.ts b/x-pack/plugins/search_homepage/server/config.ts index 3e068a719f04..b086b537e316 100644 --- a/x-pack/plugins/search_homepage/server/config.ts +++ b/x-pack/plugins/search_homepage/server/config.ts @@ -11,7 +11,7 @@ import { PluginConfigDescriptor } from '@kbn/core/server'; export * from './types'; const configSchema = schema.object({ - enabled: schema.boolean({ defaultValue: true }), + enabled: schema.boolean({ defaultValue: false }), ui: schema.object({ enabled: schema.boolean({ defaultValue: false }), }), diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.gen.ts b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.gen.ts index 13194051244c..9928b33af9a5 100644 --- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.gen.ts +++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.gen.ts @@ -11,7 +11,7 @@ * * info: * title: Risk Scoring API - * version: 1 + * version: 2023-10-31 */ import { z } from '@kbn/zod'; diff --git a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.schema.yaml b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.schema.yaml index 2dffe3879961..4eba00a8ffbe 100644 --- a/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.schema.yaml +++ b/x-pack/plugins/security_solution/common/api/entity_analytics/risk_engine/engine_cleanup_route.schema.yaml @@ -1,6 +1,6 @@ openapi: 3.0.0 info: - version: '1' + version: '2023-10-31' title: Risk Scoring API description: These APIs allow the consumer to manage Entity Risk Scores within Entity Analytics. paths: @@ -57,4 +57,3 @@ components: type: integer error: type: string - diff --git a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts index 255b56c485b9..288a08fdb8af 100644 --- a/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts +++ b/x-pack/plugins/security_solution/common/api/quickstart_client.gen.ts @@ -554,7 +554,7 @@ If asset criticality records already exist for the specified entities, those rec .request({ path: '/api/risk_score/engine/dangerously_delete_data', headers: { - [ELASTIC_HTTP_VERSION_HEADER]: '1', + [ELASTIC_HTTP_VERSION_HEADER]: '2023-10-31', }, method: 'DELETE', }) diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 73a8554ceaac..cdff061d94f2 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -7000,3 +7000,4 @@ tags: sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. name: Security Detections API + x-displayName: Security detections diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index 3aa292c02c18..ae35a302cbb4 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -1136,3 +1136,4 @@ security: tags: - description: Interact with and manage endpoints running the Elastic Defend integration. name: Security Endpoint Management API + x-displayName: Security endpoint management diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_1.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_1.bundled.schema.yaml deleted file mode 100644 index 9d6d57abd382..000000000000 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_1.bundled.schema.yaml +++ /dev/null @@ -1,88 +0,0 @@ -openapi: 3.0.3 -info: - description: '' - title: Security Entity Analytics API (Elastic Cloud and self-hosted) - version: '1' -servers: - - url: http://{kibana_host}:{port} - variables: - kibana_host: - default: localhost - port: - default: '5601' -paths: - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': - content: - application/json: - schema: - type: object - properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/TaskManagerUnavailableResponse' - description: Task manager is unavailable - default: - content: - application/json: - schema: - $ref: '#/components/schemas/CleanUpRiskEngineErrorResponse' - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API -components: - schemas: - CleanUpRiskEngineErrorResponse: - type: object - properties: - cleanup_successful: - example: false - type: boolean - errors: - items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error - type: array - required: - - cleanup_successful - - errors - TaskManagerUnavailableResponse: - description: Task manager is unavailable - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - securitySchemes: - BasicAuth: - scheme: basic - type: http -security: - - BasicAuth: [] -tags: - - description: '' - name: Security Entity Analytics API diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index c0f3df553645..05f6cdc42756 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -524,6 +524,37 @@ paths: summary: List Entity Store Entities tags: - Security Entity Analytics API + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine + responses: + '200': + content: + application/json: + schema: + type: object + properties: + cleanup_successful: + type: boolean + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/TaskManagerUnavailableResponse' + description: Task manager is unavailable + default: + content: + application/json: + schema: + $ref: '#/components/schemas/CleanUpRiskEngineErrorResponse' + description: Unexpected error + summary: Cleanup the Risk Engine + tags: + - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: description: >- @@ -655,6 +686,27 @@ components: required: - id_value - id_field + CleanUpRiskEngineErrorResponse: + type: object + properties: + cleanup_successful: + example: false + type: boolean + errors: + items: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + type: array + required: + - cleanup_successful + - errors CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/AssetCriticalityRecordIdParts' @@ -1043,3 +1095,4 @@ security: tags: - description: '' name: Security Entity Analytics API + x-displayName: Security entity analytics diff --git a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml index 68740efb388a..48eb95916885 100644 --- a/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/ess/security_solution_timeline_api_2023_10_31.bundled.schema.yaml @@ -1660,3 +1660,4 @@ tags: You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. name: Security Timeline API + x-displayName: Security timeline diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml index 24a0032201c9..4b7d9bed6e41 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_detections_api_2023_10_31.bundled.schema.yaml @@ -6146,3 +6146,4 @@ tags: sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page. name: Security Detections API + x-displayName: Security detections diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml index 7156c0a5226b..df98520fe783 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_endpoint_management_api_2023_10_31.bundled.schema.yaml @@ -1036,3 +1036,4 @@ security: tags: - description: Interact with and manage endpoints running the Elastic Defend integration. name: Security Endpoint Management API + x-displayName: Security endpoint management diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_1.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_1.bundled.schema.yaml deleted file mode 100644 index 835d8f79b1fe..000000000000 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_1.bundled.schema.yaml +++ /dev/null @@ -1,88 +0,0 @@ -openapi: 3.0.3 -info: - description: '' - title: Security Entity Analytics API (Elastic Cloud Serverless) - version: '1' -servers: - - url: http://{kibana_host}:{port} - variables: - kibana_host: - default: localhost - port: - default: '5601' -paths: - /api/risk_score/engine/dangerously_delete_data: - delete: - description: >- - Cleaning up the the Risk Engine by removing the indices, mapping and - transforms - operationId: CleanUpRiskEngine - responses: - '200': - content: - application/json: - schema: - type: object - properties: - cleanup_successful: - type: boolean - description: Successful response - '400': - content: - application/json: - schema: - $ref: '#/components/schemas/TaskManagerUnavailableResponse' - description: Task manager is unavailable - default: - content: - application/json: - schema: - $ref: '#/components/schemas/CleanUpRiskEngineErrorResponse' - description: Unexpected error - summary: Cleanup the Risk Engine - tags: - - Security Entity Analytics API -components: - schemas: - CleanUpRiskEngineErrorResponse: - type: object - properties: - cleanup_successful: - example: false - type: boolean - errors: - items: - type: object - properties: - error: - type: string - seq: - type: integer - required: - - seq - - error - type: array - required: - - cleanup_successful - - errors - TaskManagerUnavailableResponse: - description: Task manager is unavailable - type: object - properties: - message: - type: string - status_code: - minimum: 400 - type: integer - required: - - status_code - - message - securitySchemes: - BasicAuth: - scheme: basic - type: http -security: - - BasicAuth: [] -tags: - - description: '' - name: Security Entity Analytics API diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml index 690b59c51840..1ad7423a05b2 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_entity_analytics_api_2023_10_31.bundled.schema.yaml @@ -524,6 +524,37 @@ paths: summary: List Entity Store Entities tags: - Security Entity Analytics API + /api/risk_score/engine/dangerously_delete_data: + delete: + description: >- + Cleaning up the the Risk Engine by removing the indices, mapping and + transforms + operationId: CleanUpRiskEngine + responses: + '200': + content: + application/json: + schema: + type: object + properties: + cleanup_successful: + type: boolean + description: Successful response + '400': + content: + application/json: + schema: + $ref: '#/components/schemas/TaskManagerUnavailableResponse' + description: Task manager is unavailable + default: + content: + application/json: + schema: + $ref: '#/components/schemas/CleanUpRiskEngineErrorResponse' + description: Unexpected error + summary: Cleanup the Risk Engine + tags: + - Security Entity Analytics API /api/risk_score/engine/schedule_now: post: description: >- @@ -655,6 +686,27 @@ components: required: - id_value - id_field + CleanUpRiskEngineErrorResponse: + type: object + properties: + cleanup_successful: + example: false + type: boolean + errors: + items: + type: object + properties: + error: + type: string + seq: + type: integer + required: + - seq + - error + type: array + required: + - cleanup_successful + - errors CreateAssetCriticalityRecord: allOf: - $ref: '#/components/schemas/AssetCriticalityRecordIdParts' @@ -1043,3 +1095,4 @@ security: tags: - description: '' name: Security Entity Analytics API + x-displayName: Security entity analytics diff --git a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml index cfcb36e2dee7..343ec3dc30a7 100644 --- a/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml +++ b/x-pack/plugins/security_solution/docs/openapi/serverless/security_solution_timeline_api_2023_10_31.bundled.schema.yaml @@ -1660,3 +1660,4 @@ tags: You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file. name: Security Timeline API + x-displayName: Security timeline diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/index.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/index.tsx index 6045a8b8c9a5..b4ec54a29a07 100644 --- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/index.tsx +++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/index.tsx @@ -12,6 +12,7 @@ import { css } from '@emotion/react'; import { FormattedMessage } from '@kbn/i18n-react'; import { useCspSetupStatusApi } from '@kbn/cloud-security-posture/src/hooks/use_csp_setup_status_api'; import { MisconfigurationsPreview } from './misconfiguration/misconfiguration_preview'; +import { VulnerabilitiesPreview } from './vulnerabilities/vulnerabilities_preview'; export const EntityInsight = ({ name, @@ -25,10 +26,27 @@ export const EntityInsight = ({ const { euiTheme } = useEuiTheme(); const getSetupStatus = useCspSetupStatusApi(); const hasMisconfigurationFindings = getSetupStatus.data?.hasMisconfigurationsFindings; + const hasVulnerabilitiesFindings = getSetupStatus.data?.hasVulnerabilitiesFindings; + const insightContent: React.ReactElement[] = []; + const isVulnerabilitiesFindingForHost = hasVulnerabilitiesFindings && fieldName === 'host.name'; + if (hasMisconfigurationFindings) + insightContent.push( + <> + + + + ); + if (isVulnerabilitiesFindingForHost) + insightContent.push( + <> + + + + ); return ( <> - {hasMisconfigurationFindings && ( + {(hasMisconfigurationFindings || isVulnerabilitiesFindingForHost) && ( <> ({ } > - - + {insightContent} diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.test.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.test.tsx index 2e10d481b993..b7560f5c6892 100644 --- a/x-pack/plugins/security_solution/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.test.tsx +++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/misconfiguration/misconfiguration_preview.test.tsx @@ -5,7 +5,6 @@ * 2.0. */ -// Add stuff here import { TestProviders } from '../../../common/mock'; import { render } from '@testing-library/react'; import React from 'react'; diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.test.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.test.tsx new file mode 100644 index 000000000000..0436da3e192b --- /dev/null +++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.test.tsx @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { TestProviders } from '../../../common/mock'; +import { render } from '@testing-library/react'; +import React from 'react'; +import { VulnerabilitiesPreview } from './vulnerabilities_preview'; + +const mockProps: { hostName: string } = { + hostName: 'testContextID', +}; + +describe('VulnerabilitiesPreview', () => { + it('renders', () => { + const { queryByTestId } = render(, { + wrapper: TestProviders, + }); + expect( + queryByTestId('securitySolutionFlyoutInsightsVulnerabilitiesContent') + ).toBeInTheDocument(); + expect(queryByTestId('noVulnerabilitiesDataTestSubj')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx b/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx new file mode 100644 index 000000000000..6e30d39fc98a --- /dev/null +++ b/x-pack/plugins/security_solution/public/cloud_security_posture/components/vulnerabilities/vulnerabilities_preview.tsx @@ -0,0 +1,215 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { css } from '@emotion/react'; +import type { EuiThemeComputed } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiText, useEuiTheme, EuiTitle } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { DistributionBar } from '@kbn/security-solution-distribution-bar'; +import { useVulnerabilitiesPreview } from '@kbn/cloud-security-posture/src/hooks/use_vulnerabilities_preview'; +import { i18n } from '@kbn/i18n'; +import { ExpandablePanel } from '@kbn/security-solution-common'; +import { + buildEntityFlyoutPreviewQuery, + VULNERABILITIES_SEVERITY, + getAbbreviatedNumber, +} from '@kbn/cloud-security-posture-common'; +import { getSeverityStatusColor, getSeverityText } from '@kbn/cloud-security-posture'; + +interface VulnerabilitiesDistributionBarProps { + key: string; + count: number; + color: string; +} + +const getVulnerabilityStats = ( + critical: number, + high: number, + medium: number, + low: number, + none: number +): VulnerabilitiesDistributionBarProps[] => { + const vulnerabilityStats: VulnerabilitiesDistributionBarProps[] = []; + if (critical === 0 && high === 0 && medium === 0 && low === 0 && none === 0) + return vulnerabilityStats; + + if (none > 0) + vulnerabilityStats.push({ + key: i18n.translate( + 'xpack.securitySolution.flyout.right.insights.vulnerabilities.noneVulnerabilitiesText', + { + defaultMessage: getSeverityText(VULNERABILITIES_SEVERITY.UNKNOWN), + } + ), + count: none, + color: getSeverityStatusColor(VULNERABILITIES_SEVERITY.UNKNOWN), + }); + if (low > 0) + vulnerabilityStats.push({ + key: i18n.translate( + 'xpack.securitySolution.flyout.right.insights.vulnerabilities.lowVulnerabilitiesText', + { + defaultMessage: getSeverityText(VULNERABILITIES_SEVERITY.LOW), + } + ), + count: low, + color: getSeverityStatusColor(VULNERABILITIES_SEVERITY.LOW), + }); + + if (medium > 0) + vulnerabilityStats.push({ + key: i18n.translate( + 'xpack.securitySolution.flyout.right.insights.vulnerabilities.mediumVulnerabilitiesText', + { + defaultMessage: getSeverityText(VULNERABILITIES_SEVERITY.MEDIUM), + } + ), + count: medium, + color: getSeverityStatusColor(VULNERABILITIES_SEVERITY.MEDIUM), + }); + if (high > 0) + vulnerabilityStats.push({ + key: i18n.translate( + 'xpack.securitySolution.flyout.right.insights.vulnerabilities.highVulnerabilitiesText', + { + defaultMessage: getSeverityText(VULNERABILITIES_SEVERITY.HIGH), + } + ), + count: high, + color: getSeverityStatusColor(VULNERABILITIES_SEVERITY.HIGH), + }); + if (critical > 0) + vulnerabilityStats.push({ + key: i18n.translate( + 'xpack.securitySolution.flyout.right.insights.vulnerabilities.CriticalVulnerabilitiesText', + { + defaultMessage: getSeverityText(VULNERABILITIES_SEVERITY.CRITICAL), + } + ), + count: critical, + color: getSeverityStatusColor(VULNERABILITIES_SEVERITY.CRITICAL), + }); + + return vulnerabilityStats; +}; + +const VulnerabilitiesEmptyState = ({ euiTheme }: { euiTheme: EuiThemeComputed<{}> }) => { + return ( + + + + +

{'-'}

+ + + + + + + + + + ); +}; + +const VulnerabilitiesCount = ({ + vulnerabilitiesTotal, + euiTheme, +}: { + vulnerabilitiesTotal: string | number; + euiTheme: EuiThemeComputed<{}>; +}) => { + return ( + + + + +

{vulnerabilitiesTotal}

+ + + + + + + + + + ); +}; + +export const VulnerabilitiesPreview = ({ hostName }: { hostName: string }) => { + const { data } = useVulnerabilitiesPreview({ + query: buildEntityFlyoutPreviewQuery('host.name', hostName), + sort: [], + enabled: true, + pageSize: 1, + }); + + const { CRITICAL = 0, HIGH = 0, MEDIUM = 0, LOW = 0, NONE = 0 } = data?.count || {}; + + const totalVulnerabilities = CRITICAL + HIGH + MEDIUM + LOW + NONE; + const { euiTheme } = useEuiTheme(); + const hasVulnerabilities = totalVulnerabilities > 0; + return ( + + + + ), + }} + data-test-subj={'securitySolutionFlyoutInsightsVulnerabilities'} + > + + {hasVulnerabilities ? ( + + ) : ( + + )} + + + + + + + + + + + + ); +}; diff --git a/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/remove_kql_variables.ts b/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/remove_kql_variables.ts index 18ad035debf0..f7730f650d4e 100644 --- a/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/remove_kql_variables.ts +++ b/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/remove_kql_variables.ts @@ -13,7 +13,7 @@ export const operators = ['and', 'or', 'not']; export const removeKqlVariablesUsingRegex = (expression: string) => { const myRegexp = - /(\s+)*(and|or|not){0,1}(\s+)*([\w\.\-\[\]]+)\s*:\s*"(\$[\w\.\-\(\)\[\]]+\$)"(\s+)*(and|or|not){0,1}(\s+)*/g; + /(\s*)(and|or|not){0,1}(\s*)([\w\.\-\[\]]+)\s*:\s*"(\$[\w\.\-\(\)\[\]]+\$)"(\s*)(and|or|not){0,1}(\s*)/g; return expression.replace(myRegexp, replacer); }; diff --git a/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/replace_kql_commas_with_or.ts b/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/replace_kql_commas_with_or.ts index 1f96615811fc..2179495ad720 100644 --- a/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/replace_kql_commas_with_or.ts +++ b/x-pack/plugins/security_solution/public/common/components/ml/conditional_links/replace_kql_commas_with_or.ts @@ -22,7 +22,7 @@ export const replacement = (match: string, p1: string, p2: string) => { }; export const replaceKqlCommasWithOrUsingRegex = (expression: string) => { - const myRegexp = /([\w\.\-\[\]]+)\s*:\s*"(([\w\.\-\(\)\[\]]+,[\w\.\-\(\)\[\]]+){1,})"/g; + const myRegexp = /([\w\.\-\[\]]+)\s*:\s*"(([\w\.\-\(\)\[\]]+)(,[\w\.\-\(\)\[\]]+){1,})"/g; return expression.replace(myRegexp, replacement); }; diff --git a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx index bdf14f4b6fd4..5c8d8d89c46d 100644 --- a/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx +++ b/x-pack/plugins/security_solution/public/detection_engine/rule_creation_ui/components/step_define_rule/schema.tsx @@ -643,6 +643,35 @@ export const schema: FormSchema = { defaultMessage: "New terms rules only alert if terms don't appear in historical data.", } ), + validations: [ + { + validator: ( + ...args: Parameters + ): ReturnType> | undefined => { + const [{ path, formData }] = args; + const needsValidation = isNewTermsRule(formData.ruleType); + + if (!needsValidation) { + return; + } + + const filterTimeVal = formData.historyWindowSize.match(/\d+/g); + + if (filterTimeVal <= 0) { + return { + code: 'ERR_MIN_LENGTH', + path, + message: i18n.translate( + 'xpack.securitySolution.detectionEngine.validations.stepDefineRule.historyWindowSize.errMin', + { + defaultMessage: 'History window size must be greater than 0.', + } + ), + }; + } + }, + }, + ], }, groupByFields: { type: FIELD_TYPES.COMBO_BOX, diff --git a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts index d354531affd3..faecf1f71f14 100644 --- a/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts +++ b/x-pack/plugins/security_solution/public/management/cypress/e2e/serverless/metering.cy.ts @@ -25,7 +25,7 @@ describe( ftrConfig: { kbnServerArgs: [ `--xpack.securitySolutionServerless.usageReportingTaskInterval=1m`, - `--xpack.securitySolutionServerless.usageReportingApiUrl=https://localhost:3623`, + `--xpack.securitySolutionServerless.usageApi.url=https://localhost:3623`, ], }, }, diff --git a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/notes/index.tsx b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/notes/index.tsx index 959581a24176..dcc9f229b842 100644 --- a/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/notes/index.tsx +++ b/x-pack/plugins/security_solution/public/timelines/components/timeline/tabs/notes/index.tsx @@ -160,7 +160,12 @@ const NotesTabContentComponent: React.FC = React.memo(({ t }, [timeline.description, timeline.updated, timeline.updatedBy]); return ( - + diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js index 7ae72255217e..2c0e36f3db8e 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_detections.js @@ -29,6 +29,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Detections API', + 'x-displayName': 'Security detections', description: 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', }, @@ -54,6 +55,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Detections API', + 'x-displayName': 'Security detections', description: 'You can create rules that automatically turn events and external alerts sent to Elastic Security into detection alerts. These alerts are displayed on the Detections page.', }, diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js index 6ff13e46b0cc..481e3df4803d 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_endpoint_management.js @@ -28,6 +28,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Endpoint Management API', + 'x-displayName': 'Security endpoint management', description: 'Interact with and manage endpoints running the Elastic Defend integration.', }, @@ -52,6 +53,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Endpoint Management API', + 'x-displayName': 'Security endpoint management', description: 'Interact with and manage endpoints running the Elastic Defend integration.', }, diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js index f8464b7dad36..89a60e1a8a0b 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_entity_analytics.js @@ -28,6 +28,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Entity Analytics API', + 'x-displayName': 'Security entity analytics', description: '', }, ], @@ -51,6 +52,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Entity Analytics API', + 'x-displayName': 'Security entity analytics', description: '', }, ], diff --git a/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js b/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js index 507ca29293fa..e2a439b81b32 100644 --- a/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js +++ b/x-pack/plugins/security_solution/scripts/openapi/bundle_timeline.js @@ -29,6 +29,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Timeline API', + 'x-displayName': 'Security timeline', description: 'You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.', }, @@ -54,6 +55,7 @@ const ROOT = resolve(__dirname, '../..'); tags: [ { name: 'Security Timeline API', + 'x-displayName': 'Security timeline', description: 'You can create Timelines and Timeline templates via the API, as well as import new Timelines from an ndjson file.', }, diff --git a/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/cloud_project_handler.ts b/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/cloud_project_handler.ts index dd1e2c876290..5ae476c17580 100644 --- a/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/cloud_project_handler.ts +++ b/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/cloud_project_handler.ts @@ -40,8 +40,12 @@ export class CloudHandler extends ProjectHandler { body.product_types = productTypes; } - if (process.env.KIBANA_MKI_IMAGE_COMMIT || commit) { - const override = commit ? commit : process.env.KIBANA_MKI_IMAGE_COMMIT; + // The qualityGate variable has been added here to ensure that when the quality gate runs, there will be + // no kibana image override. The tests will be executed against the commit which is already promoted to QA. + const qualityGate = + process.env.KIBANA_MKI_QUALITY_GATE && process.env.KIBANA_MKI_QUALITY_GATE === '1'; + const override = commit ?? process.env.KIBANA_MKI_IMAGE_COMMIT; + if (override && !qualityGate) { const kibanaOverrideImage = `${override?.substring(0, 12)}`; this.log.info(`Kibana Image Commit under test: ${process.env.KIBANA_MKI_IMAGE_COMMIT}!`); this.log.info( diff --git a/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/proxy_project_handler.ts b/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/proxy_project_handler.ts index b438849d85b4..dfc97e9a422d 100644 --- a/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/proxy_project_handler.ts +++ b/x-pack/plugins/security_solution/scripts/run_cypress/project_handler/proxy_project_handler.ts @@ -40,8 +40,12 @@ export class ProxyHandler extends ProjectHandler { body.product_types = productTypes; } - if (process.env.KIBANA_MKI_IMAGE_COMMIT || commit) { - const override = commit ? commit : process.env.KIBANA_MKI_IMAGE_COMMIT; + // The qualityGate variable has been added here to ensure that when the quality gate runs, there will be + // no kibana image override. The tests will be executed against the commit which is already promoted to QA. + const qualityGate = + process.env.KIBANA_MKI_QUALITY_GATE && process.env.KIBANA_MKI_QUALITY_GATE === '1'; + const override = commit ?? process.env.KIBANA_MKI_IMAGE_COMMIT; + if (override && !qualityGate) { const kibanaOverrideImage = `${override?.substring(0, 12)}`; this.log.info(`Kibana Image Commit under test: ${process.env.KIBANA_MKI_IMAGE_COMMIT}!`); this.log.info( diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts index 908d69ab0802..6bf116c28719 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/esql_language_knowledge_base_tool.ts @@ -17,7 +17,7 @@ import { APP_UI_ID } from '../../../../common'; const toolDetails = { description: - 'Call this for knowledge on how to build an ESQL query, or answer questions about the ES|QL query language. Input must always be the query on a single line, with no other text. Your answer will be parsed as JSON, so never use quotes within the output and instead use backticks. Do not add any additional text to describe your output.', + 'Call this for knowledge on how to build an ESQL query, or answer questions about the ES|QL query language. Input must always be the user query on a single line, with no other text. Your answer will be parsed as JSON, so never use quotes within the output and instead use backticks. Do not add any additional text to describe your output.', id: 'esql-knowledge-base-tool', name: 'ESQLKnowledgeBaseTool', }; diff --git a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.ts b/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.ts index c313d877cc55..a26d16607ac4 100644 --- a/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.ts +++ b/x-pack/plugins/security_solution/server/assistant/tools/esql_language_knowledge_base/nl_to_esql_tool.ts @@ -20,16 +20,11 @@ const toolDetails = { id: 'nl-to-esql-tool', name: TOOL_NAME, description: `You MUST use the "${TOOL_NAME}" function when the user wants to: - - run any arbitrary query - breakdown or filter ES|QL queries that are displayed on the current page - convert queries from another language to ES|QL - asks general questions about ES|QL - DO NOT UNDER ANY CIRCUMSTANCES generate ES|QL queries or explain anything about the ES|QL query language yourself. - DO NOT UNDER ANY CIRCUMSTANCES try to correct an ES|QL query yourself - always use the "${TOOL_NAME}" function for this. - - Even if the "${TOOL_NAME}" function was used before that, follow it up with the "${TOOL_NAME}" function. If a query fails, do not attempt to correct it yourself. Again you should call the "${TOOL_NAME}" function, - even if it has been called before.`, + ALWAYS use this tool to generate ES|QL queries or explain anything about the ES|QL query language rather than coming up with your own answer.`, }; export const NL_TO_ESQL_TOOL: AssistantTool = { diff --git a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_migration_client.ts b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_migration_client.ts index b9af8a133ec3..b87a172b4c74 100644 --- a/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_migration_client.ts +++ b/x-pack/plugins/security_solution/server/lib/entity_analytics/asset_criticality/asset_criticality_migration_client.ts @@ -77,7 +77,7 @@ export class AssetCriticalityEcsMigrationClient { conflicts: 'proceed', ignore_unavailable: true, allow_no_indices: true, - scroll_size: 1000, + scroll_size: 10000, body: { query: ECS_MAPPINGS_MIGRATION_QUERY, script: { @@ -87,6 +87,7 @@ export class AssetCriticalityEcsMigrationClient { }, }, { + requestTimeout: '5m', retryOnTimeout: true, maxRetries: 2, signal: abortSignal, diff --git a/x-pack/plugins/security_solution_serverless/server/config.ts b/x-pack/plugins/security_solution_serverless/server/config.ts index 4b9700aaca6b..96e743a59b42 100644 --- a/x-pack/plugins/security_solution_serverless/server/config.ts +++ b/x-pack/plugins/security_solution_serverless/server/config.ts @@ -5,14 +5,31 @@ * 2.0. */ -import { schema, type TypeOf } from '@kbn/config-schema'; +import type { TypeOf } from '@kbn/config-schema'; import type { PluginConfigDescriptor, PluginInitializerContext } from '@kbn/core/server'; import type { SecuritySolutionPluginSetup } from '@kbn/security-solution-plugin/server/plugin_contract'; -import { USAGE_SERVICE_USAGE_URL } from './constants'; -import { productTypes } from '../common/config'; + +import { schema } from '@kbn/config-schema'; + import type { ExperimentalFeatures } from '../common/experimental_features'; + +import { productTypes } from '../common/config'; import { parseExperimentalConfigValue } from '../common/experimental_features'; +const usageApiConfig = schema.maybe( + schema.object({ + enabled: schema.maybe(schema.boolean()), + url: schema.string(), + tls: schema.maybe( + schema.object({ + certificate: schema.string(), + key: schema.string(), + ca: schema.string(), + }) + ), + }) +); + export const configSchema = schema.object({ enabled: schema.boolean({ defaultValue: false }), productTypes, @@ -33,10 +50,6 @@ export const configSchema = schema.object({ */ usageReportingTaskTimeout: schema.string({ defaultValue: '1m' }), - /** - * Usage Reporting: the URL to send usage data to - */ - usageReportingApiUrl: schema.string({ defaultValue: USAGE_SERVICE_USAGE_URL }), /** * For internal use. A list of string values (comma delimited) that will enable experimental * type of functionality that is not yet released. Valid values for this settings need to @@ -52,6 +65,8 @@ export const configSchema = schema.object({ enableExperimental: schema.arrayOf(schema.string(), { defaultValue: () => [], }), + + usageApi: usageApiConfig, }); export type ServerlessSecuritySchema = TypeOf; diff --git a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts index 56c971e5d1df..66307e8f8a69 100644 --- a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts +++ b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.test.ts @@ -150,7 +150,7 @@ describe('SecurityUsageReportingTask', () => { productTypes: [ { product_line: ProductLine.endpoint, product_tier: ProductTier.complete }, ], - usageReportingApiUrl: USAGE_SERVICE_USAGE_URL, + usageApi: { url: USAGE_SERVICE_USAGE_URL }, } as ServerlessSecurityConfig, }); mockTask = new SecurityUsageReportingTask(taskArgs); @@ -227,7 +227,7 @@ describe('SecurityUsageReportingTask', () => { }); taskArgs = buildTaskArgs({ config: { - usageReportingApiUrl: USAGE_SERVICE_USAGE_URL, + usageApi: { url: USAGE_SERVICE_USAGE_URL }, } as ServerlessSecurityConfig, }); mockTask = new SecurityUsageReportingTask(taskArgs); diff --git a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts index 8b965cb59715..83ef25a849f2 100644 --- a/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts +++ b/x-pack/plugins/security_solution_serverless/server/task_manager/usage_reporting_task.ts @@ -165,7 +165,7 @@ export class SecurityUsageReportingTask { usageReportResponse = await usageReportingService.reportUsage( usageRecords, - this.config.usageReportingApiUrl + this.config.usageApi?.url ); if (!usageReportResponse.ok) { diff --git a/x-pack/plugins/serverless_search/kibana.jsonc b/x-pack/plugins/serverless_search/kibana.jsonc index a326956635d8..8ef675723cf0 100644 --- a/x-pack/plugins/serverless_search/kibana.jsonc +++ b/x-pack/plugins/serverless_search/kibana.jsonc @@ -7,11 +7,7 @@ "id": "serverlessSearch", "server": true, "browser": true, - "configPath": [ - "xpack", - "serverless", - "search" - ], + "configPath": ["xpack", "serverless", "search"], "requiredPlugins": [ "cloud", "console", @@ -29,13 +25,10 @@ "optionalPlugins": [ "indexManagement", "searchConnectors", - "searchHomepage", "searchIndices", "searchInferenceEndpoints", "usageCollection" ], - "requiredBundles": [ - "kibanaReact" - ] + "requiredBundles": ["kibanaReact"] } } diff --git a/x-pack/plugins/serverless_search/public/navigation_tree.ts b/x-pack/plugins/serverless_search/public/navigation_tree.ts index 53899994181d..3fc084b5059d 100644 --- a/x-pack/plugins/serverless_search/public/navigation_tree.ts +++ b/x-pack/plugins/serverless_search/public/navigation_tree.ts @@ -9,7 +9,7 @@ import type { NavigationTreeDefinition } from '@kbn/core-chrome-browser'; import { i18n } from '@kbn/i18n'; import { CONNECTORS_LABEL } from '../common/i18n_string'; -export const navigationTree = (useSearchHomepage: boolean = false): NavigationTreeDefinition => ({ +export const navigationTree = (): NavigationTreeDefinition => ({ body: [ { type: 'navGroup', @@ -25,7 +25,7 @@ export const navigationTree = (useSearchHomepage: boolean = false): NavigationTr title: i18n.translate('xpack.serverlessSearch.nav.home', { defaultMessage: 'Home', }), - link: useSearchHomepage ? 'searchHomepage' : 'serverlessElasticsearch', + link: 'serverlessElasticsearch', spaceBefore: 'm', }, { diff --git a/x-pack/plugins/serverless_search/public/plugin.ts b/x-pack/plugins/serverless_search/public/plugin.ts index d06a104d01fc..66daece706ea 100644 --- a/x-pack/plugins/serverless_search/public/plugin.ts +++ b/x-pack/plugins/serverless_search/public/plugin.ts @@ -43,9 +43,6 @@ export class ServerlessSearchPlugin core: CoreSetup, setupDeps: ServerlessSearchPluginSetupDependencies ): ServerlessSearchPluginSetup { - const { searchHomepage } = setupDeps; - const useSearchHomepage = searchHomepage && searchHomepage.isHomepageFeatureEnabled(); - const queryClient = new QueryClient({ mutationCache: new MutationCache({ onError: (error) => { @@ -77,23 +74,6 @@ export class ServerlessSearchPlugin defaultMessage: 'Home', }); - if (useSearchHomepage) { - core.application.register({ - id: 'serverlessHomeRedirect', - title: homeTitle, - appRoute: '/app/elasticsearch', - euiIconType: 'logoElastic', - category: DEFAULT_APP_CATEGORIES.enterpriseSearch, - visibleIn: [], - async mount({}: AppMountParameters) { - const [coreStart] = await core.getStartServices(); - coreStart.chrome.docTitle.change(homeTitle); - coreStart.application.navigateToApp('searchHomepage'); - return () => {}; - }, - }); - } - core.application.register({ id: 'serverlessElasticsearch', title: i18n.translate('xpack.serverlessSearch.app.elasticsearch.title', { @@ -101,7 +81,7 @@ export class ServerlessSearchPlugin }), euiIconType: 'logoElastic', category: DEFAULT_APP_CATEGORIES.enterpriseSearch, - appRoute: useSearchHomepage ? '/app/elasticsearch/getting_started' : '/app/elasticsearch', + appRoute: '/app/elasticsearch', async mount({ element, history }: AppMountParameters) { const { renderApp } = await import('./application/elasticsearch'); const [coreStart, services] = await core.getStartServices(); @@ -149,12 +129,11 @@ export class ServerlessSearchPlugin core: CoreStart, services: ServerlessSearchPluginStartDependencies ): ServerlessSearchPluginStart { - const { serverless, management, indexManagement, security, searchHomepage } = services; - const useSearchHomepage = searchHomepage && searchHomepage.isHomepageFeatureEnabled(); + const { serverless, management, indexManagement, security } = services; - serverless.setProjectHome(useSearchHomepage ? '/app/elasticsearch/home' : '/app/elasticsearch'); + serverless.setProjectHome('/app/elasticsearch'); - const navigationTree$ = of(navigationTree(searchHomepage?.isHomepageFeatureEnabled() ?? false)); + const navigationTree$ = of(navigationTree()); serverless.initNavigation('search', navigationTree$, { dataTestSubj: 'svlSearchSideNav' }); const extendCardNavDefinitions = serverless.getNavigationCards( diff --git a/x-pack/plugins/serverless_search/public/types.ts b/x-pack/plugins/serverless_search/public/types.ts index d3011210c524..7067851bc019 100644 --- a/x-pack/plugins/serverless_search/public/types.ts +++ b/x-pack/plugins/serverless_search/public/types.ts @@ -15,10 +15,6 @@ import type { ServerlessPluginSetup, ServerlessPluginStart } from '@kbn/serverle import type { SharePluginStart } from '@kbn/share-plugin/public'; import type { IndexManagementPluginStart } from '@kbn/index-management-plugin/public'; import type { DiscoverSetup } from '@kbn/discover-plugin/public'; -import type { - SearchHomepagePluginSetup, - SearchHomepagePluginStart, -} from '@kbn/search-homepage/public'; // eslint-disable-next-line @typescript-eslint/no-empty-interface export interface ServerlessSearchPluginSetup {} @@ -31,7 +27,6 @@ export interface ServerlessSearchPluginSetupDependencies { management: ManagementSetup; serverless: ServerlessPluginSetup; discover: DiscoverSetup; - searchHomepage?: SearchHomepagePluginSetup; } export interface ServerlessSearchPluginStartDependencies { @@ -44,5 +39,4 @@ export interface ServerlessSearchPluginStartDependencies { serverless: ServerlessPluginStart; share: SharePluginStart; indexManagement?: IndexManagementPluginStart; - searchHomepage?: SearchHomepagePluginStart; } diff --git a/x-pack/plugins/serverless_search/tsconfig.json b/x-pack/plugins/serverless_search/tsconfig.json index 642ec77cd321..c856b155acc7 100644 --- a/x-pack/plugins/serverless_search/tsconfig.json +++ b/x-pack/plugins/serverless_search/tsconfig.json @@ -50,7 +50,6 @@ "@kbn/search-playground", "@kbn/security-api-key-management", "@kbn/search-inference-endpoints", - "@kbn/search-homepage", "@kbn/security-plugin-types-common", ] } diff --git a/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.test.tsx b/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.test.tsx index 9150f0c211ad..a7cc54820774 100644 --- a/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.test.tsx +++ b/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.test.tsx @@ -160,6 +160,32 @@ describe('PrivilegesRolesForm', () => { expect(screen.getByTestId('space-assign-role-create-roles-privilege-button')).toBeDisabled(); }); + it('renders with the assign roles button disabled when no base privileges or feature privileges are selected', async () => { + getRolesSpy.mockResolvedValue([]); + getAllKibanaPrivilegeSpy.mockResolvedValue(createRawKibanaPrivileges(kibanaFeatures)); + + const roles: Role[] = [ + createRole('test_role_1', [{ base: [], feature: {}, spaces: [space.id] }]), + ]; + + renderPrivilegeRolesForm({ + preSelectedRoles: roles, + }); + + await waitFor(() => null); + + expect(screen.getByTestId(`${FEATURE_PRIVILEGES_READ}-privilege-button`)).toHaveAttribute( + 'aria-pressed', + String(false) + ); + + expect( + screen.getByTestId('space-assign-role-privilege-customization-form') + ).toBeInTheDocument(); + + expect(screen.getByTestId('space-update-role-create-roles-privilege-button')).toBeDisabled(); + }); + it('preselects the privilege of the selected role when one is provided', async () => { getRolesSpy.mockResolvedValue([]); getAllKibanaPrivilegeSpy.mockResolvedValue(createRawKibanaPrivileges(kibanaFeatures)); diff --git a/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.tsx b/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.tsx index 276efb7f9252..23a7383a01a0 100644 --- a/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.tsx +++ b/x-pack/plugins/spaces/public/management/edit_space/roles/component/space_assign_role_privilege_form.tsx @@ -543,11 +543,32 @@ export const PrivilegesRolesForm: FC = (props) => { ); }; + const canSave = useCallback(() => { + if (selectedRoles.length === 0) { + return false; + } + + const form = roleCustomizationAnchor.value.kibana[roleCustomizationAnchor.privilegeIndex] ?? {}; + const formBase = form.base ?? []; + const formFeature = form.feature ?? {}; + + // ensure that the form has base privileges or has selected features that are valid + if ( + formBase.length === 0 && + (Object.keys(formFeature).length === 0 || + Object.values(formFeature).every((privileges) => privileges.length === 0)) + ) { + return false; + } + + return true; + }, [selectedRoles, roleCustomizationAnchor]); + const getSaveButton = useCallback(() => { return ( assignRolesToSpace()} data-test-subj={`space-${ @@ -563,7 +584,7 @@ export const PrivilegesRolesForm: FC = (props) => { })} ); - }, [assignRolesToSpace, assigningToRole, selectedRoles.length]); + }, [assignRolesToSpace, assigningToRole, canSave]); return ( diff --git a/x-pack/plugins/spaces/server/spaces_client/spaces_client.test.ts b/x-pack/plugins/spaces/server/spaces_client/spaces_client.test.ts index f53bb02787f8..364afdcaba66 100644 --- a/x-pack/plugins/spaces/server/spaces_client/spaces_client.test.ts +++ b/x-pack/plugins/spaces/server/spaces_client/spaces_client.test.ts @@ -31,6 +31,35 @@ const createMockConfig = ( return ConfigSchema.validate(mockConfig, { serverless: !mockConfig.allowFeatureVisibility }); }; +const features = [ + { + id: 'feature_1', + name: 'Feature 1', + app: [], + category: { id: 'enterpriseSearch' }, + scope: ['spaces', 'security'], + }, + { + id: 'feature_2', + name: 'Feature 2', + app: ['feature2'], + scope: ['spaces', 'security'], + catalogue: ['feature2Entry'], + category: { id: 'observability' }, + }, + { + id: 'feature_3', + name: 'Feature 3', + app: ['feature3_app'], + scope: ['spaces', 'security'], + catalogue: ['feature3Entry'], + category: { id: 'securitySolution' }, + }, +] as unknown as KibanaFeature[]; +const featuresStart = featuresPluginMock.createStart(); + +featuresStart.getKibanaFeatures.mockReturnValue([...features]); + describe('#getAll', () => { const savedObjects: Array> = [ { @@ -84,7 +113,7 @@ describe('#getAll', () => { color: '#FFFFFF', initials: 'FB', imageUrl: 'go-bots/predates/transformers', - disabledFeatures: [], + disabledFeatures: ['feature_2', 'feature_3'], // Added dynamically because solution is 'es' solution: 'es', _reserved: true, }, @@ -117,7 +146,7 @@ describe('#getAll', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const actualSpaces = await client.getAll(); @@ -145,13 +174,16 @@ describe('#getAll', () => { mockCallWithRequestRepository, [], 'serverless', - featuresPluginMock.createStart() + featuresStart ); const [actualSpace] = await client.getAll(); - const [{ solution, ...expectedSpace }] = expectedSpaces; + const [{ solution, disabledFeatures, ...expectedSpace }] = expectedSpaces; expect(actualSpace.solution).toBeUndefined(); - expect(actualSpace).toEqual(expectedSpace); + expect(actualSpace).toEqual({ + ...expectedSpace, + disabledFeatures: [], // And the disabledFeatures is not dynamically added + }); expect(mockCallWithRequestRepository.find).toHaveBeenCalledWith({ type: 'space', page: 1, @@ -170,7 +202,7 @@ describe('#getAll', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); await expect( client.getAll({ purpose: 'invalid_purpose' as GetAllSpacesPurpose }) @@ -218,7 +250,7 @@ describe('#get', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; const actualSpace = await client.get(id); @@ -242,7 +274,7 @@ describe('#get', () => { mockCallWithRequestRepository, [], 'serverless', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; const actualSpace = await client.get(id); @@ -266,12 +298,16 @@ describe('#get', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; const actualSpace = await client.get(id); - expect(actualSpace).toEqual({ ...expectedSpace, solution: 'es' }); + expect(actualSpace).toEqual({ + ...expectedSpace, + solution: 'es', + disabledFeatures: ['feature_2', 'feature_3'], // Added dynamically because solution is 'es' + }); }); }); @@ -312,7 +348,10 @@ describe('#create', () => { const maxSpaces = 5; const mockDebugLogger = createMockDebugLogger(); const mockCallWithRequestRepository = savedObjectsRepositoryMock.create(); - mockCallWithRequestRepository.create.mockResolvedValue(savedObject); + mockCallWithRequestRepository.create.mockResolvedValue({ + ...savedObject, + attributes: { ...(savedObject.attributes as object), solution: 'es' }, + }); mockCallWithRequestRepository.find.mockResolvedValue({ total: maxSpaces - 1, } as any); @@ -330,20 +369,28 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); - const actualSpace = await client.create(spaceToCreate); + const actualSpace = await client.create({ ...spaceToCreate, solution: 'es' }); - expect(actualSpace).toEqual(expectedReturnedSpace); + expect(actualSpace).toEqual({ + ...expectedReturnedSpace, + solution: 'es', + disabledFeatures: ['feature_2', 'feature_3'], // Added dynamically because solution is 'es' + }); expect(mockCallWithRequestRepository.find).toHaveBeenCalledWith({ type: 'space', page: 1, perPage: 0, }); - expect(mockCallWithRequestRepository.create).toHaveBeenCalledWith('space', attributes, { - id, - }); + expect(mockCallWithRequestRepository.create).toHaveBeenCalledWith( + 'space', + { ...attributes, solution: 'es' }, + { + id, + } + ); }); test(`throws bad request when creating space with disabled features`, async () => { @@ -355,7 +402,7 @@ describe('#create', () => { mockCallWithRequestRepository.find.mockResolvedValue({ total: maxSpaces - 1, } as any); - const featuresMock = featuresPluginMock.createStart(); + const featuresMock = featuresStart; featuresMock.getKibanaFeatures.mockReturnValue([ new KibanaFeature({ @@ -422,7 +469,7 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); await expect(client.create(spaceToCreate)).rejects.toThrowErrorMatchingInlineSnapshot( @@ -459,7 +506,7 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'serverless', - featuresPluginMock.createStart() + featuresStart ); await expect( @@ -507,7 +554,7 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const actualSpace = await client.create({ ...spaceToCreate, solution: 'es' }); @@ -551,7 +598,7 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const actualSpace = await client.create(spaceToCreate); @@ -589,7 +636,7 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); await expect( @@ -630,7 +677,7 @@ describe('#create', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); await expect( @@ -687,7 +734,11 @@ describe('#update', () => { const mockDebugLogger = createMockDebugLogger(); const mockConfig = createMockConfig(); const mockCallWithRequestRepository = savedObjectsRepositoryMock.create(); - mockCallWithRequestRepository.get.mockResolvedValue(savedObject); + mockCallWithRequestRepository.get.mockResolvedValueOnce({ + ...savedObject, + attributes: { ...(savedObject.attributes as object), solution: 'es' }, + }); + featuresStart.getKibanaFeatures.mockReturnValue([...features]); const client = new SpacesClient( mockDebugLogger, @@ -695,13 +746,20 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; - const actualSpace = await client.update(id, spaceToUpdate); + const actualSpace = await client.update(id, { ...spaceToUpdate, solution: 'es' }); - expect(actualSpace).toEqual(expectedReturnedSpace); - expect(mockCallWithRequestRepository.update).toHaveBeenCalledWith('space', id, attributes); + expect(actualSpace).toEqual({ + ...expectedReturnedSpace, + solution: 'es', + disabledFeatures: ['feature_2', 'feature_3'], // Added dynamically because solution is 'es' + }); + expect(mockCallWithRequestRepository.update).toHaveBeenCalledWith('space', id, { + ...attributes, + solution: 'es', + }); expect(mockCallWithRequestRepository.get).toHaveBeenCalledWith('space', id); }); @@ -710,7 +768,7 @@ describe('#update', () => { const mockConfig = createMockConfig(); const mockCallWithRequestRepository = savedObjectsRepositoryMock.create(); mockCallWithRequestRepository.get.mockResolvedValue(savedObject); - const featuresMock = featuresPluginMock.createStart(); + const featuresMock = featuresStart; featuresMock.getKibanaFeatures.mockReturnValue([ new KibanaFeature({ @@ -767,7 +825,7 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'serverless', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; @@ -800,7 +858,7 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; @@ -827,7 +885,7 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; await client.update(id, { ...spaceToUpdate, solution: 'es' }); @@ -857,7 +915,7 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; const actualSpace = await client.update(id, spaceToUpdate); @@ -884,7 +942,7 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; @@ -917,7 +975,7 @@ describe('#update', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const id = savedObject.id; @@ -971,7 +1029,7 @@ describe('#delete', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); await expect(client.delete(id)).rejects.toThrowErrorMatchingInlineSnapshot( @@ -993,7 +1051,7 @@ describe('#delete', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); await client.delete(id); @@ -1016,7 +1074,7 @@ describe('#disableLegacyUrlAliases', () => { mockCallWithRequestRepository, [], 'traditional', - featuresPluginMock.createStart() + featuresStart ); const aliases = [ { targetSpace: 'space1', targetType: 'foo', sourceId: '123' }, diff --git a/x-pack/plugins/spaces/server/spaces_client/spaces_client.ts b/x-pack/plugins/spaces/server/spaces_client/spaces_client.ts index 4043da9f8722..5d7ae1159f5e 100644 --- a/x-pack/plugins/spaces/server/spaces_client/spaces_client.ts +++ b/x-pack/plugins/spaces/server/spaces_client/spaces_client.ts @@ -20,6 +20,7 @@ import type { FeaturesPluginStart } from '@kbn/features-plugin/server'; import { isReservedSpace } from '../../common'; import type { spaceV1 as v1 } from '../../common'; import type { ConfigType } from '../config'; +import { withSpaceSolutionDisabledFeatures } from '../lib/utils/space_solution_disabled_features'; const SUPPORTED_GET_SPACE_PURPOSES: v1.GetAllSpacesPurpose[] = [ 'any', @@ -253,7 +254,11 @@ export class SpacesClient implements ISpacesClient { color: savedObject.attributes.color, initials: savedObject.attributes.initials, imageUrl: savedObject.attributes.imageUrl, - disabledFeatures: savedObject.attributes.disabledFeatures ?? [], + disabledFeatures: withSpaceSolutionDisabledFeatures( + this.features.getKibanaFeatures(), + savedObject.attributes.disabledFeatures ?? [], + !this.isServerless ? savedObject.attributes.solution : undefined + ), _reserved: savedObject.attributes._reserved, ...(!this.isServerless ? { solution: savedObject.attributes.solution } : {}), } as v1.Space; diff --git a/x-pack/plugins/stack_alerts/server/feature.test.ts b/x-pack/plugins/stack_alerts/server/feature.test.ts index 8935a8a43c5d..769fad5172d6 100644 --- a/x-pack/plugins/stack_alerts/server/feature.test.ts +++ b/x-pack/plugins/stack_alerts/server/feature.test.ts @@ -27,26 +27,37 @@ describe('Stack Alerts Feature Privileges', () => { const featuresSetup = featuresPluginMock.createSetup(); plugin.setup(coreSetup, { alerting: alertingSetup, features: featuresSetup }); - const typesInFeaturePrivilege = BUILT_IN_ALERTS_FEATURE.alerting ?? []; - const typesInFeaturePrivilegeAll = - BUILT_IN_ALERTS_FEATURE.privileges?.all?.alerting?.rule?.all ?? []; - const typesInFeaturePrivilegeRead = - BUILT_IN_ALERTS_FEATURE.privileges?.read?.alerting?.rule?.read ?? []; - // transform alerting rule is initialized during the transform plugin setup - expect(alertingSetup.registerType.mock.calls.length).toEqual( - typesInFeaturePrivilege.length - 1 - ); - expect(alertingSetup.registerType.mock.calls.length).toEqual( - typesInFeaturePrivilegeAll.length - 1 - ); - expect(alertingSetup.registerType.mock.calls.length).toEqual( - typesInFeaturePrivilegeRead.length - 1 - ); + expect(BUILT_IN_ALERTS_FEATURE.alerting).toMatchInlineSnapshot(` + Array [ + ".index-threshold", + ".geo-containment", + ".es-query", + "transform_health", + "observability.rules.custom_threshold", + "xpack.ml.anomaly_detection_alert", + ] + `); - alertingSetup.registerType.mock.calls.forEach((call) => { - expect(typesInFeaturePrivilege.indexOf(call[0].id)).toBeGreaterThanOrEqual(0); - expect(typesInFeaturePrivilegeAll.indexOf(call[0].id)).toBeGreaterThanOrEqual(0); - expect(typesInFeaturePrivilegeRead.indexOf(call[0].id)).toBeGreaterThanOrEqual(0); - }); + expect(BUILT_IN_ALERTS_FEATURE.privileges?.all?.alerting?.rule?.all).toMatchInlineSnapshot(` + Array [ + ".index-threshold", + ".geo-containment", + ".es-query", + "transform_health", + "observability.rules.custom_threshold", + "xpack.ml.anomaly_detection_alert", + ] + `); + + expect(BUILT_IN_ALERTS_FEATURE.privileges?.read?.alerting?.rule?.read).toMatchInlineSnapshot(` + Array [ + ".index-threshold", + ".geo-containment", + ".es-query", + "transform_health", + "observability.rules.custom_threshold", + "xpack.ml.anomaly_detection_alert", + ] + `); }); }); diff --git a/x-pack/plugins/stack_alerts/server/feature.ts b/x-pack/plugins/stack_alerts/server/feature.ts index 8f3c809829c4..7130560b3232 100644 --- a/x-pack/plugins/stack_alerts/server/feature.ts +++ b/x-pack/plugins/stack_alerts/server/feature.ts @@ -9,7 +9,11 @@ import { i18n } from '@kbn/i18n'; import { KibanaFeatureConfig } from '@kbn/features-plugin/common'; import { DEFAULT_APP_CATEGORIES } from '@kbn/core/server'; import { TRANSFORM_RULE_TYPE } from '@kbn/transform-plugin/common'; -import { STACK_ALERTS_FEATURE_ID } from '@kbn/rule-data-utils'; +import { + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + STACK_ALERTS_FEATURE_ID, +} from '@kbn/rule-data-utils'; import { ES_QUERY_ID as ElasticsearchQuery } from '@kbn/rule-data-utils'; import { KibanaFeatureScope } from '@kbn/features-plugin/common'; import { ID as IndexThreshold } from './rule_types/index_threshold/rule_type'; @@ -28,7 +32,14 @@ export const BUILT_IN_ALERTS_FEATURE: KibanaFeatureConfig = { management: { insightsAndAlerting: ['triggersActions'], }, - alerting: [IndexThreshold, GeoContainment, ElasticsearchQuery, TransformHealth], + alerting: [ + IndexThreshold, + GeoContainment, + ElasticsearchQuery, + TransformHealth, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + ], privileges: { all: { app: [], @@ -38,10 +49,24 @@ export const BUILT_IN_ALERTS_FEATURE: KibanaFeatureConfig = { }, alerting: { rule: { - all: [IndexThreshold, GeoContainment, ElasticsearchQuery, TransformHealth], + all: [ + IndexThreshold, + GeoContainment, + ElasticsearchQuery, + TransformHealth, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + ], }, alert: { - all: [IndexThreshold, GeoContainment, ElasticsearchQuery, TransformHealth], + all: [ + IndexThreshold, + GeoContainment, + ElasticsearchQuery, + TransformHealth, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + ], }, }, savedObject: { @@ -59,10 +84,24 @@ export const BUILT_IN_ALERTS_FEATURE: KibanaFeatureConfig = { }, alerting: { rule: { - read: [IndexThreshold, GeoContainment, ElasticsearchQuery, TransformHealth], + read: [ + IndexThreshold, + GeoContainment, + ElasticsearchQuery, + TransformHealth, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + ], }, alert: { - read: [IndexThreshold, GeoContainment, ElasticsearchQuery, TransformHealth], + read: [ + IndexThreshold, + GeoContainment, + ElasticsearchQuery, + TransformHealth, + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + ], }, }, savedObject: { diff --git a/x-pack/plugins/stack_connectors/server/connector_types/gemini/gemini.ts b/x-pack/plugins/stack_connectors/server/connector_types/gemini/gemini.ts index 895dfe66d6de..10aedb52bc6b 100644 --- a/x-pack/plugins/stack_connectors/server/connector_types/gemini/gemini.ts +++ b/x-pack/plugins/stack_connectors/server/connector_types/gemini/gemini.ts @@ -395,9 +395,7 @@ const formatGeminiPayload = ({ temperature, maxOutputTokens: DEFAULT_TOKEN_LIMIT, }, - ...(systemInstruction - ? { system_instruction: { role: 'user', parts: [{ text: systemInstruction }] } } - : {}), + ...(systemInstruction ? { system_instruction: { parts: [{ text: systemInstruction }] } } : {}), ...(toolConfig ? { tool_config: { diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 12edc566ff06..16fa02e3ca01 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -6923,7 +6923,6 @@ "searchIndexDocuments.documentList.resultLimit": "Seuls les {number} premiers résultats sont disponibles pour la pagination. Veuillez utiliser la barre de recherche pour filtrer vos résultats.", "searchIndexDocuments.documentList.resultLimitTitle": "Les résultats sont limités à {number} documents", "searchIndexDocuments.documents.searchField.placeholder": "Rechercher des documents dans cet index", - "searchIndexDocuments.documents.title": "Parcourir des documents", "searchIndexDocuments.result.expandTooltip.allVisible": "Tous les champs sont visibles", "searchIndexDocuments.result.expandTooltip.showFewer": "Afficher {amount} champs en moins", "searchIndexDocuments.result.expandTooltip.showMore": "Afficher {amount} champs en plus", @@ -10775,8 +10774,6 @@ "xpack.apm.onboarding.shared_clients.configure.commands.serviceEnvironmentHint": "Le nom de l'environnement dans lequel ce service est déployé, par exemple \"production\" ou \"test\". Les environnements vous permettent de facilement filtrer les données à un niveau global dans l'interface utilisateur APM. Il est important de garantir la cohérence des noms d'environnements entre les différents agents.", "xpack.apm.onboarding.shared_clients.configure.commands.serviceNameHint": "Le nom de service est le filtre principal dans l'interface utilisateur APM et est utilisé pour regrouper les erreurs et suivre les données ensemble. Caractères autorisés : a-z, A-Z, 0-9, -, _ et espace.", "xpack.apm.onboarding.specProvider.longDescription": "Le monitoring des performances applicatives (APM) collecte les indicateurs et les erreurs de performance approfondies depuis votre application. Cela vous permet de monitorer les performances de milliers d'applications en temps réel. {learnMoreLink}.", - "xpack.apm.pages.alertDetails.alertSummary.actualValue": "Valeur réelle", - "xpack.apm.pages.alertDetails.alertSummary.expectedValue": "Valeur attendue", "xpack.apm.percentOfParent": "({value} de {parentType, select, transaction { transaction } trace {trace} other {parentType inconnu} })", "xpack.apm.profiling.callout.description": "Universal Profiling fournit une visibilité sans précédent du code au milieu du comportement en cours d'exécution de toutes les applications. La fonctionnalité profile chaque ligne de code chez le ou les hôtes qui exécutent vos services, y compris votre code applicatif, le kernel et même les bibliothèque tierces.", "xpack.apm.profiling.callout.dismiss": "Rejeter", @@ -17032,10 +17029,6 @@ "xpack.enterpriseSearch.content.supportedLanguages.spanishLabel": "Espagnol", "xpack.enterpriseSearch.content.supportedLanguages.thaiLabel": "Thaï", "xpack.enterpriseSearch.content.supportedLanguages.universalLabel": "Universel", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.accessControl.label": "Synchronisations de contrôle d'accès", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.content.label": "Synchronisations de contenu", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.legend": "Sélectionnez le type de tâche de synchronisation à afficher.", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.name": "Type de tâche de synchronisation", "xpack.enterpriseSearch.crawler.action.deleteDomain.confirmationPopupMessage": "Voulez-vous vraiment supprimer le domaine \"{domainUrl}\" et tous ses paramètres ?", "xpack.enterpriseSearch.crawler.addDomainFlyout.description": "Vous pouvez ajouter plusieurs domaines au robot d'indexation de cet index. Ajoutez un autre domaine ici et modifiez les points d'entrée et les règles d'indexation à partir de la page \"Gérer\".", "xpack.enterpriseSearch.crawler.addDomainFlyout.openButtonLabel": "Ajouter un domaine", @@ -17310,7 +17303,6 @@ "xpack.enterpriseSearch.index.connector.syncRules.invalidTitle": "Les ébauches de règles de synchronisation ne sont pas valides", "xpack.enterpriseSearch.index.connector.syncRules.successCallout.applyDraftRulesTitle": "Activer les ébauches de règles", "xpack.enterpriseSearch.index.connector.syncRules.syncRulesLabel": "En savoir plus sur les règles de synchronisation", - "xpack.enterpriseSearch.index.connector.syncRules.title": "Règles de synchronisation ", "xpack.enterpriseSearch.index.connector.syncRules.unsavedChanges": "Vos modifications n'ont pas été enregistrées. Voulez-vous vraiment quitter ?", "xpack.enterpriseSearch.index.connector.syncRules.validatedDescription": "Activez les ébauches de règles pour qu'elles prennent effet à la prochaine synchronisation.", "xpack.enterpriseSearch.index.connector.syncRules.validateDraftTitle": "Enregistrer et valider l'ébauche", @@ -32068,9 +32060,6 @@ "xpack.observability.alertDetailContextualInsights.InsightButtonLabel": "Aidez moi à comprendre cette alerte", "xpack.observability.alertDetails.actionsButtonLabel": "Actions", "xpack.observability.alertDetails.addToCase": "Ajouter au cas", - "xpack.observability.alertDetails.alertSummaryField.rule": "Règle", - "xpack.observability.alertDetails.alertSummaryField.source": "Source", - "xpack.observability.alertDetails.alertSummaryField.tags": "Balises", "xpack.observability.alertDetails.editRule": "Modifier la règle", "xpack.observability.alertDetails.editSnoozeRule": "Répéter la règle", "xpack.observability.alertDetails.errorPromptBody": "Une erreur s'est produite lors du chargement des détails de l'alerte.", @@ -41234,7 +41223,6 @@ "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInHours": "{duration} dernières heures", "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInMinutes": "{duration} dernières minutes", "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInSeconds": "{duration} dernières secondes", - "xpack.slo.burnRateRule.alertDetailsAppSection.summaryField.slo": "SLO", "xpack.slo.burnRateRuleEditor.h5.chooseASLOToMonitorLabel": "Choisir un SLO pour monitorer", "xpack.slo.burnRateRuleEditor.h5.defineMultipleBurnRateLabel": "Définir des fenêtres du taux d'avancement multiples", "xpack.slo.burnRates.fromRange.label": "{duration}h", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index a4b26a4fb4cf..92f2c3aec097 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -6677,7 +6677,6 @@ "searchIndexDocuments.documentList.resultLimit": "最初の{number}件の結果のみがページ制御できます。結果を絞り込むには、検索バーを使用してください。", "searchIndexDocuments.documentList.resultLimitTitle": "結果は{number}ドキュメントに制限されています。", "searchIndexDocuments.documents.searchField.placeholder": "このインデックスでドキュメントを検索", - "searchIndexDocuments.documents.title": "ドキュメントを参照", "searchIndexDocuments.result.expandTooltip.allVisible": "すべてのフィールドが表示されます", "searchIndexDocuments.result.expandTooltip.showFewer": "表示するフィールド数を{amount}個減らす", "searchIndexDocuments.result.expandTooltip.showMore": "表示するフィールド数を{amount}個増やす", @@ -10524,8 +10523,6 @@ "xpack.apm.onboarding.shared_clients.configure.commands.serviceEnvironmentHint": "このサービスがデプロイされている環境の名前(例:「本番」、「ステージング」)。環境では、APM UIでグローバルレベルで簡単にデータをフィルタリングできます。すべてのエージェントで環境の命名方法を統一することが重要です。", "xpack.apm.onboarding.shared_clients.configure.commands.serviceNameHint": "このサービス名はAPM UIの主フィルターであり、エラーとトレースデータをグループ化するために使用されます。使用できる文字はA-Z、0-9、-、_、スペースです。", "xpack.apm.onboarding.specProvider.longDescription": "アプリケーションパフォーマンスモニタリング(APM)は、アプリケーション内から詳細なパフォーマンスメトリックやエラーを収集します。何千ものアプリケーションのパフォーマンスをリアルタイムで監視できます。{learnMoreLink}。", - "xpack.apm.pages.alertDetails.alertSummary.actualValue": "実際の値", - "xpack.apm.pages.alertDetails.alertSummary.expectedValue": "想定された値", "xpack.apm.percentOfParent": "({value} of {parentType, select, transaction { トランザクション } trace {トレース} other {不明なparentType} })", "xpack.apm.profiling.callout.description": "ユニバーサルプロファイリングは、すべてのアプリケーションの実行時の動作に関して、かつてないほどコードを可視化します。アプリケーションコードだけでなく、カーネルやサードパーティライブラリも含め、サービスを実行するホスト上のすべてのコード行をプロファイリングします。", "xpack.apm.profiling.callout.dismiss": "閉じる", @@ -16778,10 +16775,6 @@ "xpack.enterpriseSearch.content.supportedLanguages.spanishLabel": "スペイン語", "xpack.enterpriseSearch.content.supportedLanguages.thaiLabel": "タイ語", "xpack.enterpriseSearch.content.supportedLanguages.universalLabel": "ユニバーサル", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.accessControl.label": "アクセス制御同期", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.content.label": "コンテンツ同期", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.legend": "表示する同期ジョブタイプを選択します。", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.name": "同期ジョブタイプ", "xpack.enterpriseSearch.crawler.action.deleteDomain.confirmationPopupMessage": "ドメイン\"{domainUrl}\"とすべての設定を削除しますか?", "xpack.enterpriseSearch.crawler.addDomainFlyout.description": "複数のドメインをこのインデックスのWebクローラーに追加できます。ここで別のドメインを追加して、[管理]ページからエントリポイントとクロールルールを変更します。", "xpack.enterpriseSearch.crawler.addDomainFlyout.openButtonLabel": "ドメインを追加", @@ -17056,7 +17049,6 @@ "xpack.enterpriseSearch.index.connector.syncRules.invalidTitle": "ドラフト同期ルールが無効です", "xpack.enterpriseSearch.index.connector.syncRules.successCallout.applyDraftRulesTitle": "ドラフトルールをアクティブ化", "xpack.enterpriseSearch.index.connector.syncRules.syncRulesLabel": "同期ルールの詳細", - "xpack.enterpriseSearch.index.connector.syncRules.title": "同期ルール ", "xpack.enterpriseSearch.index.connector.syncRules.unsavedChanges": "変更は保存されていません。終了してよろしいですか?", "xpack.enterpriseSearch.index.connector.syncRules.validatedDescription": "ドラフトルールをアクティブ化し、次回の同期で有効にします。", "xpack.enterpriseSearch.index.connector.syncRules.validateDraftTitle": "ドラフトを保存して検証", @@ -31812,9 +31804,6 @@ "xpack.observability.alertDetailContextualInsights.InsightButtonLabel": "このアラートを理解できるように支援してください", "xpack.observability.alertDetails.actionsButtonLabel": "アクション", "xpack.observability.alertDetails.addToCase": "ケースに追加", - "xpack.observability.alertDetails.alertSummaryField.rule": "ルール", - "xpack.observability.alertDetails.alertSummaryField.source": "送信元", - "xpack.observability.alertDetails.alertSummaryField.tags": "タグ", "xpack.observability.alertDetails.editRule": "ルールを編集", "xpack.observability.alertDetails.editSnoozeRule": "ルールをスヌーズ", "xpack.observability.alertDetails.errorPromptBody": "アラート詳細の読み込みエラーが発生しました。", @@ -40978,7 +40967,6 @@ "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInHours": "過去{duration}時間", "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInMinutes": "過去{duration}分", "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInSeconds": "過去{duration}秒", - "xpack.slo.burnRateRule.alertDetailsAppSection.summaryField.slo": "SLO", "xpack.slo.burnRateRule.name": "{name}バーンレートルール", "xpack.slo.burnRateRuleEditor.h5.chooseASLOToMonitorLabel": "監視するSLOを選択", "xpack.slo.burnRateRuleEditor.h5.defineMultipleBurnRateLabel": "複数のバーンレート時間枠を定義", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index d433d6252575..1d8aca247627 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -6691,7 +6691,6 @@ "searchIndexDocuments.documentList.resultLimit": "仅前 {number} 个结果可用于分页。请使用搜索栏筛选结果。", "searchIndexDocuments.documentList.resultLimitTitle": "结果仅限于 {number} 个文档", "searchIndexDocuments.documents.searchField.placeholder": "在此索引中搜索文档", - "searchIndexDocuments.documents.title": "浏览文档", "searchIndexDocuments.result.expandTooltip.allVisible": "所有字段均可见", "searchIndexDocuments.result.expandTooltip.showFewer": "显示少于 {amount} 个字段", "searchIndexDocuments.result.expandTooltip.showMore": "显示多于 {amount} 个字段", @@ -10546,8 +10545,6 @@ "xpack.apm.onboarding.shared_clients.configure.commands.serviceEnvironmentHint": "在其中部署此服务的环境的名称,如“生产”或“暂存”。在 APM UI 中,您可以通过环境在全局级别轻松筛选数据。跨代理命名环境时,保持一致至关重要。", "xpack.apm.onboarding.shared_clients.configure.commands.serviceNameHint": "服务名称是 APM UI 中的初级筛选,用于分组错误并跟踪数据。允许使用的字符包括 a-z、A-Z、0-9、-、_ 和空格。", "xpack.apm.onboarding.specProvider.longDescription": "应用程序性能监测 (APM) 从您的应用程序内收集深入全面的性能指标和错误。其允许您实时监测数以千计的应用程序的性能。{learnMoreLink}。", - "xpack.apm.pages.alertDetails.alertSummary.actualValue": "实际值", - "xpack.apm.pages.alertDetails.alertSummary.expectedValue": "预期值", "xpack.apm.percentOfParent": "({parentType, select, transaction {事务} trace {追溯} other {parentType 未知}}的 {value})", "xpack.apm.profiling.callout.description": "Universal Profiling 为所有应用程序的运行时行为提供了前所未有的代码可见性。它会剖析运行服务的主机上的每一行代码,不仅包括您的应用程序代码,而且包括内核和第三方库。", "xpack.apm.profiling.callout.dismiss": "关闭", @@ -16807,10 +16804,6 @@ "xpack.enterpriseSearch.content.supportedLanguages.spanishLabel": "西班牙语", "xpack.enterpriseSearch.content.supportedLanguages.thaiLabel": "泰语", "xpack.enterpriseSearch.content.supportedLanguages.universalLabel": "通用", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.accessControl.label": "访问控制同步", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.content.label": "内容同步", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.legend": "选择要显示的同步作业类型。", - "xpack.enterpriseSearch.content.syncJobs.lastSync.tableSelector.name": "同步作业类型", "xpack.enterpriseSearch.crawler.action.deleteDomain.confirmationPopupMessage": "确定要移除域“{domainUrl}”和其所有设置?", "xpack.enterpriseSearch.crawler.addDomainFlyout.description": "可以将多个域添加到此索引的网络爬虫。在此添加其他域并从“管理”页面修改入口点和爬网规则。", "xpack.enterpriseSearch.crawler.addDomainFlyout.openButtonLabel": "添加域", @@ -17085,7 +17078,6 @@ "xpack.enterpriseSearch.index.connector.syncRules.invalidTitle": "同步规则草案无效", "xpack.enterpriseSearch.index.connector.syncRules.successCallout.applyDraftRulesTitle": "激活规则草案", "xpack.enterpriseSearch.index.connector.syncRules.syncRulesLabel": "详细了解同步规则", - "xpack.enterpriseSearch.index.connector.syncRules.title": "同步规则 ", "xpack.enterpriseSearch.index.connector.syncRules.unsavedChanges": "您的更改尚未更改。是否确定要离开?", "xpack.enterpriseSearch.index.connector.syncRules.validatedDescription": "激活规则草案以在下次同步时生效。", "xpack.enterpriseSearch.index.connector.syncRules.validateDraftTitle": "保存并验证草案", @@ -31855,9 +31847,6 @@ "xpack.observability.alertDetailContextualInsights.InsightButtonLabel": "帮助我了解此告警", "xpack.observability.alertDetails.actionsButtonLabel": "操作", "xpack.observability.alertDetails.addToCase": "添加到案例", - "xpack.observability.alertDetails.alertSummaryField.rule": "规则", - "xpack.observability.alertDetails.alertSummaryField.source": "源", - "xpack.observability.alertDetails.alertSummaryField.tags": "标签", "xpack.observability.alertDetails.editRule": "编辑规则", "xpack.observability.alertDetails.editSnoozeRule": "暂停规则", "xpack.observability.alertDetails.errorPromptBody": "加载告警详情时出错。", @@ -41024,7 +41013,6 @@ "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInHours": "过去 {duration} 小时", "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInMinutes": "过去 {duration} 分钟", "xpack.slo.burnRateRule.alertDetailsAppSection.lastDurationInSeconds": "过去 {duration} 秒", - "xpack.slo.burnRateRule.alertDetailsAppSection.summaryField.slo": "SLO", "xpack.slo.burnRateRule.name": "{name} 消耗速度规则", "xpack.slo.burnRateRuleEditor.h5.chooseASLOToMonitorLabel": "选择要监测的 SLO", "xpack.slo.burnRateRuleEditor.h5.defineMultipleBurnRateLabel": "定义多个消耗速度窗口", diff --git a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/url_synced_alerts_search_bar.tsx b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/url_synced_alerts_search_bar.tsx index 71594e3206ff..de89eb971573 100644 --- a/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/url_synced_alerts_search_bar.tsx +++ b/x-pack/plugins/triggers_actions_ui/public/application/sections/alerts_search_bar/url_synced_alerts_search_bar.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import React, { useCallback, useEffect, useState } from 'react'; +import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { BoolQuery } from '@kbn/es-query'; import { AlertConsumers } from '@kbn/rule-data-utils'; import { i18n } from '@kbn/i18n'; @@ -61,17 +61,23 @@ export const UrlSyncedAlertsSearchBar = ({ const [spaceId, setSpaceId] = useState(); const { + // KQL bar query kuery, onKueryChange, + // KQL bar filters filters, onFiltersChange, + // Controls bar filters controlFilters, onControlFiltersChange, + // Time range rangeFrom, onRangeFromChange, rangeTo, onRangeToChange, + // Controls bar configuration filterControls, + // Saved KQL query savedQuery, setSavedQuery, clearSavedQuery, @@ -131,6 +137,11 @@ export const UrlSyncedAlertsSearchBar = ({ [onKueryChange, onRangeFromChange, onRangeToChange, setSavedQuery, timeFilterService] ); + const filterControlsStorageKey = useMemo( + () => ['alertsSearchBar', spaceId, 'filterControls'].filter(Boolean).join('.'), + [spaceId] + ); + return ( <> { + const ruleTypes = [ + [ + ES_QUERY_ID, + { + searchType: 'esQuery', + timeWindowSize: 5, + timeWindowUnit: 'm', + threshold: [1000], + thresholdComparator: '>', + size: 100, + esQuery: '{\n "query":{\n "match_all" : {}\n }\n }', + aggType: 'count', + groupBy: 'all', + termSize: 5, + excludeHitsFromPreviousRun: false, + sourceFields: [], + index: ['.kibana'], + timeField: 'created_at', + }, + ], + [ + OBSERVABILITY_THRESHOLD_RULE_TYPE_ID, + { + criteria: [ + { + comparator: '>', + metrics: [ + { + name: 'A', + aggType: 'count', + }, + ], + threshold: [100], + timeSize: 1, + timeUnit: 'm', + }, + ], + alertOnNoData: false, + alertOnGroupDisappear: false, + searchConfiguration: { + query: { + query: '', + language: 'kuery', + }, + index: 'kibana-event-log-data-view', + }, + }, + ], + [ + ML_ANOMALY_DETECTION_RULE_TYPE_ID, + { + severity: 75, + resultType: 'bucket', + includeInterim: false, + jobSelection: { + jobIds: ['low_request_rate'], + }, + }, + ], + ]; + + const createRule = async (rule = {}) => { + const { body: createdAlert } = await supertest + .post(`${getUrlPrefix('space1')}/api/alerting/rule`) + .set('kbn-xsrf', 'foo') + .send(getTestRuleData({ ...rule })) + .expect(200); + + objectRemover.add('space1', createdAlert.id, 'rule', 'alerting'); + }; + + for (const [ruleTypeId, params] of ruleTypes) { + it(`should get rules of ${ruleTypeId} rule type ID and stackAlerts consumer`, async () => { + /** + * We create two rules. The first one is a test.noop + * rule with stackAlerts as consumer. The second rule + * is has different rule type ID but with the same consumer as the first rule (stackAlerts). + * This way we can verify that the find API call returns only the rules the user is authorized to. + * Specifically only the second rule because the StackAlertsOnly user does not have + * access to the test.noop rule type. + */ + await createRule({ consumer: 'stackAlerts' }); + await createRule({ rule_type_id: ruleTypeId, params, consumer: 'stackAlerts' }); + + const response = await supertestWithoutAuth + .get(`${getUrlPrefix('space1')}/api/alerting/rules/_find`) + .auth(StackAlertsOnly.username, StackAlertsOnly.password); + + expect(response.statusCode).to.eql(200); + expect(response.body.total).to.equal(1); + expect(response.body.data[0].rule_type_id).to.equal(ruleTypeId); + expect(response.body.data[0].consumer).to.equal('stackAlerts'); + }); + } + + for (const [ruleTypeId, params] of ruleTypes) { + it(`should NOT get rules of ${ruleTypeId} rule type ID and NOT stackAlerts consumer`, async () => { + /** + * We create two rules with logs as consumer. The user is authorized to + * access rules only with the stackAlerts consumers. + */ + await createRule({ consumer: 'logs' }); + await createRule({ rule_type_id: ruleTypeId, params, consumer: 'logs' }); + + const response = await supertestWithoutAuth + .get(`${getUrlPrefix('space1')}/api/alerting/rules/_find`) + .auth(StackAlertsOnly.username, StackAlertsOnly.password); + + expect(response.statusCode).to.eql(200); + expect(response.body.total).to.equal(0); + }); + } + }); }); } diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/scenarios.ts b/x-pack/test/alerting_api_integration/security_and_spaces/scenarios.ts index a852657e0b89..fdb56a4fb501 100644 --- a/x-pack/test/alerting_api_integration/security_and_spaces/scenarios.ts +++ b/x-pack/test/alerting_api_integration/security_and_spaces/scenarios.ts @@ -190,6 +190,31 @@ const CasesAll: User = { }, }; +export const StackAlertsOnly: User = { + username: 'stack_alerts_only', + fullName: 'stack_alerts_only', + password: 'stack_alerts_only-password', + role: { + name: 'stack_alerts_only_role', + kibana: [ + { + feature: { + stackAlerts: ['all'], + }, + spaces: ['space1'], + }, + ], + elasticsearch: { + indices: [ + { + names: [`${ES_TEST_INDEX_NAME}*`], + privileges: ['all'], + }, + ], + }, + }, +}; + export const Users: User[] = [ NoKibanaPrivileges, Superuser, @@ -198,6 +223,7 @@ export const Users: User[] = [ Space1AllWithRestrictedFixture, Space1AllAlertingNoneActions, CasesAll, + StackAlertsOnly, ]; const Space1: Space = { @@ -256,14 +282,6 @@ const GlobalReadAtSpace1: GlobalReadAtSpace1 = { space: Space1, }; -interface Space1AllAtSpace1 extends Scenario { - id: 'space_1_all at space1'; -} -const Space1AllAtSpace1: Space1AllAtSpace1 = { - id: 'space_1_all at space1', - user: Space1All, - space: Space1, -}; interface Space1AllWithRestrictedFixtureAtSpace1 extends Scenario { id: 'space_1_all_with_restricted_fixture at space1'; } @@ -301,6 +319,15 @@ export const systemActionScenario: SystemActionSpace1 = { space: Space1, }; +interface Space1AllAtSpace1 extends Scenario { + id: 'space_1_all at space1'; +} +const Space1AllAtSpace1: Space1AllAtSpace1 = { + id: 'space_1_all at space1', + user: Space1All, + space: Space1, +}; + export const UserAtSpaceScenarios: [ NoKibanaPrivilegesAtSpace1, SuperuserAtSpace1, diff --git a/x-pack/test/api_integration/services/security_solution_api.gen.ts b/x-pack/test/api_integration/services/security_solution_api.gen.ts index aba6550ea9c3..c110ce8676ed 100644 --- a/x-pack/test/api_integration/services/security_solution_api.gen.ts +++ b/x-pack/test/api_integration/services/security_solution_api.gen.ts @@ -270,7 +270,7 @@ If asset criticality records already exist for the specified entities, those rec return supertest .delete(routeWithNamespace('/api/risk_score/engine/dangerously_delete_data', kibanaSpace)) .set('kbn-xsrf', 'true') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') + .set(ELASTIC_HTTP_VERSION_HEADER, '2023-10-31') .set(X_ELASTIC_INTERNAL_ORIGIN_REQUEST, 'kibana'); }, /** diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts index 3727c2ccbd50..0045a79ff439 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/esql_rule.cy.ts @@ -70,7 +70,7 @@ const workaroundForResizeObserver = () => describe( 'Detection ES|QL rules, creation', { - tags: ['@ess', '@serverless'], + tags: ['@ess', '@serverless', '@skipInServerlessMKI'], }, () => { const rule = getEsqlRule(); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts index 3243a2974836..11740c1f795f 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_creation/threshold_rule.cy.ts @@ -68,7 +68,7 @@ import { CREATE_RULE_URL } from '../../../../urls/navigation'; describe( 'Threshold rules', { - tags: ['@ess', '@serverless'], + tags: ['@ess', '@serverless', '@skipInServerlessMKI'], }, () => { const rule = getNewThresholdRule(); diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts index 0251a7e93590..e89e4b6afb81 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/detection_response/detection_engine/rule_edit/machine_learning_rule.cy.ts @@ -42,7 +42,7 @@ import { RULES_MANAGEMENT_URL } from '../../../../urls/rules_management'; describe( 'Machine Learning Detection Rules - Editing', { - tags: ['@ess', '@serverless'], + tags: ['@ess', '@serverless', '@skipInServerlessMKI'], }, () => { let mlRule: ReturnType; diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/vulnerabilities_contextual_flyout.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/vulnerabilities_contextual_flyout.cy.ts new file mode 100644 index 000000000000..04ba10c908df --- /dev/null +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/vulnerabilities_contextual_flyout.cy.ts @@ -0,0 +1,195 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN } from '@kbn/cloud-security-posture-common'; +import { createRule } from '../../../../tasks/api_calls/rules'; +import { getNewRule } from '../../../../objects/rule'; +import { getDataTestSubjectSelector } from '../../../../helpers/common'; + +import { rootRequest, deleteAlertsAndRules } from '../../../../tasks/api_calls/common'; +import { expandFirstAlertHostFlyout } from '../../../../tasks/asset_criticality/common'; +import { waitForAlertsToPopulate } from '../../../../tasks/create_new_rule'; +import { login } from '../../../../tasks/login'; +import { ALERTS_URL } from '../../../../urls/navigation'; +import { visit } from '../../../../tasks/navigation'; + +const CSP_INSIGHT_VULNERABILITIES_TITLE = getDataTestSubjectSelector( + 'securitySolutionFlyoutInsightsVulnerabilitiesTitleText' +); + +const NO_VULNERABILITIES_TEXT = getDataTestSubjectSelector('noVulnerabilitiesDataTestSubj'); + +const timestamp = Date.now(); + +// Create a Date object using the timestamp +const date = new Date(timestamp); + +// Convert the Date object to ISO 8601 format +const iso8601String = date.toISOString(); + +const getMockVulnerability = (isNameMatchesAlert: boolean) => { + return { + '@timestamp': iso8601String, + resource: { name: '634yfsdg2.dkr.ecr.eu-central-1.amazon.stage', id: 'ami_12328' }, + agent: { + name: 'ip-172-31-33-74', + type: 'cloudbeat', + version: '8.8.0', + ephemeral_id: '49f19e6a-94e9-4f2b-81e3-2f3794a74068', + id: 'd0313a94-c168-4d95-b1f0-97a388dac29a', + }, + cloud: { + availability_zone: 'eu-west-1c', + service: { name: 'EC2' }, + account: { id: '704479110758' }, + image: { id: 'ami-02dc8dbcc971f2c74' }, + provider: 'aws', + instance: { id: 'i-0fb7759c6e5d400cf' }, + machine: { type: 'c6g.medium' }, + region: 'eu-west-1', + }, + package: { fixed_version: '0.4.0', version: 'v0.2.0', name: 'golang.org/x/net' }, + vulnerability: { + published_date: '2022-08-10T00:00:00.000Z', + data_source: { + ID: 'go-vulndb', + Name: 'The Go Vulnerability Database', + URL: 'https://github.com/golang/vulndb', + }, + enumeration: 'CVE', + description: + 'An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.', + title: + 'golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests', + reference: 'https://avd.aquasec.com/nvd/cve-2022-41717', + severity: 'MEDIUM', + cvss: { + nvd: { V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L', V3Score: 5.3 }, + redhat: { V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L', V3Score: 5.3 }, + ghsa: { V3Vector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L', V3Score: 5.3 }, + }, + scanner: { vendor: 'Trivy' }, + score: { base: 5.3, version: '3.0' }, + cwe: ['CWE-770'], + id: 'CVE-2022-41717', + classification: 'CVSS', + }, + cloudbeat: { + commit_sha: 'b5c4b728f0a9268e7f2d195c00dad0320c8a74e6', + commit_time: '2023-03-30T07:47:06Z', + version: '8.8.0', + }, + event: { + category: ['vulnerability'], + created: '2023-03-30T10:27:35.013537768Z', + id: '5cfbcbe5-7f90-47b8-b1d4-7f79313b2a6d', + kind: 'state', + sequence: 1680172055, + outcome: 'success', + type: ['info'], + }, + ecs: { version: '8.0.0' }, + host: { + os: { + kernel: '5.15.0-1028-aws', + codename: 'jammy', + type: 'linux', + platform: 'ubuntu', + version: '22.04.1 LTS (Jammy Jellyfish)', + family: 'debian', + name: 'Ubuntu', + }, + id: 'ec2644f440799ed0cf8aa595a9a105cc', + containerized: false, + name: isNameMatchesAlert ? 'siem-kibana' : 'not-siem-kibana', + ip: ['172.31.33.74', 'fe80::85d:f0ff:fe91:c01b'], + mac: ['0A-5D-F0-91-C0-1B'], + hostname: 'ip-172-31-33-74', + architecture: 'aarch64', + }, + data_stream: { + dataset: 'cloud_security_posture.vulnerabilities', + }, + }; +}; + +const createMockVulnerability = (isNameMatchesAlert: boolean) => { + return rootRequest({ + method: 'POST', + url: `${Cypress.env( + 'ELASTICSEARCH_URL' + )}/${CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN}/_doc`, + body: getMockVulnerability(isNameMatchesAlert), + }); +}; + +const deleteDataStream = () => { + return rootRequest({ + method: 'DELETE', + url: `${Cypress.env( + 'ELASTICSEARCH_URL' + )}/_data_stream/${CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN}`, + }); +}; + +describe('Alert Host details expandable flyout', { tags: ['@ess', '@serverless'] }, () => { + beforeEach(() => { + deleteAlertsAndRules(); + login(); + createRule(getNewRule()); + visit(ALERTS_URL); + waitForAlertsToPopulate(); + }); + + context('No Vulnerabilities Findings', () => { + it('should not display Vulnerabilities preview under Insights Entities when it does not have Vulnerabilities Findings', () => { + expandFirstAlertHostFlyout(); + + cy.log('check if Vulnerabilities preview title is not shown'); + cy.get(CSP_INSIGHT_VULNERABILITIES_TITLE).should('not.exist'); + }); + }); + + context('Host name - Has Vulnerabilities findings', () => { + beforeEach(() => { + createMockVulnerability(true); + cy.reload(); + expandFirstAlertHostFlyout(); + }); + + afterEach(() => { + deleteDataStream(); + }); + + it('should display Vulnerabilities preview under Insights Entities when it has Vulnerabilities Findings', () => { + cy.log('check if Vulnerabilities preview title shown'); + cy.get(CSP_INSIGHT_VULNERABILITIES_TITLE).should('be.visible'); + }); + }); + + context( + 'Host name - Has Vulnerabilities findings but host name is not the same as alert host name', + () => { + beforeEach(() => { + createMockVulnerability(false); + cy.reload(); + expandFirstAlertHostFlyout(); + }); + + afterEach(() => { + deleteDataStream(); + }); + + it('should display Vulnerabilities preview under Insights Entities when it has Vulnerabilities Findings but it should show no vulnerabilities title', () => { + cy.log('check if Vulnerabilities preview title shown'); + cy.get(CSP_INSIGHT_VULNERABILITIES_TITLE).should('be.visible'); + cy.log('check if no vulnerabilities text is shown'); + cy.get(NO_VULNERABILITIES_TEXT).should('be.visible'); + }); + } + ); +}); diff --git a/x-pack/test/security_solution_cypress/cypress/tsconfig.json b/x-pack/test/security_solution_cypress/cypress/tsconfig.json index 36ef2376ec1a..b117f42efcea 100644 --- a/x-pack/test/security_solution_cypress/cypress/tsconfig.json +++ b/x-pack/test/security_solution_cypress/cypress/tsconfig.json @@ -44,5 +44,6 @@ "@kbn/securitysolution-endpoint-exceptions-common", "@kbn/repo-info", "@kbn/elastic-assistant-common", + "@kbn/cloud-security-posture-common", ] } diff --git a/x-pack/test/spaces_api_integration/common/fixtures/es_archiver/saved_objects/spaces/data.json b/x-pack/test/spaces_api_integration/common/fixtures/es_archiver/saved_objects/spaces/data.json index 01d4b4723029..fcf6043a3001 100644 --- a/x-pack/test/spaces_api_integration/common/fixtures/es_archiver/saved_objects/spaces/data.json +++ b/x-pack/test/spaces_api_integration/common/fixtures/es_archiver/saved_objects/spaces/data.json @@ -42,6 +42,29 @@ } } +{ + "type": "_doc", + "value": { + "id": "space:space_3", + "index": ".kibana", + "source": { + "space": { + "description": "This is the third test space", + "solution": "es", + "disabledFeatures": [], + "name": "Space 3" + }, + "type": "space", + "updated_at": "2017-09-21T18:49:16.270Z", + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "6.6.0", + "managed": false, + "references": [] + }, + "type": "_doc" + } +} + { "type": "_doc", "value": { diff --git a/x-pack/test/spaces_api_integration/common/lib/authentication.ts b/x-pack/test/spaces_api_integration/common/lib/authentication.ts index 6e76e46dc5ee..27f644c3f5cd 100644 --- a/x-pack/test/spaces_api_integration/common/lib/authentication.ts +++ b/x-pack/test/spaces_api_integration/common/lib/authentication.ts @@ -66,6 +66,14 @@ export const AUTHENTICATION = { username: 'a_kibana_rbac_space_1_2_read_user', password: 'password', }, + KIBANA_RBAC_SPACE_3_ALL_USER: { + username: 'a_kibana_rbac_space_3_all_user', + password: 'password', + }, + KIBANA_RBAC_SPACE_3_READ_USER: { + username: 'a_kibana_rbac_space_3_read_user', + password: 'password', + }, KIBANA_RBAC_DEFAULT_SPACE_SAVED_OBJECTS_ALL_USER: { username: 'a_kibana_rbac_default_space_saved_objects_all_user', password: 'password', diff --git a/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts b/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts index 58ef5ba9f948..b66c4a02a5bd 100644 --- a/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts +++ b/x-pack/test/spaces_api_integration/common/lib/create_users_and_roles.ts @@ -184,6 +184,30 @@ export const createUsersAndRoles = async (es: Client, supertest: SuperTestAgent) }) .expect(204); + await supertest + .put('/api/security/role/kibana_rbac_space_3_all_user') + .send({ + kibana: [ + { + base: ['all'], + spaces: ['space_3'], + }, + ], + }) + .expect(204); + + await supertest + .put('/api/security/role/kibana_rbac_space_3_read_user') + .send({ + kibana: [ + { + base: ['read'], + spaces: ['space_3'], + }, + ], + }) + .expect(204); + await supertest .put('/api/security/role/kibana_rbac_default_space_saved_objects_all_user') .send({ @@ -344,6 +368,26 @@ export const createUsersAndRoles = async (es: Client, supertest: SuperTestAgent) }, }); + await es.security.putUser({ + username: AUTHENTICATION.KIBANA_RBAC_SPACE_3_ALL_USER.username, + body: { + password: AUTHENTICATION.KIBANA_RBAC_SPACE_3_ALL_USER.password, + roles: ['kibana_rbac_space_3_all_user'], + full_name: 'a kibana rbac space 3 all user', + email: 'a_kibana_rbac_space_3_all_user@elastic.co', + }, + }); + + await es.security.putUser({ + username: AUTHENTICATION.KIBANA_RBAC_SPACE_3_READ_USER.username, + body: { + password: AUTHENTICATION.KIBANA_RBAC_SPACE_3_READ_USER.password, + roles: ['kibana_rbac_space_3_read_user'], + full_name: 'a kibana rbac space 3 read-only user', + email: 'a_kibana_rbac_space_3_readonly_user@elastic.co', + }, + }); + await es.security.putUser({ username: AUTHENTICATION.KIBANA_RBAC_SPACE_2_ALL_USER.username, body: { diff --git a/x-pack/test/spaces_api_integration/common/lib/spaces.ts b/x-pack/test/spaces_api_integration/common/lib/spaces.ts index 75a1e518452b..c61b7646233e 100644 --- a/x-pack/test/spaces_api_integration/common/lib/spaces.ts +++ b/x-pack/test/spaces_api_integration/common/lib/spaces.ts @@ -12,6 +12,9 @@ export const SPACES = { SPACE_2: { spaceId: 'space_2', }, + SPACE_3: { + spaceId: 'space_3', + }, DEFAULT: { spaceId: 'default', }, diff --git a/x-pack/test/spaces_api_integration/common/suites/create.ts b/x-pack/test/spaces_api_integration/common/suites/create.ts index fc2bd1b841cc..ce3113ec9639 100644 --- a/x-pack/test/spaces_api_integration/common/suites/create.ts +++ b/x-pack/test/spaces_api_integration/common/suites/create.ts @@ -65,14 +65,32 @@ export function createTestSuiteFactory(esArchiver: any, supertest: SuperTest) => { - expect(resp.body).to.eql({ + const disabledFeatures = resp.body.disabledFeatures.sort(); + + const expected = { id: 'solution', name: 'space with solution', description: 'a description', color: '#5c5959', - disabledFeatures: [], + disabledFeatures: [ + // Disabled features are automatically added to the space when a solution is set + 'apm', + 'infrastructure', + 'inventory', + 'logs', + 'observabilityAIAssistant', + 'observabilityCases', + 'securitySolutionAssistant', + 'securitySolutionAttackDiscovery', + 'securitySolutionCases', + 'siem', + 'slo', + 'uptime', + ], solution: 'es', - }); + }; + + expect({ ...resp.body, disabledFeatures }).to.eql(expected); }; const makeCreateTest = diff --git a/x-pack/test/spaces_api_integration/common/suites/delete.ts b/x-pack/test/spaces_api_integration/common/suites/delete.ts index b1ad6241e11d..fd04b79fd1ef 100644 --- a/x-pack/test/spaces_api_integration/common/suites/delete.ts +++ b/x-pack/test/spaces_api_integration/common/suites/delete.ts @@ -62,14 +62,14 @@ export function deleteTestSuiteFactory(es: Client, esArchiver: any, supertest: S const expectedBuckets = [ { key: 'default', - doc_count: 9, + doc_count: 10, countByType: { doc_count_error_upper_bound: 0, sum_other_doc_count: 0, buckets: [ + { key: 'space', doc_count: 3 }, // since space objects are namespace-agnostic, they appear in the "default" agg bucket { key: 'visualization', doc_count: 3 }, { key: 'legacy-url-alias', doc_count: 2 }, // aliases (1) - { key: 'space', doc_count: 2 }, // since space objects are namespace-agnostic, they appear in the "default" agg bucket { key: 'dashboard', doc_count: 1 }, { key: 'index-pattern', doc_count: 1 }, ], @@ -182,7 +182,7 @@ export function deleteTestSuiteFactory(es: Client, esArchiver: any, supertest: S describe(`when the space doesn't exist`, () => { it(`should return ${tests.doesntExist.statusCode} ${scenario}`, async () => { return supertest - .delete(`${urlPrefix}/api/spaces/space/space_3`) + .delete(`${urlPrefix}/api/spaces/space/space_7`) .auth(user.username, user.password) .expect(tests.doesntExist.statusCode) .then(tests.doesntExist.response); diff --git a/x-pack/test/spaces_api_integration/common/suites/get.ts b/x-pack/test/spaces_api_integration/common/suites/get.ts index 6956599ae40a..a733bd21c5fc 100644 --- a/x-pack/test/spaces_api_integration/common/suites/get.ts +++ b/x-pack/test/spaces_api_integration/common/suites/get.ts @@ -71,8 +71,37 @@ export function getTestSuiteFactory(esArchiver: any, supertest: SuperAgent) description: 'This is the second test space', disabledFeatures: [], }, + { + id: 'space_3', + name: 'Space 3', + description: 'This is the third test space', + solution: 'es', + disabledFeatures: [ + // Disabled features are automatically added to the space when a solution is set + 'apm', + 'infrastructure', + 'inventory', + 'logs', + 'observabilityAIAssistant', + 'observabilityCases', + 'securitySolutionAssistant', + 'securitySolutionAttackDiscovery', + 'securitySolutionCases', + 'siem', + 'slo', + 'uptime', + ], + }, ]; - expect(resp.body).to.eql(allSpaces.find((space) => space.id === spaceId)); + + const disabledFeatures = (resp.body.disabledFeatures ?? []).sort(); + + const expectedSpace = allSpaces.find((space) => space.id === spaceId); + if (expectedSpace) { + expectedSpace.disabledFeatures.sort(); + } + + expect({ ...resp.body, disabledFeatures }).to.eql(expectedSpace); }; const makeGetTest = diff --git a/x-pack/test/spaces_api_integration/common/suites/get_all.ts b/x-pack/test/spaces_api_integration/common/suites/get_all.ts index 5452624f7764..88625c3d9b51 100644 --- a/x-pack/test/spaces_api_integration/common/suites/get_all.ts +++ b/x-pack/test/spaces_api_integration/common/suites/get_all.ts @@ -35,7 +35,17 @@ interface AuthorizedPurposes { shareSavedObjectsIntoSpace: boolean; } -const ALL_SPACE_RESULTS = [ +interface Space { + id: string; + name: string; + color?: string; + description: string; + solution?: string; + _reserved?: boolean; + disabledFeatures: string[]; +} + +const ALL_SPACE_RESULTS: Space[] = [ { id: 'default', name: 'Default', @@ -56,14 +66,42 @@ const ALL_SPACE_RESULTS = [ description: 'This is the second test space', disabledFeatures: [], }, + { + id: 'space_3', + name: 'Space 3', + description: 'This is the third test space', + solution: 'es', + disabledFeatures: [ + // Disabled features are automatically added to the space when a solution is set + 'apm', + 'infrastructure', + 'inventory', + 'logs', + 'observabilityAIAssistant', + 'observabilityCases', + 'securitySolutionAssistant', + 'securitySolutionAttackDiscovery', + 'securitySolutionCases', + 'siem', + 'slo', + 'uptime', + ], + }, ]; +const sortDisabledFeatures = (space: Space) => { + return { + ...space, + disabledFeatures: [...space.disabledFeatures].sort(), + }; +}; + export function getAllTestSuiteFactory(esArchiver: any, supertest: SuperTest) { const createExpectResults = (...spaceIds: string[]) => (resp: { [key: string]: any }) => { const expectedBody = ALL_SPACE_RESULTS.filter((entry) => spaceIds.includes(entry.id)); - expect(resp.body).to.eql(expectedBody); + expect(resp.body.map(sortDisabledFeatures)).to.eql(expectedBody.map(sortDisabledFeatures)); }; const createExpectAllPurposesResults = @@ -72,7 +110,7 @@ export function getAllTestSuiteFactory(esArchiver: any, supertest: SuperTest spaceIds.includes(entry.id)).map( (x) => ({ ...x, authorizedPurposes }) ); - expect(resp.body).to.eql(expectedBody); + expect(resp.body.map(sortDisabledFeatures)).to.eql(expectedBody.map(sortDisabledFeatures)); }; const expectEmptyResult = (resp: { [key: string]: any }) => { diff --git a/x-pack/test/spaces_api_integration/security_and_spaces/apis/get.ts b/x-pack/test/spaces_api_integration/security_and_spaces/apis/get.ts index 122a9218555f..7354138b7987 100644 --- a/x-pack/test/spaces_api_integration/security_and_spaces/apis/get.ts +++ b/x-pack/test/spaces_api_integration/security_and_spaces/apis/get.ts @@ -58,6 +58,22 @@ export default function getSpaceTestSuite({ getService }: FtrProviderContext) { dualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, }, }, + { + spaceId: SPACES.SPACE_3.spaceId, // This space has a solution set and we expect disabledFeatures to be automatically set + otherSpaceId: SPACES.DEFAULT.spaceId, + users: { + noAccess: AUTHENTICATION.NOT_A_KIBANA_USER, + superuser: AUTHENTICATION.SUPERUSER, + allGlobally: AUTHENTICATION.KIBANA_RBAC_USER, + readGlobally: AUTHENTICATION.KIBANA_RBAC_DASHBOARD_ONLY_USER, + allAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_3_ALL_USER, + readAtSpace: AUTHENTICATION.KIBANA_RBAC_SPACE_3_READ_USER, + allAtOtherSpace: AUTHENTICATION.KIBANA_RBAC_DEFAULT_SPACE_ALL_USER, + legacyAll: AUTHENTICATION.KIBANA_LEGACY_USER, + dualAll: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_USER, + dualRead: AUTHENTICATION.KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER, + }, + }, ].forEach((scenario) => { getTest(`user with no access`, { currentSpaceId: scenario.spaceId, diff --git a/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts b/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts index 992ab6c7028a..d2c3b8be03be 100644 --- a/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts +++ b/x-pack/test/spaces_api_integration/security_and_spaces/apis/get_all.ts @@ -119,15 +119,15 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext tests: { exists: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, copySavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, shareSavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, includeAuthorizedPurposes: { statusCode: 200, @@ -135,7 +135,8 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext authorizedAll, 'default', 'space_1', - 'space_2' + 'space_2', + 'space_3' ), }, }, @@ -147,15 +148,15 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext tests: { exists: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, copySavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, shareSavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, includeAuthorizedPurposes: { statusCode: 200, @@ -163,7 +164,8 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext authorizedAll, 'default', 'space_1', - 'space_2' + 'space_2', + 'space_3' ), }, }, @@ -175,15 +177,15 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext tests: { exists: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, copySavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, shareSavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, includeAuthorizedPurposes: { statusCode: 200, @@ -191,7 +193,8 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext authorizedAll, 'default', 'space_1', - 'space_2' + 'space_2', + 'space_3' ), }, }, @@ -226,7 +229,7 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext tests: { exists: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, copySavedObjectsPurpose: { statusCode: 403, @@ -242,7 +245,8 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext authorizedRead, 'default', 'space_1', - 'space_2' + 'space_2', + 'space_3' ), }, }, @@ -254,7 +258,7 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext tests: { exists: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, copySavedObjectsPurpose: { statusCode: 403, @@ -270,7 +274,8 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext authorizedRead, 'default', 'space_1', - 'space_2' + 'space_2', + 'space_3' ), }, }, diff --git a/x-pack/test/spaces_api_integration/spaces_only/apis/get_all.ts b/x-pack/test/spaces_api_integration/spaces_only/apis/get_all.ts index 46ddb5946194..6331c843649f 100644 --- a/x-pack/test/spaces_api_integration/spaces_only/apis/get_all.ts +++ b/x-pack/test/spaces_api_integration/spaces_only/apis/get_all.ts @@ -34,19 +34,19 @@ export default function getAllSpacesTestSuite({ getService }: FtrProviderContext tests: { exists: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, copySavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, shareSavedObjectsPurpose: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, includeAuthorizedPurposes: { statusCode: 200, - response: createExpectResults('default', 'space_1', 'space_2'), + response: createExpectResults('default', 'space_1', 'space_2', 'space_3'), }, }, }); diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts index 4b4bb77b8f59..f6028c11f734 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/dataset_quality_api_integration/data_stream_details.ts @@ -100,7 +100,7 @@ export default function ({ getService }: DatasetQualityFtrContextProvider) { it('returns "sizeBytes" correctly', async () => { // Metering stats api is cached and refreshed every 30 seconds - await retry.waitForWithTimeout('Metering stats cache is refreshed', 31000, async () => { + await retry.waitForWithTimeout('Metering stats cache is refreshed', 45000, async () => { const detailsResponse = await callApi( `${type}-${dataset}-${namespace}`, roleAuthc, diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts index ecf6ddd2c76f..ac53ceacf9a0 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts @@ -231,10 +231,12 @@ export default function ({ getService }: FtrProviderContext) { "api:infra", "app:infra", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/infra", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -881,10 +883,12 @@ export default function ({ getService }: FtrProviderContext) { "api:infra", "app:infra", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/infra", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -1441,10 +1445,12 @@ export default function ({ getService }: FtrProviderContext) { "api:infra", "app:infra", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/infra", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -1724,10 +1730,12 @@ export default function ({ getService }: FtrProviderContext) { "api:infra", "app:infra", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/infra", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -3820,12 +3828,14 @@ export default function ({ getService }: FtrProviderContext) { "app:infra", "app:logs", "app:kibana", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:management/insightsAndAlerting/triggersActions", "ui:navLinks/infra", "ui:navLinks/logs", "ui:navLinks/kibana", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -4171,12 +4181,14 @@ export default function ({ getService }: FtrProviderContext) { "app:infra", "app:logs", "app:kibana", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:management/insightsAndAlerting/triggersActions", "ui:navLinks/infra", "ui:navLinks/logs", "ui:navLinks/kibana", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -4429,12 +4441,14 @@ export default function ({ getService }: FtrProviderContext) { "app:infra", "app:logs", "app:kibana", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:management/insightsAndAlerting/triggersActions", "ui:navLinks/infra", "ui:navLinks/logs", "ui:navLinks/kibana", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -4591,12 +4605,14 @@ export default function ({ getService }: FtrProviderContext) { "app:infra", "app:logs", "app:kibana", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:management/insightsAndAlerting/triggersActions", "ui:navLinks/infra", "ui:navLinks/logs", "ui:navLinks/kibana", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-ui-source/bulk_get", "saved_object:infrastructure-ui-source/get", "saved_object:infrastructure-ui-source/find", @@ -4901,9 +4917,11 @@ export default function ({ getService }: FtrProviderContext) { "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/getAlertSummary", "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/update", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-monitoring-log-view/bulk_get", "saved_object:infrastructure-monitoring-log-view/get", "saved_object:infrastructure-monitoring-log-view/find", @@ -5592,9 +5610,11 @@ export default function ({ getService }: FtrProviderContext) { "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/getAlertSummary", "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/update", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-monitoring-log-view/bulk_get", "saved_object:infrastructure-monitoring-log-view/get", "saved_object:infrastructure-monitoring-log-view/find", @@ -6160,9 +6180,11 @@ export default function ({ getService }: FtrProviderContext) { "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/getAuthorizedAlertsIndices", "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/getAlertSummary", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-monitoring-log-view/bulk_get", "saved_object:infrastructure-monitoring-log-view/get", "saved_object:infrastructure-monitoring-log-view/find", @@ -6458,9 +6480,11 @@ export default function ({ getService }: FtrProviderContext) { "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/getAuthorizedAlertsIndices", "alerting:xpack.ml.anomaly_detection_alert/infrastructure/alert/getAlertSummary", "app:logs", + "app:observability-logs-explorer", "ui:catalogue/infralogging", "ui:catalogue/logs", "ui:navLinks/logs", + "ui:navLinks/observability-logs-explorer", "saved_object:infrastructure-monitoring-log-view/bulk_get", "saved_object:infrastructure-monitoring-log-view/get", "saved_object:infrastructure-monitoring-log-view/find", diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts index cefe3dc598b4..637369c1b128 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/find_csp_benchmark_rule.ts @@ -23,7 +23,7 @@ export default function ({ getService }: FtrProviderContext) { const svlUserManager = getService('svlUserManager'); // find csp benchmark rule tests - describe('GET internal/cloud_security_posture/rules/_find', function () { + describe.skip('GET internal/cloud_security_posture/rules/_find', function () { // security_exception: action [indices:admin/create] is unauthorized for user [elastic] with effective roles [superuser] on restricted indices [.fleet-actions-7], this action is granted by the index privileges [create_index,manage,all] this.tags(['failsOnMKI']); diff --git a/x-pack/test_serverless/api_integration/test_suites/security/config.ts b/x-pack/test_serverless/api_integration/test_suites/security/config.ts index b97ed3896056..d40cde3c2583 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/config.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/config.ts @@ -24,6 +24,6 @@ export default createTestConfig({ // useful for testing (also enabled in MKI QA) '--coreApp.allowDynamicConfigOverrides=true', `--xpack.securitySolutionServerless.cloudSecurityUsageReportingTaskInterval=5s`, - `--xpack.securitySolutionServerless.usageReportingApiUrl=http://localhost:8081/api/v1/usage`, + `--xpack.securitySolutionServerless.usageApi.url=http://localhost:8081/api/v1/usage`, ], }); diff --git a/x-pack/test_serverless/functional/test_suites/common/discover/group2/_data_grid_doc_table.ts b/x-pack/test_serverless/functional/test_suites/common/discover/group2/_data_grid_doc_table.ts index 9f82f4711189..c759acb0f31e 100644 --- a/x-pack/test_serverless/functional/test_suites/common/discover/group2/_data_grid_doc_table.ts +++ b/x-pack/test_serverless/functional/test_suites/common/discover/group2/_data_grid_doc_table.ts @@ -179,9 +179,9 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { it('should allow paginating docs in the flyout by clicking in the doc table', async function () { await retry.try(async function () { await dataGrid.clickRowToggle({ rowIndex: rowToInspect - 1 }); - await testSubjects.exists(`docViewerFlyoutNavigationPage0`); + await testSubjects.existOrFail('docViewerFlyoutNavigationPage-0'); await dataGrid.clickRowToggle({ rowIndex: rowToInspect }); - await testSubjects.exists(`docViewerFlyoutNavigationPage1`); + await testSubjects.existOrFail('docViewerFlyoutNavigationPage-1'); await dataGrid.closeFlyout(); }); }); diff --git a/x-pack/test_serverless/functional/test_suites/common/discover/group6/_sidebar.ts b/x-pack/test_serverless/functional/test_suites/common/discover/group6/_sidebar.ts index c6ecd1386cbe..61cd9728223d 100644 --- a/x-pack/test_serverless/functional/test_suites/common/discover/group6/_sidebar.ts +++ b/x-pack/test_serverless/functional/test_suites/common/discover/group6/_sidebar.ts @@ -30,6 +30,9 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const INITIAL_FIELD_LIST_SUMMARY = '48 available fields. 5 empty fields. 4 meta fields.'; describe('discover sidebar', function describeIndexTests() { + // see details: https://github.com/elastic/kibana/issues/195100 + this.tags(['failsOnMKI']); + before(async function () { await esArchiver.loadIfNeeded('test/functional/fixtures/es_archiver/logstash_functional'); await PageObjects.svlCommonPage.loginAsAdmin(); diff --git a/x-pack/test_serverless/functional/test_suites/common/visualizations/group1/logsdb.ts b/x-pack/test_serverless/functional/test_suites/common/visualizations/group1/logsdb.ts index 4fe3046aa5db..040490310d95 100644 --- a/x-pack/test_serverless/functional/test_suites/common/visualizations/group1/logsdb.ts +++ b/x-pack/test_serverless/functional/test_suites/common/visualizations/group1/logsdb.ts @@ -37,6 +37,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const createDocs = getDocsGenerator(log, es, 'logsdb'); describe('lens logsdb', function () { + // see details: https://github.com/elastic/kibana/issues/195089 + this.tags(['failsOnMKI']); const logsdbIndex = 'kibana_sample_data_logslogsdb'; const logsdbDataView = logsdbIndex; const logsdbEsArchive = 'test/functional/fixtures/es_archiver/kibana_sample_data_logs_logsdb'; diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_details.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_details.ts index 477e45d0e59f..712ed11a28f9 100644 --- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_details.ts +++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_details.ts @@ -56,7 +56,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const degradedDatasetName = datasetNames[2]; const degradedDataStreamName = `logs-${degradedDatasetName}-${defaultNamespace}`; - describe('Flyout', function () { + describe('Dataset quality details', function () { before(async () => { // Install Apache Integration and ingest logs for it await PageObjects.observabilityLogsExplorer.installPackage(apachePkg); @@ -178,7 +178,9 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { expect(parseInt(degradedDocs, 10)).to.be(1); expect(parseInt(services, 10)).to.be(3); expect(parseInt(hosts, 10)).to.be(52); - expect(parseInt(size, 10)).to.be.greaterThan(0); + // metering stats API is cached for 30seconds, waiting for the exact value is not optimal in this case + // rather we can just check if any value is present + expect(size).to.be.ok(); }); }); diff --git a/x-pack/test_serverless/functional/test_suites/search/index.ts b/x-pack/test_serverless/functional/test_suites/search/index.ts index cede67574783..bc2056268f8b 100644 --- a/x-pack/test_serverless/functional/test_suites/search/index.ts +++ b/x-pack/test_serverless/functional/test_suites/search/index.ts @@ -25,6 +25,5 @@ export default function ({ loadTestFile }: FtrProviderContext) { loadTestFile(require.resolve('./search_playground/playground_overview')); loadTestFile(require.resolve('./ml')); - loadTestFile(require.resolve('./search_homepage')); }); } diff --git a/yarn.lock b/yarn.lock index d4e228d9b10d..8b64f8660e2b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1741,10 +1741,10 @@ resolved "https://registry.yarnpkg.com/@elastic/eslint-plugin-eui/-/eslint-plugin-eui-0.0.2.tgz#56b9ef03984a05cc213772ae3713ea8ef47b0314" integrity sha512-IoxURM5zraoQ7C8f+mJb9HYSENiZGgRVcG4tLQxE61yHNNRDXtGDWTZh8N1KIHcsqN1CEPETjuzBXkJYF/fDiQ== -"@elastic/eui@95.12.0-backport.0": - version "95.12.0-backport.0" - resolved "https://registry.yarnpkg.com/@elastic/eui/-/eui-95.12.0-backport.0.tgz#de862ded9f23053b24e1f1939de1ff8f8109be60" - integrity sha512-hqhqWdAGw5tQwWTP/hn2VoM8YQE2k9IdMmGh0RdkG+JcD1GZySvSDWdTQgr9iA4/XaulJp9R3OenwDjkLLmjPw== +"@elastic/eui@96.1.0": + version "96.1.0" + resolved "https://registry.yarnpkg.com/@elastic/eui/-/eui-96.1.0.tgz#cd75f2a7a2ca07df6fb8f9af985dff3f05172fb6" + integrity sha512-LmB92xr704Dfth9UnxCOm4b63lghb/7svXsnd0zcbSQA/BPqktUm1evZjWYIWFIek5D4JI4dmM+ygXLWdKSM+Q== dependencies: "@hello-pangea/dnd" "^16.6.0" "@types/lodash" "^4.14.202" @@ -7312,17 +7312,16 @@ zod "^3.22.3" zod-to-json-schema "^3.22.5" -"@langchain/core@>0.1.0 <0.3.0", "@langchain/core@>=0.2.11 <0.3.0", "@langchain/core@>=0.2.16 <0.3.0", "@langchain/core@>=0.2.20 <0.3.0", "@langchain/core@>=0.2.5 <0.3.0", "@langchain/core@^0.2.18", "@langchain/core@~0.2.11": - version "0.2.18" - resolved "https://registry.yarnpkg.com/@langchain/core/-/core-0.2.18.tgz#1ac4f307fa217ab3555c9634147a6c4ad9826092" - integrity sha512-ru542BwNcsnDfjTeDbIkFIchwa54ctHZR+kVrC8U9NPS9/36iM8p8ruprOV7Zccj/oxtLE5UpEhV+9MZhVcFlA== +"@langchain/core@>0.1.0 <0.3.0", "@langchain/core@>=0.2.11 <0.3.0", "@langchain/core@>=0.2.20 <0.3.0", "@langchain/core@>=0.2.5 <0.3.0", "@langchain/core@^0.2.18", "@langchain/core@~0.2.11": + version "0.2.32" + resolved "https://registry.yarnpkg.com/@langchain/core/-/core-0.2.32.tgz#a5dfbc49f8b6c15c8082763b93aeae8f9f4ca1a0" + integrity sha512-S27M+9Qou2qtcLfFGEvANkJ/zHq5XApeQsR6Q4I7C6v9x07eoYr558h6vVy6WQmKcksgbCIJ854ikwp173wBjA== dependencies: ansi-styles "^5.0.0" camelcase "6" decamelize "1.2.0" js-tiktoken "^1.0.12" - langsmith "~0.1.39" - ml-distance "^4.0.0" + langsmith "^0.1.43" mustache "^4.2.0" p-queue "^6.6.2" p-retry "4" @@ -7330,15 +7329,37 @@ zod "^3.22.4" zod-to-json-schema "^3.22.3" -"@langchain/google-genai@^0.0.23": - version "0.0.23" - resolved "https://registry.yarnpkg.com/@langchain/google-genai/-/google-genai-0.0.23.tgz#e73af501bc1df4c7642b531759b82dc3eb7ae459" - integrity sha512-MTSCJEoKsfU1inz0PWvAjITdNFM4s41uvBCwLpcgx3jWJIEisczFD82x86ahYqJlb2fD6tohYSaCH/4tKAdkXA== +"@langchain/google-common@^0.1.1", "@langchain/google-common@~0.1.0": + version "0.1.1" + resolved "https://registry.yarnpkg.com/@langchain/google-common/-/google-common-0.1.1.tgz#7f8730e3dfb2920487dece5cbe738c13266b5e7b" + integrity sha512-oT/6lBev/Ufkp1dJbOTJ2S7xD9c+w9CqnqKqFOSxuZJbM4G8hzJtt7PDBOGfamIwtQP8dR7ORKXs1sCl+f5Tig== + dependencies: + uuid "^10.0.0" + zod-to-json-schema "^3.22.4" + +"@langchain/google-gauth@~0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@langchain/google-gauth/-/google-gauth-0.1.0.tgz#ea44941afede32a1d14fd18a6c6b500c7c7a53eb" + integrity sha512-0kps1NmaNiSl4n3lRw+7xsyhrEfIxNqBjih0kNYWPjLg55f9I9+QAlz7F1Sz/628HF1WQLFLQcBQA4geGzvenQ== + dependencies: + "@langchain/google-common" "~0.1.0" + google-auth-library "^8.9.0" + +"@langchain/google-genai@^0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@langchain/google-genai/-/google-genai-0.1.0.tgz#89552873210d72a5834de20fcbef3e6753283344" + integrity sha512-6rIba77zJVMj+048tLfkCBrkFbfAMiT+AfLEsu5s+CFoFmXMiI/dbKeDL4vhUWrJVb9uL4ZZyrnl0nKxyEKYgA== dependencies: "@google/generative-ai" "^0.7.0" - "@langchain/core" ">=0.2.16 <0.3.0" zod-to-json-schema "^3.22.4" +"@langchain/google-vertexai@^0.1.0": + version "0.1.0" + resolved "https://registry.yarnpkg.com/@langchain/google-vertexai/-/google-vertexai-0.1.0.tgz#e8ac6ae0bbdb6364d579def171ccfc1a26fd0cf2" + integrity sha512-xTi5NvNGSLQl/7OTsj4QTT0DkNbZ7cYDrEB0HqpZOwo6I5dulh/h2payGVQ6hdXj7Yyv78dRc5FdQSbyHui/WQ== + dependencies: + "@langchain/google-gauth" "~0.1.0" + "@langchain/langgraph@0.0.34": version "0.0.34" resolved "https://registry.yarnpkg.com/@langchain/langgraph/-/langgraph-0.0.34.tgz#1504c29ce524d08d6f076c34e0623c6de1f1246c" @@ -7374,25 +7395,25 @@ dependencies: ncp "^2.0.0" -"@launchdarkly/js-sdk-common@2.8.0": - version "2.8.0" - resolved "https://registry.yarnpkg.com/@launchdarkly/js-sdk-common/-/js-sdk-common-2.8.0.tgz#f9a0c29864ba52e5dc19f273164780005be5c8ab" - integrity sha512-XLYhB0A0vec1gwbnVNU+rzMd1JxdtMJXSA76y3ASJ6X0cG0qTRKQdFba4n4RwIs0y1bX3rncFHJMhBjrXtyPhA== +"@launchdarkly/js-sdk-common@2.9.0": + version "2.9.0" + resolved "https://registry.yarnpkg.com/@launchdarkly/js-sdk-common/-/js-sdk-common-2.9.0.tgz#2828eb12e48c28edaa849821ed9b7824e2ce01b9" + integrity sha512-BYYZ4MgYCc2l650gFotqRMW5oqFJna78+ivf/8Jwy6D3XpRW/DHwrsMBFnVv/G3gAjXq6/dW3ZZ6pS85ZK6mvQ== -"@launchdarkly/js-server-sdk-common@2.6.1": - version "2.6.1" - resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.6.1.tgz#e676641c83d8dcc0e9afa8620dd5142eae873127" - integrity sha512-PcyglkUi/P1fBT3GqwZ/K9MvLj2e5Rw5XLP/gC2qIIHJxIbni8oy8Zon+6bP890DYgZtqqeX6tKhAw/gwOYkhQ== +"@launchdarkly/js-server-sdk-common@2.7.0": + version "2.7.0" + resolved "https://registry.yarnpkg.com/@launchdarkly/js-server-sdk-common/-/js-server-sdk-common-2.7.0.tgz#c53fb284af6875b991b6c3935612068719ba9839" + integrity sha512-EFfCVtp5VVl4E2sY6rUa2n0tvAiqstFAloJNN4ft5Tocec+6Te3XKivNdRpMxIrQBZg9c5gX9ofa6B0j0l33RA== dependencies: - "@launchdarkly/js-sdk-common" "2.8.0" + "@launchdarkly/js-sdk-common" "2.9.0" semver "7.5.4" -"@launchdarkly/node-server-sdk@^9.5.4": - version "9.5.4" - resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.5.4.tgz#7d27456b503c72e05a917873289b94058b49e566" - integrity sha512-1cGKlRP9YY4kgoGhw5Lolv1CoGOH5ywBB++4iqy00PTinyIjbX3LeYrlCWFT3gFrVlmTuc2BoXJvo93qFgkGAA== +"@launchdarkly/node-server-sdk@^9.6.0": + version "9.6.0" + resolved "https://registry.yarnpkg.com/@launchdarkly/node-server-sdk/-/node-server-sdk-9.6.0.tgz#eafdf6cb7d7f3239778d89d78ad7e5b6f7f5f08a" + integrity sha512-vYn+ATN7/QIbBfmsNmeFSfV/8XiwQSPAr31wrTEAr26WvWIpy4HUNHKAtbgRdtFg3fo+7bSuI0FLvFsNVmavcg== dependencies: - "@launchdarkly/js-server-sdk-common" "2.6.1" + "@launchdarkly/js-server-sdk-common" "2.7.0" https-proxy-agent "^5.0.1" launchdarkly-eventsource "2.0.3" @@ -8416,22 +8437,22 @@ unbzip2-stream "^1.4.3" yargs "^17.7.2" -"@redocly/ajv@^8.11.0": - version "8.11.0" - resolved "https://registry.yarnpkg.com/@redocly/ajv/-/ajv-8.11.0.tgz#2fad322888dc0113af026e08fceb3e71aae495ae" - integrity sha512-9GWx27t7xWhDIR02PA18nzBdLcKQRgc46xNQvjFkrYk4UOmvKhJ/dawwiX0cCOeetN5LcaaiqQbVOWYK62SGHw== +"@redocly/ajv@^8.11.2": + version "8.11.2" + resolved "https://registry.yarnpkg.com/@redocly/ajv/-/ajv-8.11.2.tgz#46e1bf321ec0ac1e0fd31dea41a3d1fcbdcda0b5" + integrity sha512-io1JpnwtIcvojV7QKDUSIuMN/ikdOUd1ReEnUnMKGfDVridQZ31J0MmIuqwuRjWDZfmvr+Q0MqCcfHM2gTivOg== dependencies: fast-deep-equal "^3.1.1" json-schema-traverse "^1.0.0" require-from-string "^2.0.2" - uri-js "^4.2.2" + uri-js-replace "^1.0.1" -"@redocly/cli@^1.21.0": - version "1.22.0" - resolved "https://registry.yarnpkg.com/@redocly/cli/-/cli-1.22.0.tgz#9a007eb89ce6223795d5807ab4030d99c7667615" - integrity sha512-KXWTVKcyM4u4AHmxF9aDQOLbUWKwfEH8tM/CprcWnVvi9Gc0aPz1Y3aTrcohDE1oIgzJfn/Fj6TNdof86bNZvw== +"@redocly/cli@^1.25.3": + version "1.25.5" + resolved "https://registry.yarnpkg.com/@redocly/cli/-/cli-1.25.5.tgz#258f6d23e8298814518ec4d24d023c1e21e3b081" + integrity sha512-sFh4A8wqwuig7mF/nYNVIyxSfKKZikWC+uVH6OB1IepYQXNsHFaLAU1VaNI9gS5mMvWmYx5SEuSCVB9LaNFBhw== dependencies: - "@redocly/openapi-core" "1.22.0" + "@redocly/openapi-core" "1.25.5" abort-controller "^3.0.0" chokidar "^3.5.1" colorette "^1.2.0" @@ -8451,18 +8472,18 @@ styled-components "^6.0.7" yargs "17.0.1" -"@redocly/config@^0.10.1": - version "0.10.1" - resolved "https://registry.yarnpkg.com/@redocly/config/-/config-0.10.1.tgz#c7bcbab6cb3b82236c2f5c87aa44924a652d8e80" - integrity sha512-H3LnKVGzOaxskwJu8pmJYwBOWjP61qOK7TuTrbafqArDVckE06fhA6l0nO4KvBbjLPjy1Al7UnlxOu23V4Nl0w== +"@redocly/config@^0.12.1": + version "0.12.1" + resolved "https://registry.yarnpkg.com/@redocly/config/-/config-0.12.1.tgz#7b905a17d710244550ef826542d0db164d5ace02" + integrity sha512-RW3rSirfsPdr0uvATijRDU3f55SuZV3m7/ppdTDvGw4IB0cmeZRkFmqTrchxMqWP50Gfg1tpHnjdxUCNo0E2qg== -"@redocly/openapi-core@1.22.0", "@redocly/openapi-core@^1.4.0": - version "1.22.0" - resolved "https://registry.yarnpkg.com/@redocly/openapi-core/-/openapi-core-1.22.0.tgz#dea3eb5705a96fd1bb105ac97f51369256628d61" - integrity sha512-IXazrCCUwRkwgVGlaWghFEyyLrz5EM1VM+Kn3/By4QGaNVd04oxC1c92h3kbt1StAxtrTfxBAGwS7bqqCF7nsw== +"@redocly/openapi-core@1.25.5", "@redocly/openapi-core@^1.4.0": + version "1.25.5" + resolved "https://registry.yarnpkg.com/@redocly/openapi-core/-/openapi-core-1.25.5.tgz#443b1488c8ef1ddcb8f407c3e7dd8cb7b388b427" + integrity sha512-BNgXjqesJu4L5f8F73c2hkkH5IdvjYCKYFgIl+m9oNgqGRIPBJjtiEGOx7jkQ6nElN4311z7Z4aTECtklaaHwg== dependencies: - "@redocly/ajv" "^8.11.0" - "@redocly/config" "^0.10.1" + "@redocly/ajv" "^8.11.2" + "@redocly/config" "^0.12.1" colorette "^1.2.0" https-proxy-agent "^7.0.4" js-levenshtein "^1.1.6" @@ -11509,16 +11530,16 @@ resolved "https://registry.yarnpkg.com/@types/use-sync-external-store/-/use-sync-external-store-0.0.3.tgz#b6725d5f4af24ace33b36fafd295136e75509f43" integrity sha512-EwmlvuaxPNej9+T4v5AuBPJa2x2UOJVdjCtDHgcDqitUeOtjnJKJ+apYjVcAoBEMjKW1VVFGZLUb5+qqa09XFA== +"@types/uuid@^10.0.0": + version "10.0.0" + resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-10.0.0.tgz#e9c07fe50da0f53dc24970cca94d619ff03f6f6d" + integrity sha512-7gqG38EyHgyP1S+7+xomFtL+ZNHcKv6DwNaCZmJmo1vgMugyF3TCnXVg4t1uk89mLNwnLtnY3TpOpCOyp1/xHQ== + "@types/uuid@^9.0.0": version "9.0.0" resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-9.0.0.tgz#53ef263e5239728b56096b0a869595135b7952d2" integrity sha512-kr90f+ERiQtKWMz5rP32ltJ/BtULDI5RVO0uavn1HQUOwjx0R1h0rnDYNL0CepF1zL5bSY6FISAfd9tOdDhU5Q== -"@types/uuid@^9.0.1": - version "9.0.2" - resolved "https://registry.yarnpkg.com/@types/uuid/-/uuid-9.0.2.tgz#ede1d1b1e451548d44919dc226253e32a6952c4b" - integrity sha512-kNnC1GFBLuhImSnV7w4njQkUiJi0ZXUycu1rUaouPqiKlXkh77JKgdRnTAp1x5eBwcIwbtI+3otwzuIDEuDoxQ== - "@types/vinyl-fs@*", "@types/vinyl-fs@^3.0.2": version "3.0.2" resolved "https://registry.yarnpkg.com/@types/vinyl-fs/-/vinyl-fs-3.0.2.tgz#cbaef5160ad7695483af0aa1b4fe67f166c18feb" @@ -12760,7 +12781,7 @@ arrify@^1.0.1: resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d" integrity sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0= -arrify@^2.0.1: +arrify@^2.0.0, arrify@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/arrify/-/arrify-2.0.1.tgz#c9655e9331e0abcd588d2a7cad7e9956f66701fa" integrity sha512-3duEwti880xqi4eAMN8AyR4a0ByT90zoYdLlevfrvU43vb0YZwZVfxOgxWrLXXXpyugL0hNZc9G6BiB5B3nUug== @@ -18019,6 +18040,11 @@ fast-stream-to-buffer@^1.0.0: dependencies: end-of-stream "^1.4.1" +fast-text-encoding@^1.0.0: + version "1.0.6" + resolved "https://registry.yarnpkg.com/fast-text-encoding/-/fast-text-encoding-1.0.6.tgz#0aa25f7f638222e3396d72bf936afcf1d42d6867" + integrity sha512-VhXlQgj9ioXCqGstD37E/HBeqEGV/qOD/kmbVG8h5xKBYvM1L3lR1Zn4555cQ8GkYbJa8aJSipLPndE1k6zK2w== + fastest-levenshtein@^1.0.12: version "1.0.12" resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz#9990f7d3a88cc5a9ffd1f1745745251700d497e2" @@ -18691,6 +18717,16 @@ gauge@^3.0.0: strip-ansi "^6.0.1" wide-align "^1.1.2" +gaxios@^5.0.0, gaxios@^5.0.1: + version "5.1.3" + resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-5.1.3.tgz#f7fa92da0fe197c846441e5ead2573d4979e9013" + integrity sha512-95hVgBRgEIRQQQHIbnxBXeHbW4TqFk4ZDJW7wmVtvYar72FdhRIo1UGOLS2eRAKCPEdPBWu+M7+A33D9CdX9rA== + dependencies: + extend "^3.0.2" + https-proxy-agent "^5.0.0" + is-stream "^2.0.0" + node-fetch "^2.6.9" + gaxios@^6.0.0, gaxios@^6.1.1: version "6.6.0" resolved "https://registry.yarnpkg.com/gaxios/-/gaxios-6.6.0.tgz#af8242fff0bbb82a682840d5feaa91b6a1c58be4" @@ -18702,6 +18738,14 @@ gaxios@^6.0.0, gaxios@^6.1.1: node-fetch "^2.6.9" uuid "^9.0.1" +gcp-metadata@^5.3.0: + version "5.3.0" + resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-5.3.0.tgz#6f45eb473d0cb47d15001476b48b663744d25408" + integrity sha512-FNTkdNEnBdlqF2oatizolQqNANMrcqJt6AAYt99B3y1aLLC8Hc5IOBb+ZnnzllodEEf6xMBp6wRcBbc16fa65w== + dependencies: + gaxios "^5.0.0" + json-bigint "^1.0.0" + gcp-metadata@^6.1.0: version "6.1.0" resolved "https://registry.yarnpkg.com/gcp-metadata/-/gcp-metadata-6.1.0.tgz#9b0dd2b2445258e7597f2024332d20611cbd6b8c" @@ -19149,6 +19193,21 @@ gonzales-pe@^4.3.0: dependencies: minimist "^1.2.5" +google-auth-library@^8.9.0: + version "8.9.0" + resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-8.9.0.tgz#15a271eb2ec35d43b81deb72211bd61b1ef14dd0" + integrity sha512-f7aQCJODJFmYWN6PeNKzgvy9LI2tYmXnzpNDHEjG5sDNPgGb2FXQyTBnXeSH+PAtpKESFD+LmHw3Ox3mN7e1Fg== + dependencies: + arrify "^2.0.0" + base64-js "^1.3.0" + ecdsa-sig-formatter "^1.0.11" + fast-text-encoding "^1.0.0" + gaxios "^5.0.0" + gcp-metadata "^5.3.0" + gtoken "^6.1.0" + jws "^4.0.0" + lru-cache "^6.0.0" + google-auth-library@^9.10.0: version "9.10.0" resolved "https://registry.yarnpkg.com/google-auth-library/-/google-auth-library-9.10.0.tgz#c9fb940923f7ff2569d61982ee1748578c0bbfd4" @@ -19161,6 +19220,13 @@ google-auth-library@^9.10.0: gtoken "^7.0.0" jws "^4.0.0" +google-p12-pem@^4.0.0: + version "4.0.1" + resolved "https://registry.yarnpkg.com/google-p12-pem/-/google-p12-pem-4.0.1.tgz#82841798253c65b7dc2a4e5fe9df141db670172a" + integrity sha512-WPkN4yGtz05WZ5EhtlxNDWPhC4JIic6G8ePitwUWy4l+XPVYec+a0j0Ts47PDtW59y3RwAhUd9/h9ZZ63px6RQ== + dependencies: + node-forge "^1.3.1" + google-protobuf@^3.6.1: version "3.19.4" resolved "https://registry.yarnpkg.com/google-protobuf/-/google-protobuf-3.19.4.tgz#8d32c3e34be9250956f28c0fb90955d13f311888" @@ -19226,6 +19292,15 @@ graphql@^16.6.0, graphql@^16.8.1: resolved "https://registry.yarnpkg.com/graphql/-/graphql-16.8.1.tgz#1930a965bef1170603702acdb68aedd3f3cf6f07" integrity sha512-59LZHPdGZVh695Ud9lRzPBVTtlX9ZCV150Er2W43ro37wVof0ctenSaskPPjN7lVTIN8mSZt8PHUNKZuNQUuxw== +gtoken@^6.1.0: + version "6.1.2" + resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-6.1.2.tgz#aeb7bdb019ff4c3ba3ac100bbe7b6e74dce0e8bc" + integrity sha512-4ccGpzz7YAr7lxrT2neugmXQ3hP9ho2gcaityLVkiUecAiwiy60Ii8gRbZeOsXV19fYaRjgBSshs8kXw+NKCPQ== + dependencies: + gaxios "^5.0.1" + google-p12-pem "^4.0.0" + jws "^4.0.0" + gtoken@^7.0.0: version "7.1.0" resolved "https://registry.yarnpkg.com/gtoken/-/gtoken-7.1.0.tgz#d61b4ebd10132222817f7222b1e6064bd463fc26" @@ -19915,7 +19990,7 @@ https-browserify@^1.0.0: resolved "https://registry.yarnpkg.com/https-browserify/-/https-browserify-1.0.0.tgz#ec06c10e0a34c0f2faf199f7fd7fc78fffd03c73" integrity sha1-7AbBDgo0wPL68Zn3/X/Hj//QPHM= -https-proxy-agent@^5.0.1: +https-proxy-agent@^5.0.0, https-proxy-agent@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.1.tgz#c59ef224a04fe8b754f3db0063a25ea30d0005d6" integrity sha512-dFcAjpTQFgoLMzC2VwU+C/CbS7uRL0lWmxDITmqm7C+7F0Odmj6s9l6alZc6AELXhrnggM2CeWSXHGOdX2YtwA== @@ -22093,16 +22168,17 @@ langchainhub@~0.0.8: resolved "https://registry.yarnpkg.com/langchainhub/-/langchainhub-0.0.8.tgz#fd4b96dc795e22e36c1a20bad31b61b0c33d3110" integrity sha512-Woyb8YDHgqqTOZvWIbm2CaFDGfZ4NTSyXV687AG4vXEfoNo7cGQp7nhl7wL3ehenKWmNEmcxCLgOZzW8jE6lOQ== -langsmith@^0.1.39, langsmith@~0.1.30, langsmith@~0.1.39: - version "0.1.39" - resolved "https://registry.yarnpkg.com/langsmith/-/langsmith-0.1.39.tgz#cc99f1828a9c0f5ba24bec6b0121edc44e8d282d" - integrity sha512-K2/qbc96JhrZbSL74RbZ0DBOpTB9Mxicu8RQrZ88Xsp1bH2O3+y5EdcvC0g/1YzQWQhcQ4peknCA24c3VTNiNA== +langsmith@^0.1.43, langsmith@^0.1.55, langsmith@~0.1.30: + version "0.1.55" + resolved "https://registry.yarnpkg.com/langsmith/-/langsmith-0.1.55.tgz#bdbb8015a28093f4a248c0ee9b8937731c5baa93" + integrity sha512-6NVtI04UUnIY59I/imOX02FG/QMGfqStu8tiJtyyreKMv2GAN0EE9Z5Ap1wzOe6v8ukEcV3NwEO2LYOPwup1PQ== dependencies: - "@types/uuid" "^9.0.1" + "@types/uuid" "^10.0.0" commander "^10.0.1" p-queue "^6.6.2" p-retry "4" - uuid "^9.0.0" + semver "^7.6.3" + uuid "^10.0.0" language-subtag-registry@~0.3.2: version "0.3.21" @@ -31276,6 +31352,11 @@ update-browserslist-db@^1.0.13: escalade "^3.1.1" picocolors "^1.0.0" +uri-js-replace@^1.0.1: + version "1.0.1" + resolved "https://registry.yarnpkg.com/uri-js-replace/-/uri-js-replace-1.0.1.tgz#c285bb352b701c9dfdaeffc4da5be77f936c9048" + integrity sha512-W+C9NWNLFOoBI2QWDp4UT9pv65r2w5Cx+3sTYFvtMdDBxkKt1syCqsUdSFAChbEe1uK5TfS04wt/nGwmaeIQ0g== + uri-js@^4.2.2: version "4.2.2" resolved "https://registry.yarnpkg.com/uri-js/-/uri-js-4.2.2.tgz#94c540e1ff772956e2299507c010aea6c8838eb0"